Sudoers file, enable NOPASSWD for user, all commands

Sudoers file, enable NOPASSWD for user, all commands

Preface
This is a fairly complex question related to the Sudoers file and the sudo
command in general.
NOTE: I have made these changes on a dedicated machine running Ubuntu
Desktop 13.04, that I use purely for learning purposes. I understand it's
a huge security risk to enable NOPASSWD sudo.
Question
Initially, my only change to the sudoers file (/etc/sudoers) was one line,
a user specification that should have enabled 'nicholsonjf' to run all
commands with sudo without having to enter a password (see the line that
starts with 'nicholsonjf'):
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
nicholsonjf ALL=NOPASSWD: ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
However, this did not work, and I was still prompted for my password every
time I ran a command as 'nicholsonjf'. I was only able to start running
sudo commands as 'nicholsonjf' once I removed 'nicholsonjf' from the sudo
and admin groups.
Can anyone explain why this worked?
Is it because the user 'nicholsonjf' was inheriting sudo rights from the
two group specifications of 'admin' and 'sudo' (seen below in the sudoers
file), which were overriding the 'nicholsonjf' user specification because
they were further down in the config file?