Ubuntu – Execute sudo without Password

command linepasswordrootsudo

Inspired by this question….

I am the sole person using my system with 12.04.
Every time I issue a sudo command; the system asks for the user password (which is good in its own way).
However I was thinking; without activating the root account; how can I execute the sudo commands which will not ask for user password to authenticate.

NOTE: I want to execute sudo command without authenticating via password; only when they are executed via terminal.
I don't want to remove this extra layer of security from other functions such a while using 'Ubuntu software center' or executing a bash script by drag-drop something.sh file to the terminal.

Best Answer

You can configure sudo to never ask for your password.

Open a Terminal window and type:

sudo visudo

In the bottom of the file, add the following line:

$USER ALL=(ALL) NOPASSWD: ALL

Where $USER is your username on your system. Save and close the sudoers file (if you haven't changed your default terminal editor (you'll know if you have), press Ctl + x to exit nano and it'll prompt you to save).

As of Ubuntu 19.04, the file should now look something like

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults    env_reset
Defaults    mail_badpass
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

YOUR_USERNAME_HERE ALL=(ALL) NOPASSWD: ALL

After this you can type sudo <whatever you want> in a Terminal window without being prompted for the password.

This only applies, to using the sudo command in the terminal. You'll still be prompted for your password if you (for example) try to install a package from the software center

gui password prompt

Related Solutions

Ubuntu – Sudo is not asking for password on Ubuntu 16.04

You had a NOPASSWD rule applied to your user in some file in /etc/sudoers.d. Use sudo grep NOPASSWD /etc/sudoers.d -R to find out which.

Your /etc/sudoers is not the default, however. The default sudoers can be obtained by looking at the sudo package:

$ apt-get download sudo
Get:1 http://mirror.cse.iitk.ac.in/ubuntu xenial-updates/main amd64 sudo amd64 1.8.16-0ubuntu1.1 [389 kB]
Fetched 389 kB in 0s (4,750 kB/s)
$ dpkg-deb --fsys-tarfile sudo*.deb | tar x ./etc/sudoers
$ cat etc/sudoers 
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults    env_reset
Defaults    mail_badpass
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

This is rather different from what you have. Restore /etc/sudoers to the default.

For excluding specific commands from requiring a password, see How do I run specific sudo commands without a password?

Ubuntu – How to avoid password request for sudo for crontab scripts

Sometimes running a process from root's crontab may cause issues with initial file ownership and rwx mode; those may not be correctly preserved.

In any case:

1) to create a new user, keep it simple:

 $ sudo deluser my-user  # if "my-user" is a regular user
 $ adduser my-user
 $ sudo gpasswd -a my-user sudo

2) to include a new entry with a NOPASSWD tag in sudoers or in a file (e.g. /etc/sudoers.d/60_my-user_rules), make the colon stick to the tag, i.e. NOPASSWD:
I've not seen it before with interspersed space and yr rule becomes:

 my-user my-host = NOPASSWD: /full/path/to/cmd [parameter1 [| parameter2 [| ...]]]

Adding (ALL) before the NOPASSWD: is optional as the rule defaults to (ALL:ALL) anyway. You may however want to not only run your cmd/script with root privilege but also run it as either a given user (spec-user) or as a member of a given group (spec-group) or both. In that case, the rule becomes:

 my-user my-host = ([spec-user][:spec-group]) NOPASSWD: /full/path/to/cmd [parameter1 [| parameter2 [| ...]]]

This will actually restrict yr passwordless sudo disposition to one user, one host and one command. You can harden this rule by specifying the optional parameter(s) to that command. In that case the rule will apply only for that/those exact parameter(s).
For scripts, you could further harden this rule by ensuring that the rule applies only if the script was not modified in any way. This is a way to avoid script-hijacking. This is done through cmd-aliasing and specifying SHA-sums in /etc/sudoers.d/60_my-user_rules.

HTH. Please report if you experience issues with that answer.

Best Answer

Related Solutions

Ubuntu – Sudo is not asking for password on Ubuntu 16.04

Ubuntu – How to avoid password request for sudo for crontab scripts

Related Question