How to unzip a zip file from the Terminal?

Question

aychedee

Asked: 2012-09-24 01:30:23 +0800 CST2012-09-24 01:30:23 +0800 CST 2012-09-24 01:30:23 +0800 CST

How to run sudo command with no password?

772

How does the ubuntu user on the AWS images for Ubuntu Server 12.04 have passwordless sudo for all commands when there is no configuration for it in /etc/sudoers?

I'm using Ubuntu server 12.04 on Amazon. I want to add a new user that has the same behavior as the default Ubuntu user. Specifically I want passwordless sudo for this new user.

So I've added a new user and went to edit /etc/sudoers (using visudo of course). From reading that file it seemed like the default ubuntu user was getting it's passwordless sudo from being a member of the admin group. So I added my new user to that. Which didn't work. Then I tried adding the NOPASSWD directive to sudoers. Which also didn't work.

Anyway, now I'm just curious. How does the ubuntu user get passwordless privileges if they aren't defined in /etc/sudoers. What is the mechanism that allows this?

5 Answers

Voted

aychedee · Answer 1 · 2012-09-24T02:27:55+08:00

Best Answer

aychedee

2012-09-24T02:27:55+08:002012-09-24T02:27:55+08:00

Okay, I have discovered the answer so may as well put it here for completeness. At the end of /etc/sudoers there is what I thought was just a comment:

#includedir /etc/sudoers.d

However this actually includes the contents of that directory. Inside of which is the file /etc/sudoers.d/90-cloudimg-ubuntu. Which has the expected contents

# ubuntu user is default user in cloud-images.
# It needs passwordless sudo functionality.
ubuntu ALL=(ALL) NOPASSWD:ALL

So that is where the sudo configuration for the default ubuntu user lives.

You should edit this file using visudo. The following command will let you edit the correct file with visudo.

sudo visudo -f /etc/sudoers.d/90-cloudimg-ubuntu

And add a line like:

aychedee ALL=(ALL) NOPASSWD:ALL

At the end.

380

jiminikiz · Answer 2 · 2014-04-04T13:45:53+08:00

I found that the most straight forward thing to do, in order to easily replicate this behavior across multiple servers, was the following:

sudo visudo

Change this line:

# Members of the admin group may gain root privileges
%admin  ALL=(ALL) ALL

to this line:

# Members of the admin group may gain root privileges
%admin  ALL=(ALL) NOPASSWD:ALL

And move it under this line:

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

you should now have this:

# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin  ALL=(ALL) NOPASSWD:ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

then for every user that needs sudo access WITH a password:

sudo adduser <user> sudo

and for every user that needs sudo access WITH NO password:

sudo adduser <user> admin

(on older versions of ubuntu, you may need to):

sudo service sudo restart

And that's it!

Edit: You may have to add the admin group as I don't think it exists by default.

sudo groupadd admin

You can also add the default AWS ubuntu user to the admin group via this command:

sudo usermod ubuntu -g admin

Note: As @hata mentioned, you may need to use adm as your admin group name, depending on which version of Ubuntu is being used.

WaughWaugh · Answer 3 · 2019-04-04T05:50:24+08:00

WaughWaugh

2019-04-04T05:50:24+08:002019-04-04T05:50:24+08:00

I would create my own file under /etc/sudoers.d/ directory - the file created by Amazon Cloud might be overwritten in case of any update. After creating your file in /etc/sudoers.d, add this entry,

<your user name> ALL=(ALL) NOPASSWD:ALL

Reboot the system and this will work.

9

user315445 · Answer 4 · 2014-08-14T14:25:18+08:00

user315445

2014-08-14T14:25:18+08:002014-08-14T14:25:18+08:00

Short answer without using any editor (tested on bash, very risky to execute on remote hosts).

Configure sudo to work without a password for the current user:

echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers

Check the edit with:

sudo visudo -c

Verify if you can use sudo without a password:

sudo cat /etc/sudoers | grep "$USER"

...or simply try it with:

sudo <anything>

6

Seth Bergman · Answer 5 · 2019-09-29T12:39:11+08:00

As I was researching this, I realized that there's a line in the /etc/sudoers file that is not a comment, but a directive that makes any file or folder under the directory /etc/sudoers/* override the contents of /etc/sudoers.

This is a sneaky little directive, as it appears to be a commented line upon first glance. It looks like this:

#includedir /etc/sudoers.d

This is how I've implemented the non-root, passwordless user in an ephemeral Docker Image for use in a CICD pipeline with the base image of ubuntu:18.04:

RUN \
  useradd -U foo -m -s /bin/bash -p foo -G sudo && passwd -d foo && passwd -d root && \
  sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
  sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
  sed -i /etc/sudoers -re 's/^#includedir.*/## Removed the #include directive! ##"/g' && \
  echo "Customized the sudoers file for passwordless access!" && \
  echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
  echo "root ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
  echo "foo user:";  su foo -c 'whoami && id' && \
  echo "root user:"; su root -c 'whoami && id'

What happens with the above code:

The user and group foo is created.
The user foo is added to the both the foo and sudo group.
The home directory is set to /home/foo.
The shell is set to /bin/bash.
The passwords for both foo and root are deleted.
The sed command does inline updates to the /etc/sudoers file to allow foo and root users passwordless access to the sudo command.
The sed command disables the #includedir directive that would allow any files in subdirectories to override these inline updates.

How to run sudo command with no password?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

What command do I need to unzip/extract a .tar.gz file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?

Change folder permissions and ownership