I want sudo to behave like this, for all users:
-
If the user currently has a non-empty password, prompt for the password.
-
If the user currently has an empty password, either prompt for the password and accept the empty string, or don't prompt at all and permit.
Is this possible? Right now, I have (1) but this is what happens for a user with an empty password:
$ sudo echo
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
Alternatively, I can switch off password checking per-user, but that's not what I want, because the user might set a password later, and then sudo should prompt for it.
Best Answer
I don't think this is possible because
sudo
will not know that a user doesn't have a password or that it's the empty string until it (sudo
) presents the password, empty or otherwise, to the PAM module for validation. Therefore it will always need to request the password from the user, before proceeding.Your only recourse here is to configure users that do not require the use of a password with the
NOPASSWD
option in your sudoers file. But this is highly insecure, and I'd recommend you seriously consider what your ultimate goal is here before proceeding with that method....so I don't care about security...
First set a "blank" password
This U&L Q&A titled: How do you create a user with no password? suggested using this method which worked for me.
Now test it out
Now add a line like this to your
/etc/sudoers
file. NOTE: Always edit this file usingsudo visudo
.Now try logging in as user "samtest" without any password.
Now try using this account using
sudo
: