I have sudo set up for a user (myuser) as follows on "hostname" (sudoers content):
Cmnd_Alias SCRIPT=/path/script* myuser ALL=(suser) NOPASSWD: SCRIPT
this works fine, so I can run the following, logged in locally as myuser on hostname, without need for password:
sudo -u suser /path/script
however, when I use ssh (with keys set up, so no password required) to login and run, as follows:
ssh hostname sudo -u suser /path/script
I get prompted for a password, and when the password is entered I get:
Sorry, user myuser is not allowed to execute '/path/script' as suser on hostname
.
UPDATE
The problem is solved by removing the "*" from the end of the command in sudoers.
The * was added to allow parameters to be passed to script, but actually doesn't appear to be necessary.
Still don't understand why the * allows the sudo to work locally, but not over ssh.
So question still stands
Best Answer
You didn't specify a host in the sudoers, so it only works locally as you have it setup now.
So if you set the host parameter to ALL, it will work on any host.
From man sudoers:
...
The additional fact that the following works at the terminal seems to bear out that the host is the reason you get prompted.