Home / server / Questions / 160581
Accepted
warren
Asked: 2010-07-15 20:09:52 +0800 CST

How to setup passwordless `sudo` on Linux?

  • 772

How can passwordless sudo access be setup on either RHEL (Fedora, CentOS, etc) or Ubuntu distributions? (If it's the same across distros, that's even better!)

Setting: personal and/or lab/training equipment with no concern for unauthorized access (ie, the devices are on non-public networks, and any/all users are fully trusted, and the contents of the devices are "plain-vanilla").

linux password sudo

8 Answers

  1. Best Answer

    EDIT thanks to medina's comment: According to the man page, you should be able to write

    ALL            ALL = (ALL) NOPASSWD: ALL

    to allow all users to run all commands without a password.

    For reference, I'm leaving my previous answer:

    If you add a line of the form

    %wheel         ALL = (ALL) NOPASSWD: ALL

    to /etc/sudoers (using the visudo command, of course), it will let everyone in the group wheel run any commands without providing a password. So I think the best solution is to put all your users in some group and put a line like that in sudoers - obviously you should replace wheel with the actual group you use.

    Alternatively, you can define a user alias,

    User_Alias     EVERYONE = user1, user2, user3, ...

    and use that:

    EVERYONE       ALL = (ALL) NOPASSWD: ALL

    although you would have to update /etc/sudoers every time you add or remove a user.

    • 214

  2. I tried the solutions above to no avail. The following solution worked for me Edit the /etc/sudoers file and add the following line

    username ALL=(ALL) NOPASSWD: ALL

    The key is to add it after the last line which says 

    #includedir /etc/sudoers.d
    • 137

  3. I tried all the answers on this page, with no useful results. Eventually I figured it out, use this command to list your sudo rights:

    sudo -l

    This should give you an output like this:

    User gmurphy may run the following commands on this host:
    (root) NOPASSWD: ALL
    (ALL) ALL

    It shows that I'm configured with root privileges but that I'm still part of a group (admin) matched to a sudo rule which expects the password ("(ALL) ALL"). This was forcing sudo to prompt me. The rule in question was the admin users:

    # Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

    Once I commented this out, I was able to sudo without password. I hope this is of use to someone else.

    • 31

  4. Within /etc/sudoers there's an example of just that towards the bottom of the file:

    ## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL
    • 12

  5. There is another way to do it without touching the sudoers file.

    • Edit /etc/pam.d/su and uncomment the line below:

      auth           sufficient      pam_wheel.so trust use_uid

    • Add the user to the wheel group.

    • 6

  6. This is an old thread, but it's interesting that no one has added the system default authenticate to this answer list. Using an entry of

    Defaults  !authenticate

    In the sudoers file would allow any user to use their defined sudo commands without any password authentication. It's part of the default sudo specification and is portable across all platforms, as specified in the OP. And, if you need to scope it to a specific user, try

    Defaults:<user_name>  !authenticate
    • 3

  7. There is another way to do it without touching the sudoers file.

    • Edit /etc/pam.d/sudo and add the line below:

      auth           sufficient      pam_wheel.so trust use_uid

    • Add the user to the wheel group.

    Props to "topdog" and "Daniel Serodio" for the original answer with regard to "su" rather than "sudo". I used that as a reference and shamelessly copied, and amended, their post.

    • 2 
  8. echo -e "\n$USER ALL=(ALL) NOPASSWD: ALL\n" | sudo tee -a /etc/sudoers
sudo cat /etc/sudoers

    reopen terminal, verify that you are not asked for your password:

    sudo echo "it works!"
    • 1