Azure portal -> Reset password missing "NOPASSWD" option

[amach4]

If a customer wants to reset administrative user password selecting "Azure portal" -> "Reset password" -> "Reset password" the "VMAccessForLinux" extension is used, this extension will create a new file "/etc/sudoers.d/waagent" if it was not already created, but the line added is missing the required "NOPASSWD" option, example output from my lab:

sles-15-sp4-gen2:~ # cat /etc/sudoers.d/waagent
tux ALL = (ALL) ALL

Correct line:

sles-15-sp4-gen2:~ # cat /etc/sudoers.d/90-cloud-init-users
# Created by cloud-init v. 21.4-150100.8.58.1 on Wed, 20 Sep 2023 09:35:19 +0000

# User rules for tux
tux ALL=(ALL) NOPASSWD:ALL

1- Please fix the "VMAccessForLinux" extension accordingly

2- Please implement a check if a user was already created to avoid user entries in file "/etc/sudoers.d/90-cloud-init-users" and also in file "/etc/sudoers.d/waagent" for identical user

[gesnaud]

Yes, i think also that waagent should have same configuration than cloud-init.

By the way, it just strange that they have not same behavior right? Both are dealing with same account that have been considered as an admin account.

So waagent should have the NOPASSWD parameter also?

Thanks!

[amach4]

yes, the NOPASSWD parameter is missing