Setting up passwordless sudo on Linux distributions

This is pretty trivial if you make use of the special Unix group called wheel on Fedora systems. You merely have to do the following:

  1. Add your primary user to the wheel group

    $ sudo gpasswd -a <primary account> wheel
    
  2. Enable NOPASSWD for the %wheel group in /etc/sudoers

    $ sudo visudo
    

    Then comment out this line:

    ## Allows people in group wheel to run all commands
    # %wheel        ALL=(ALL)       ALL
    

    And uncomment this line:

    ## Same thing without a password
    %wheel  ALL=(ALL)       NOPASSWD: ALL
    

    Save this file with Shift+Z+Z.

  3. Logout and log back in

    NOTE: This last step is mandatory so that your desktop and any corresponding top level shells are re-execed showing that your primary account is now a member of the wheel Unix group.


Traditionally on Debian based distributions such as Debian/Ubuntu/Mint/Kali/Antix, the default group for sudo is, well, sudo.

So to add passwordless sudo enabled users to a Debian based system, the steps are:

  1. Install sudo

    In Debian, depending on the installation options, you often end up without sudo installed by default.

    If the package sudo is not installed (e.g. you do not have /etc/sudoers), run as root:

    # apt install sudo
    
  2. Add the user to the sudo group

    Add a user to the sudo group, if it is not already in the sudo group (Ubuntu and derivatives add a user created in installation automatically to the sudo group).

    When setting up the first sudo user, you have got to the first as root:

    # gpasswd -a <primary account> sudo
    

    When you already have a sudo user, it is advised as good security practice, to set up the other users in the sudo group via that user:

    $ sudo gpasswd -a <primary account> sudo
    
  3. Modify /etc/sudoers for adding the NOPASSWD directive

    You then edit the default line in /etc/sudoers for the sudo group with:

    $ sudo visudo
    

    and change it from:

    # Allow members of group sudo to execute any command
    %sudo   ALL=(ALL:ALL) ALL
    

    to:

    # Allow members of group sudo to execute any command, no password
    %sudo   ALL=(ALL:ALL) NOPASSWD:ALL
    
  4. Logout and log back in

    If logged in the system, the intended user has then to logout and login for the change of the user belonging to the sudo group to take effect.

NOTE: In Debian the group wheel is often used to restrict in PAM the use of su to a group, instead of using it for the sudo command as in RedHat/SuSE based distributions.

Traditionally in Debian based distributions, for the sudo command you use the sudo group.


Most distributions have this line in /etc/sudoers/:

#includedir /etc/sudoers.d

Consequently, an easy way to add one user is to create a suitable file in the /etc/sudoers.d/ directory; I normally name it for the user to be added:

add_sudoer() {
    if ! test -n "$1"
    then echo "Usage: $0 <user>" >&2; return
    fi

    printf >"/etc/sudoers.d/$1" '%s    ALL= NOPASSWD: ALL\n' "$1"
}

You might also want to add Defaults:%s !lecture, !authenticate\n and/or other options to the file.