mjhjmtu

My sudo version is

$ sudo --version
Sudo version 1.8.16
Sudoers policy plugin version 1.8.16
Sudoers file grammar version 45
Sudoers I/O plugin version 1.8.16

$ which sudo
/usr/bin/sudo

$ whereis sudo
sudo: /usr/bin/sudo /usr/lib/sudo /usr/share/man/man8/sudo.8.gz

I added a line to /etc/sudoers following the line for root:

# User privilege specification
root ALL=(ALL:ALL) ALL
# my change for scaling down cpu freq
t ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh

But after I reboot Ubuntu 16.04, I still need to provide password when running the script with sudo:

$ sudo /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh 1600000
[sudo] password for t: 

I was wondering why?

Note that in /etc/sudoers,

• I notice that the separator between root and ALL is a tab, and I also separate t and ALL with a tab, and the other separators are spaces. Originally I separated t and ALL with a few spaces, which didn't work. Does what the separator is matter?




• /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh is pathname without any symlink, and originally, I tried a symlink, which didn't work. Does a symlink matter or not?

Thanks.

Update:

As the reply by steve suggested, I changed the line in /etc/sudoers to be

t ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *

by adding * at the end, but it doesn't work.

Currently my /etc/sudoers looks like

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL:ALL) ALL
# my change for scaling down cpu freq
# t ALL=(ALL:ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *
t ALL=(ALL:ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

The groups of t include adm (is adm same as admin?) and sudo:

$ groups t
t : t adm cdrom sudo dip plugdev lpadmin sambashare

The commands allowed to be run by t are:

$ sudo -l
Matching Defaults entries for t on ocean:
 env_reset, mail_badpass,
 secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

User t may run the following commands on ocean:
 (ALL : ALL) NOPASSWD:
 /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *
 (ALL : ALL) ALL

Besides the argument, as @steve mentions, change the ALL=(ALL) for ALL=(ALL:ALL) as:

t ALL=(ALL:ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *

If the user t belongs to the sudo or admin group, you also have to put that line after the generic rules for the admin and sudo group. Per man sudoers, the last line contemplating a condition wins:

When multiple entries match for a user, they are applied in order.

Where there are multiple matches, the last match is used (which is not
necessarily the most specific match).

Thus, if the more restrictive conditions are met on your now last line, the NOPASSWD directive will be applied, and then the password won't be asked anymore.

Perhaps the fact you're passing an argument is causing the issue.

Instead of:

t ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh

try this:

t ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *