Setting up passwordless sudo on Linux distributions
This is pretty trivial if you make use of the special Unix group called wheel
on Fedora systems. You merely have to do the following:
Add your primary user to the
wheel
group$ sudo gpasswd -a <primary account> wheel
Enable NOPASSWD for the
%wheel
group in/etc/sudoers
$ sudo visudo
Then comment out this line:
## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL
And uncomment this line:
## Same thing without a password %wheel ALL=(ALL) NOPASSWD: ALL
Save this file with Shift+Z+Z.
Logout and log back in
NOTE: This last step is mandatory so that your desktop and any corresponding top level shells are re-execed showing that your primary account is now a member of the
wheel
Unix group.
Traditionally on Debian based distributions such as Debian/Ubuntu/Mint/Kali/Antix, the default group for sudo is, well, sudo
.
So to add passwordless sudo
enabled users to a Debian based system, the steps are:
Install
sudo
In Debian, depending on the installation options, you often end up without
sudo
installed by default.If the package
sudo
is not installed (e.g. you do not have/etc/sudoers
), run as root:# apt install sudo
Add the user to the sudo group
Add a user to the sudo group, if it is not already in the sudo group (Ubuntu and derivatives add a user created in installation automatically to the sudo group).
When setting up the first sudo user, you have got to the first as
root
:# gpasswd -a <primary account> sudo
When you already have a
sudo
user, it is advised as good security practice, to set up the other users in the sudo group via that user:$ sudo gpasswd -a <primary account> sudo
Modify
/etc/sudoers
for adding the NOPASSWD directiveYou then edit the default line in
/etc/sudoers
for thesudo
group with:$ sudo visudo
and change it from:
# Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL
to:
# Allow members of group sudo to execute any command, no password %sudo ALL=(ALL:ALL) NOPASSWD:ALL
Logout and log back in
If logged in the system, the intended user has then to logout and login for the change of the user belonging to the
sudo
group to take effect.
NOTE: In Debian the group wheel
is often used to restrict in PAM the use of su
to a group, instead of using it for the sudo
command as in RedHat/SuSE based distributions.
Traditionally in Debian based distributions, for the sudo
command you use the sudo
group.
Most distributions have this line in /etc/sudoers/
:
#includedir /etc/sudoers.d
Consequently, an easy way to add one user is to create a suitable file in the /etc/sudoers.d/
directory; I normally name it for the user to be added:
add_sudoer() {
if ! test -n "$1"
then echo "Usage: $0 <user>" >&2; return
fi
printf >"/etc/sudoers.d/$1" '%s ALL= NOPASSWD: ALL\n' "$1"
}
You might also want to add Defaults:%s !lecture, !authenticate\n
and/or other options to the file.