[VMAccessForLinux] sudo access with password

[johanburati]

On the latest SLES15SP1 image (suse:sles-15-sp1-basic:gen2:2020.02.26)

targetpw is set by default in /etc/sudoers

When you deploy the VM the user can use sudo without the need to enter a password:

azureuser ALL = (ALL) NOPASSWD: ALL

But when you reset the user password from the Portal, it change the setting so that the user is require to enter a password:

azureuser ALL = (ALL) ALL

Since targetpw is set on this image, the user is prompt for the targetuser password, if the targetuser password is not set then the user cannot use sudo.

Is there a reason why the extension reset those settings and request the user to enter a password when using sudo ?

[camalloy]

Also having this same issue.

[camalloy]

We were able to fix this issue by using the run command (which runs as root) to fix the sudoers file:

configFile='/etc/sudoers'
sed -i '/Defaults targetpw/c# Defaults targetpw' $configFile
sed -i '/ALL/c# ALL ALL=(ALL) ALL' $configFile

tail -n 30 /etc/sudoers

[johanburati]

People are pinging me about this issue, so I am sharing my reply below for reference:

Different users have different expectations I think it is hard to implement a solution that would fit all.
For example would the extension remove the targetuser option, some could argue that the extension could be used to circumvent the security policy.
So to me the best option when using the SLES images is to set the root password after deploying the VM or if you prefer to use the user password instead of the target user password when using sudo to comment that option like you did.
That way you will be to reset the password from the Portal using the extension and still keep sudo access.