requiretty is being added to a user permissions by default in centos 7

[shivaprasad]

The below are the contents of /etc/sudoers

```
Defaults !visiblepw

Defaults always_set_home
Defaults match_group_by_gid
Defaults always_query_group_plugin

Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin

root ALL=(ALL) ALL

%wheel ALL=(ALL) ALL

phoenix.admin ALL=(ALL) NOPASSWD:ALL

```



And the contents of /etc/sudoers.d/testuser are

```
Defaults:%testusersgroup !requiretty
Defaults:%testusersgroup lecture = never

# Cmnd alias specification
Cmnd_Alias BTRFS_FI_USAGE=/sbin/btrfs fi usage *
Cmnd_Alias BTRFS_FI_SHOW=/sbin/btrfs fi show *
Cmnd_Alias BTRFS_DEV_USAGE=/sbin/btrfs device usage *
Cmnd_Alias BTRFS_SUBVOL_USAGE=/sbin/btrfs filesystem du *
Cmnd_Alias BTRFS_DEV_ADD=/sbin/btrfs device add *
Cmnd_Alias BTRFS_FI_BALANCE=/sbin/btrfs balance *
Cmnd_Alias BTRFS_DEV_RM=/sbin/btrfs device remove *
Cmnd_Alias BTRFS_DEV_RESIZE=/sbin/btrfs filesystem resize *
Cmnd_Alias BTRFS_SUBVOLUME=/sbin/btrfs subvolume *
Cmnd_Alias FIND_TYPE=/bin/find . -type *
Cmnd_Alias FIND_EXEC=/bin/find . -exec *

# Cmnd alias specification for onboarding
Cmnd_Alias RSYNC=/bin/rsync -pa*
Cmnd_Alias REBOOT=/sbin/reboot
Cmnd_Alias MKDIR=/bin/mkdir *
Cmnd_Alias BTRFS_MKFS=/sbin/mkfs.btrfs *
Cmnd_Alias MOUNT=/bin/mount *
Cmnd_Alias BTRFS_LABEL=/sbin/btrfs filesystem label *
Cmnd_Alias DAEMON_RELOAD=/bin/systemctl daemon-reload
Cmnd_Alias SYSTEMCTL_IS_ACTIVE=/bin/systemctl is-active *
Cmnd_Alias SYSTEMCTL_STATUS=/bin/systemctl status *
Cmnd_Alias SYSTEMCTL_STOP_NW_AGENT=/bin/systemctl stop nwAgent
Cmnd_Alias SYSTEMCTL_STOP_AGENT=/bin/systemctl stop autoscalerAgent
Cmnd_Alias DMESG=/bin/dmesg
Cmnd_Alias TREE=/bin/tree
Cmnd_Alias MASK=/bin/systemctl mask *
Cmnd_Alias UNMASK=/bin/systemctl unmask *
Cmnd_Alias FSFREEZE=/sbin/fsfreeze *
Cmnd_Alias SHELL=/bin/sh *
Cmnd_Alias UDEVADM=/sbin/udevadm *

Cmnd_Alias FDISK=/sbin/fdisk *
Cmnd_Alias SGDISK=/sbin/sgdisk *
Cmnd_Alias FILE=/bin/file *
Cmnd_Alias MKFS_VFAT=/sbin/mkfs.vfat *
Cmnd_Alias GREP=/bin/grep *
Cmnd_Alias SED=/bin/sed *
Cmnd_Alias MKFS_EXT4=/sbin/mkfs.ext4 *
Cmnd_Alias BLKID=/sbin/blkid *
Cmnd_Alias UMOUNT=/bin/umount *
Cmnd_Alias XFS_IO=/sbin/xfs_io *
Cmnd_Alias CHROOTCMD=/sbin/chroot *
Cmnd_Alias E2LABEL=/sbin/e2label *
Cmnd_Alias LS=/bin/ls *
Cmnd_Alias DU=/bin/du *

%testusersgroup ALL=(ALL) NOPASSWD: MASK, UNMASK, BTRFS_FI_USAGE, BTRFS_FI_SHOW, BTRFS_DEV_USAGE, BTRFS_DEV_ADD, BTRFS_FI_BALANCE, BTRFS_DEV_RESIZE, BTRFS_DEV_RM, FIND_TYPE, FIND_EXEC, RSYNC, REBOOT, MKDIR, BTRFS_MKFS, MOUNT, BTRFS_LABEL, DAEMON_RELOAD, FSFREEZE, SHELL, UDEVADM, DMESG, TREE, FDISK, SGDISK, FILE, MKFS_VFAT, GREP, SED, MKFS_EXT4, BLKID, UMOUNT, SYSTEMCTL_IS_ACTIVE, SYSTEMCTL_STATUS, SYSTEMCTL_STOP_NW_AGENT, SYSTEMCTL_STOP_AGENT, CHROOTCMD, E2LABEL, EXT_MKFS, LS, DU, XFS_IO, BTRFS_SUBVOL_USAGE, BTRFS_SUBVOLUME

```

But when I do `sudo -l -U testuser` the output is

```

Matching Defaults entries for testuser on centos-test-instance-shiva-01:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin, !requiretty, lecture=never, requiretty, env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES","env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY","env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"

User testuser may run the following commands on centos-test-instance-shiva-01:
(ALL) NOPASSWD: /bin/systemctl mask *, /bin/systemctl unmask *, /sbin/btrfs fi usage *, /sbin/btrfs fi show *, /sbin/btrfs device usage *, /sbin/btrfs device add *, /sbin/btrfs balance *, /sbin/btrfs filesystem resize *,
/sbin/btrfs device remove *, /bin/find . -type *, /bin/find . -exec *, /bin/rsync -pa*, /sbin/reboot, /bin/mkdir *, /sbin/mkfs.btrfs *, /bin/mount *, /sbin/btrfs filesystem label *, /bin/systemctl daemon-reload,
/sbin/fsfreeze *, /bin/sh *, /sbin/udevadm *, /bin/dmesg, /bin/tree, /sbin/fdisk *, /sbin/sgdisk *, /bin/file *, /sbin/mkfs.vfat *, /bin/grep *, /bin/sed *, /sbin/mkfs.ext4 *, /sbin/blkid *, /bin/umount *, /bin/systemctl
is-active *, /bin/systemctl status *, /bin/systemctl stop nwAgent, /bin/systemctl stop autoscalerAgent, /sbin/chroot *, /sbin/e2label *, EXT_MKFS, /bin/ls *, /bin/du *, /sbin/xfs_io *, /sbin/btrfs filesystem du *,
/sbin/btrfs subvolume *

```

So it shows me that `requiretty` is enabled for my user. But I explictly set it not to enable in `/etc/sudoers.d/testuser`.

This is on CentOS 7.

Is there any other way to define requiretty for a user ? Or is there a way to find out how requiretty is being added to test user even though it is not present in sudoers file.

[TrevorH]

What is the output from grep -ir requiretty /etc/sudo* ?