Sudo for users with empty passwords

sudo

I want sudo to behave like this, for all users:

  1. If the user currently has a non-empty password, prompt for the password.

  2. If the user currently has an empty password, either prompt for the password and accept the empty string, or don't prompt at all and permit.

Is this possible? Right now, I have (1) but this is what happens for a user with an empty password:

$ sudo echo
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts

Alternatively, I can switch off password checking per-user, but that's not what I want, because the user might set a password later, and then sudo should prompt for it.

Best Answer

I don't think this is possible because sudo will not know that a user doesn't have a password or that it's the empty string until it (sudo) presents the password, empty or otherwise, to the PAM module for validation. Therefore it will always need to request the password from the user, before proceeding.

Your only recourse here is to configure users that do not require the use of a password with the NOPASSWD option in your sudoers file. But this is highly insecure, and I'd recommend you seriously consider what your ultimate goal is here before proceeding with that method.

...so I don't care about security...

First set a "blank" password

This U&L Q&A titled: How do you create a user with no password? suggested using this method which worked for me.

$ sudo passwd --delete samtest
Removing password for user samtest.
passwd: Success

Now test it out

Now add a line like this to your /etc/sudoers file. NOTE: Always edit this file using sudo visudo.

samtest ALL=(ALL)       NOPASSWD: ALL

Now try logging in as user "samtest" without any password.

$ su - samtest
$

Now try using this account using sudo:

$ whoami
samtest

$ sudo echo

$
Related Question