Skip to main content

Fix for sudo's NOPASSWD directive not working in Arch Linux

For the past few days, I was having trouble with sudo on my Arch Linux machine.

The problem was that sudo was asking me to enter my password even for the commands I was using with the NOPASSWD directive.

Searching the Arch forums, bug tracker, mailing list etc., yielded no hint about this problem.

Then I checked if the sudo or pam packages were updated recently. Nope, the problem started occuring much later after they were updated.

Scratching my head, I fired up:

# visudo

as well as:

# man sudoers

and started verifying the entries in my /etc/sudoers file line-by-line. I couldn't find any problem with any of the entries and no sudo options had been changed upstream.

Then I started scanning the Cmnd_Alias lines in my sudoers file and started trying each of the commands specified there one-by-one. Surprisingly, some commands worked without asking for the password, while some still kept asking for one.

Then it struck me. I realized that since the Arch Linux developers are finalising the /usr move, the binaries for most packages have been moved to /usr/bin.

This is what had caused the problem to occur in my case too.

Hardcoded paths were the culprit

In my sudoers file, the commands specified next to the Cmnd_Alias directive had hardcoded paths. The commands giving me trouble were the ones whose binaries had been affected by the /usr move. Fixing the paths made the problem go away.

The Arch Linux devs have specified instructions for the /usr move, but they pertain to upgrading the system. In any case, they cannot cover all use cases. I am sure many people will start facing this and similar unexpected problems with the /usr move. But that's the price you pay for using a Rolling Release distribution.