sudoers no password screwiness

[Craig White]

Can't really explain this behavior.

/etc/sudoers.d/user contains... 
# This file is managed by puppet 
#
# MANUAL EDITS OF THIS FILE WILL BE OVERWRITTEN!
#
Cmnd_Alias     SYNC = /usr/bin/rsync,/bin/chmod,/bin/mkdir,/bin/chown,/usr/sbin/slapcat,/usr/bin/ldapsearch
administrator  ALL = NOPASSWD: SYNC

(these are the exact contents)

Anyway, I use puppet on a fairly large number of systems and all of the systems under
puppet control have this exact setup (/etc/sudoers
& /etc/sudoers.d/user) and for that matter, also common-passwd,
common-session, common-auth in /etc/pam.d and the user (like all but the
system users) comes from LDAP. Also, /etc/ldap.conf, /etc/nsswitch.conf
are all handled by puppet and thus are exactly the same from computer to
computer.

On 2 computers, this user is asked for his password in order to run the
rsync command but on other computers, this same user is not. The user is
not included in local groups but rather only in LDAP groups.

/etc/sudoers & /etc/sudoers.d/user are indeed 0440 (again managed by
puppet) so it's not a permission issue on these files.

Putting these same 2 lines into /etc/sudoers, commenting them out from /etc/sudoers.d/user (and letting puppet propagate the changes) and I am good to go which is how I am doing things at the moment but I sure would love to solve this. Also, just for kicks, I replaced the white space from tabs to spaces but that seemed to not have an impact.

What else could possibly be at play?

Craig

-- 
Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig.white at ttiltd.com
1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.ttiassessments.com 

Need help communicating between generations at work to achieve your desired success? Let us help!