Home / ubuntu / Questions / 20984
Accepted
user541686
Asked: 2011-01-11 17:09:02 +0800 CST

Always Sudo Privileges

  • 772

I've searched for this, and the answer is probably in a million places on the 'net, but I can't find it...

How do you give your account root privileges in Linux so that you don't need to sudo every single command that requires privileges? It's even more annoying than Windows's User Accounts Control.

(Please... I don't need a lecture on how I would be living a dangerous life. Thank you.)

permissions

6 Answers

  1. Does this work for you?

    sudo EDITOR=gedit visudo

    Change this line:

    %admin ALL=(ALL) ALL

    to this line:

    %admin ALL=(ALL) NOPASSWD: ALL

    No lectures. :)

    • 14

  2. You don't. Two things you can do are:

    1) Run sudo -s to stay root when you plan on entering multiple commands and don't want to keep prefixing them with sudo.

    2) You can configure your sudoers file to allow you to run sudo without having to enter your password.

    • 10

  3. I don't see how hard it is to run sudo -i once in a terminal, and then just use this one terminal (or you could open more than one, but then you would have to type your password again) to do all your sudo stuff.

    (And no, I can't really see the big problem in typing your password once in a while. It's really not that time consuming, and unless you close your terminal after each command, sudo will not ask for your pass for a while after you have authenticated).

    • 2

  4. You could install/activate the 'su' command and configure the shell to run it on startup.

    • 1
  5. Best Answer

    The correct answer to my question:

    You can change your user ID (UID) and group ID (GID) to zero in /etc/passwd, to gain root privileges.

    However:

    If you do, you will not be able to log back in!

    You can, nevertheless, create a new user, and change his group/user ID to 0. Essentially, that user will be another root, but with a different profile folder, etc.

    Then you can use that profile as if you were root Himself! :D

    Another "solution":

    (if you like blank passwords)

    1. Run the commands below, and compare the outputs

      sudo cat /etc/shadow
sudo sed "s/\(^$(whoami):\)[^:]*/\1/" /etc/shadow

      You should see that the latter has removed the gibberish in front of your username (which is read using $(whoami)). (If you don't, don't continue!)

    2. When you're ready, run the command to overwrite /etc/shadow (at your own risk!)

      sudo sed -i.bak "s/\(^$(whoami):\)[^:]*/\1/" /etc/shadow

    3. Your account now has a blank password, and you should no longer be prompted for sudo permissions. (At least, that's what happened to me.)

    Note:

    You may also need to enable passwordless login; I'm not sure if that's necessary, though.

    • 1

  6. I advice STRONGLY not to give yourself GID 0. SUDO is not there to make things compicated. Only reason to make another root account (wether home directory is /root/ or custom directory i.e. /home/root2/) is that there is two administratos in system who does not wish to share one root password.

    Otherwise, use sudo. And assuming you are not seasoned Unix-user, there is also risk you forget what tools are root-only and what is for common users.

    BUT, if you feel that you have secure normal user (i personally use STRONG password with this method), i let my user (i.e. tatu.staff / uid=1xxx, gid 50) run SUDO without password. Therefore I never mix up what is only for root and what's for user.

    Use instructions above to create sudoers file (and corresponding groups) to make specific user to run SUDO without password or see example file i'll paste here: 

    #
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
Defaults        !authenticate

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
YOURUSER    ALL=(ALL) NOPASSWD:ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
%wheel  ALL=(ALL) NOPASSWD:ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

    YOURUSER being your username, that line allowing specific user to run SUDO without password.

    all users in group SUDO need to give password.

    all users in group wheel can run sudo without password -- useful if you want to give passwordless SUDO ACCESS to multiple users, which is by the way, simply put A VERY BAD IDEA.

    ALSO: - Remember the % charachter before GROUP names. - One can edit /etc/group directly, but it is NOT adviced. Use ADDGROUP to edit, see more info by typing: man addgroup

    I must stress again that ALWAYS edit sudoers file by using VISUDO command, NEVER directly with editor. That ensures that you always get valid sudoers file - typing errors or bad statements etc. are very bad thing in such important file, and visudo saves you all that trouble you might not be able recover by yourself, and i bet first answer to question after this is "always use visdo. didn't they tell you that? oh they did? What is wrong with you?" or something alike ;)

    --

    Greetings from Finland - it's nice, quite nice winter here, only -10 Celsius, not those awful lower than -25 C temperatures.

    \\ tatu-o

    • 1