How to run sudo command with no password?How to avoid being prompted for a password by sudo?How to customize sudo users for commands and paths?Execute sudo without Password?How to modify an invalid '/etc/sudoers' file?Sudoers file, enable NOPASSWD for user, all commandssudo: no tty present and no askpass program specifiedIs there a program to mount all of my drives automatically?How to run an application using sudo without a password?How to set up passwordless SSH access for root userInsert a password into the terminal through a script?sudo not asking for password of correct userLooking for a better solution to execute a single sudo command when using a normal user account?Sudoers file, enable NOPASSWD for user, all commandscan't use sudo but only suDefault sudo settings did not require passwordHow to add flags and/or arguments to a command in the 'sudoers' fileUser in admin group still being prompted for password to sudo
Are lances and nets and versatile weapons considered one-handed weapons?
Bridge rectifier outputting 338 volts DC with 120 volts AC input
C++ Leak detection simple class
What type of glass fuse is this and what does the spring do?
Destructuring a list containing two items to use it as arguments to a binary function
Macbook turns on but screen is dead or completely dark
Why does UNIX ed not have a prompt by default
Can any number of squares be a square?
Taking volume contraction into account when mixing water with ethanol
Why is the processor instruction called "move", not "copy"?
How do I install this weird looking i9 9900K I bought?
Can a Sorcerer use the Silence spell and the Subtle Spell Metamagic to silently cast the Knock spell?
If a picture of a screen is a screenshot, what is a video of a screen?
What is the difference between scissors and shears?
how to change position of label and icon in LWC
Why do we have to discharge the capacitor before testing it in an LCR Meter?
Are generation ships inherently implausible?
Can I weaken a coil spring consisting of spring steel?
Does a patron have to know their warlock?
Can the category of partial orders be fully embedded in the category of linear orders?
No-cloning theorem and fan-out gate
Is there a BIOS setting that controls cpu load sharing?
How do professors and lecturers learn to teach?
How can we save ourselves from large drops in stock price?
How to run sudo command with no password?
How to avoid being prompted for a password by sudo?How to customize sudo users for commands and paths?Execute sudo without Password?How to modify an invalid '/etc/sudoers' file?Sudoers file, enable NOPASSWD for user, all commandssudo: no tty present and no askpass program specifiedIs there a program to mount all of my drives automatically?How to run an application using sudo without a password?How to set up passwordless SSH access for root userInsert a password into the terminal through a script?sudo not asking for password of correct userLooking for a better solution to execute a single sudo command when using a normal user account?Sudoers file, enable NOPASSWD for user, all commandscan't use sudo but only suDefault sudo settings did not require passwordHow to add flags and/or arguments to a command in the 'sudoers' fileUser in admin group still being prompted for password to sudo
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;
How does the ubuntu user on the AWS images for Ubuntu Server 12.04 have passwordless sudo for all commands when there is no configuration for it in /etc/sudoers?
I'm using Ubuntu server 12.04 on Amazon. I want to add a new user that has the same behavior as the default Ubuntu user. Specifically I want passwordless sudo for this new user.
So I've added a new user and went to edit /etc/sudoers (using visudo of course). From reading that file it seemed like the default ubuntu user was getting it's passwordless sudo from being a member of the admin group. So I added my new user to that. Which didn't work. Then I tried adding the NOPASSWD directive to sudoers. Which also didn't work.
Anyway, now I'm just curious. How does the ubuntu user get passwordless privileges if they aren't defined in /etc/sudoers. What is the mechanism that allows this?
sudo aws
edited Oct 12 '12 at 15:02
Peachy
5,8177 gold badges30 silver badges45 bronze badges
asked Sep 23 '12 at 9:30
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
add a comment
|
How does the ubuntu user on the AWS images for Ubuntu Server 12.04 have passwordless sudo for all commands when there is no configuration for it in /etc/sudoers?
I'm using Ubuntu server 12.04 on Amazon. I want to add a new user that has the same behavior as the default Ubuntu user. Specifically I want passwordless sudo for this new user.
So I've added a new user and went to edit /etc/sudoers (using visudo of course). From reading that file it seemed like the default ubuntu user was getting it's passwordless sudo from being a member of the admin group. So I added my new user to that. Which didn't work. Then I tried adding the NOPASSWD directive to sudoers. Which also didn't work.
Anyway, now I'm just curious. How does the ubuntu user get passwordless privileges if they aren't defined in /etc/sudoers. What is the mechanism that allows this?
sudo aws
edited Oct 12 '12 at 15:02
Peachy
5,8177 gold badges30 silver badges45 bronze badges
asked Sep 23 '12 at 9:30
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
Related: Execute sudo without Password?
– Eliah Kagan
Jul 26 '17 at 7:12
add a comment
|
How does the ubuntu user on the AWS images for Ubuntu Server 12.04 have passwordless sudo for all commands when there is no configuration for it in /etc/sudoers?
I'm using Ubuntu server 12.04 on Amazon. I want to add a new user that has the same behavior as the default Ubuntu user. Specifically I want passwordless sudo for this new user.
So I've added a new user and went to edit /etc/sudoers (using visudo of course). From reading that file it seemed like the default ubuntu user was getting it's passwordless sudo from being a member of the admin group. So I added my new user to that. Which didn't work. Then I tried adding the NOPASSWD directive to sudoers. Which also didn't work.
Anyway, now I'm just curious. How does the ubuntu user get passwordless privileges if they aren't defined in /etc/sudoers. What is the mechanism that allows this?
sudo aws
edited Oct 12 '12 at 15:02
Peachy
5,8177 gold badges30 silver badges45 bronze badges
asked Sep 23 '12 at 9:30
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
How does the ubuntu user on the AWS images for Ubuntu Server 12.04 have passwordless sudo for all commands when there is no configuration for it in /etc/sudoers?
I'm using Ubuntu server 12.04 on Amazon. I want to add a new user that has the same behavior as the default Ubuntu user. Specifically I want passwordless sudo for this new user.
So I've added a new user and went to edit /etc/sudoers (using visudo of course). From reading that file it seemed like the default ubuntu user was getting it's passwordless sudo from being a member of the admin group. So I added my new user to that. Which didn't work. Then I tried adding the NOPASSWD directive to sudoers. Which also didn't work.
Anyway, now I'm just curious. How does the ubuntu user get passwordless privileges if they aren't defined in /etc/sudoers. What is the mechanism that allows this?
sudo aws
sudo aws
edited Oct 12 '12 at 15:02
Peachy
5,8177 gold badges30 silver badges45 bronze badges
asked Sep 23 '12 at 9:30
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
edited Oct 12 '12 at 15:02
Peachy
5,8177 gold badges30 silver badges45 bronze badges
asked Sep 23 '12 at 9:30
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
edited Oct 12 '12 at 15:02
Peachy
5,8177 gold badges30 silver badges45 bronze badges
edited Oct 12 '12 at 15:02
Peachy
5,8177 gold badges30 silver badges45 bronze badges
edited Oct 12 '12 at 15:02
Peachy
5,8177 gold badges30 silver badges45 bronze badges
5,8177 gold badges30 silver badges45 bronze badges
asked Sep 23 '12 at 9:30
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
asked Sep 23 '12 at 9:30
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
asked Sep 23 '12 at 9:30
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
6,6373 gold badges17 silver badges13 bronze badges
Related: Execute sudo without Password?
– Eliah Kagan
Jul 26 '17 at 7:12
add a comment
|
Related: Execute sudo without Password?
– Eliah Kagan
Jul 26 '17 at 7:12
Related: Execute sudo without Password?
– Eliah Kagan
Jul 26 '17 at 7:12
Related: Execute sudo without Password?
– Eliah Kagan
Jul 26 '17 at 7:12
add a comment
|
5 Answers
5
active
oldest
votes
Okay, I have discovered the answer so may as well put it here for completeness. At the end of /etc/sudoers there is what I thought was just a comment:
#includedir /etc/sudoers.d
However this actually includes the contents of that directory. Inside of which is the file /etc/sudoers.d/90-cloudimg-ubuntu. Which has the expected contents
# ubuntu user is default user in cloud-images.
# It needs passwordless sudo functionality.
ubuntu ALL=(ALL) NOPASSWD:ALL
So that is where the sudo configuration for the default ubuntu user lives.
You should edit this file using visudo. The following command will let you edit the correct file with visudo.
sudo visudo -f /etc/sudoers.d/90-cloudimg-ubuntu
And add a line like:
aychedee ALL=(ALL) NOPASSWD:ALL
At the end.
answered Sep 23 '12 at 10:27
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
4
I'm pretty sure I had to do a full reboot.
– aychedee
Feb 14 '13 at 20:40
2
new sudo rules will be used for every new logged user - so you need re login at least
– bluszcz
Feb 27 '13 at 10:17
32
'sudo service sudo restart' works :)
– Laice
Jun 11 '13 at 2:23
4
In later versions (14.04 for example) the included file is/etc/sudoers.d/90-cloud-init-users(so to edit..sudo visudo -f /etc/sudoers.d/90-cloud-init-users). Although it'd be cleaner to create additional files than editing the generated one. Note that files containing a.or ending in~will not be included.
– Molomby
Aug 27 '15 at 5:29
2
@Phil_1984_ Most likely, it was added as a comment to allow compatibility with other (standard?) versions of sudo, which don't allow includes, but wouldn't be tripped up by a weird comment. (Standards are hard! ;-)
– jpaugh
Nov 23 '16 at 14:39
|
show 4 more comments
I found that the most straight forward thing to do, in order to easily replicate this behavior across multiple servers, was the following:
sudo visudo
Change this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
to this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
And move it under this line:
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
you should now have this:
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
then for every user that needs sudo access WITH a password:
sudo adduser <user> sudo
and for every user that needs sudo access WITH NO password:
sudo adduser <user> admin
and finally, run this:
sudo service sudo restart
And that's it!
Edit: You may have to add the admin group as I don't think it exists by default.
sudo groupadd admin
You can also add the default AWS ubuntu user to the admin group via this command:
sudo usermod ubuntu -g admin
Note: As @hata mentioned, you may need to use adm as your admin group name, depending on which version of Ubuntu is being used.
answered Apr 3 '14 at 21:45
jiminikizjiminikiz
1,1057 silver badges7 bronze badges
3
Note to self: It's a convention to move less restrictive permissions lower in the stack. But not doing it won't affect functionality.
– poweratom
Sep 5 '14 at 9:47
2
As jiminikiz explained, I had to place the %admin after the %sudo on my Ubuntu GNOME 16.04 LTS. Plus, the administrators group id is exactly not admin but adm on my Ubuntu. No reboot was required.
– hata
Oct 26 '17 at 10:52
add a comment
|
I would create my own file under /etc/sudoers.d/ directory - the file created by Amazon Cloud might be overwritten in case of any update. After creating your file in /etc/sudoers.d, add this entry,
<your user name> ALL=(ALL) NOPASSWD:ALL
Reboot the system and this will work.
answered Apr 3 at 13:50
WaughWaughWaughWaugh
1711 silver badge2 bronze badges
add a comment
|
Short answer without using any editor (tested on bash, very risky to execute on remote hosts).
Configure sudo to work without a password for the current user:
echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
Check the edit with:
sudo visudo -c
Verify if you can use sudo without a password:
sudo cat /etc/sudoers | grep "$USER"
...or simply try it with:
sudo <anything>edited Jan 2 '18 at 21:24
David Eison
1033 bronze badges
answered Aug 13 '14 at 22:25
user315445user315445
871 bronze badge
21
This is pretty dangerous advice... copy and paste this wrong and you'll lock yourself out of your own server. Hence the advice to use visudo. It checks that the syntax is correct before saving to disk. So, for anyone that wants to use this. Don't do it on a remote server that you care about. You might want to include a warning about that in your answer.
– aychedee
Aug 14 '14 at 9:25
8
Not using visudo is a horrible idea. Trust me, I know.
– trognanders
Sep 9 '15 at 17:22
1
IMHO, a copy-paste is safer than a manual edit. A minor simplification:echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
– theartofrain
Apr 5 '16 at 23:56
4
@theartofrain - Normally, I'd agree, butvisudois particularly nice about not allowing you to break the sudoers file, thus not locking you out of your machine (or at least sudo).
– Jon V
Mar 15 '17 at 2:43
3
@JonV You can lose admin rights viavisudotoo, but usually not by accident, becausevisudoonly saves changes that are well-formed according to the grammar for sudoers files. Most mistakes are syntactically wrong, so they cause no harm withvisudo. If/etc/sudoersor a file in/etc/sudoers.dis ill-formed,sudorefuses to elevate privileges for anyone as a security measure, which is why not usingvisudois dangerous. (Though sometimespkexeccan fix it without a reboot.)
– Eliah Kagan
Sep 28 '17 at 12:29
add a comment
|
This is how I've implemented the non-root, passwordless user in an ephemeral Docker Image for use in a CICD pipeline:
RUN
groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo &&
sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' &&
echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers &&
echo "Customized the sudoers file for passwordless access to the foo user!" &&
echo "foo user:"; su - foo -c id
answered Sep 28 at 20:39
Seth BergmanSeth Bergman
987 bronze badges
add a comment
|
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f192050%2fhow-to-run-sudo-command-with-no-password%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
Okay, I have discovered the answer so may as well put it here for completeness. At the end of /etc/sudoers there is what I thought was just a comment:
#includedir /etc/sudoers.d
However this actually includes the contents of that directory. Inside of which is the file /etc/sudoers.d/90-cloudimg-ubuntu. Which has the expected contents
# ubuntu user is default user in cloud-images.
# It needs passwordless sudo functionality.
ubuntu ALL=(ALL) NOPASSWD:ALL
So that is where the sudo configuration for the default ubuntu user lives.
You should edit this file using visudo. The following command will let you edit the correct file with visudo.
sudo visudo -f /etc/sudoers.d/90-cloudimg-ubuntu
And add a line like:
aychedee ALL=(ALL) NOPASSWD:ALL
At the end.
answered Sep 23 '12 at 10:27
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
4
I'm pretty sure I had to do a full reboot.
– aychedee
Feb 14 '13 at 20:40
2
new sudo rules will be used for every new logged user - so you need re login at least
– bluszcz
Feb 27 '13 at 10:17
32
'sudo service sudo restart' works :)
– Laice
Jun 11 '13 at 2:23
4
In later versions (14.04 for example) the included file is/etc/sudoers.d/90-cloud-init-users(so to edit..sudo visudo -f /etc/sudoers.d/90-cloud-init-users). Although it'd be cleaner to create additional files than editing the generated one. Note that files containing a.or ending in~will not be included.
– Molomby
Aug 27 '15 at 5:29
2
@Phil_1984_ Most likely, it was added as a comment to allow compatibility with other (standard?) versions of sudo, which don't allow includes, but wouldn't be tripped up by a weird comment. (Standards are hard! ;-)
– jpaugh
Nov 23 '16 at 14:39
|
show 4 more comments
Okay, I have discovered the answer so may as well put it here for completeness. At the end of /etc/sudoers there is what I thought was just a comment:
#includedir /etc/sudoers.d
However this actually includes the contents of that directory. Inside of which is the file /etc/sudoers.d/90-cloudimg-ubuntu. Which has the expected contents
# ubuntu user is default user in cloud-images.
# It needs passwordless sudo functionality.
ubuntu ALL=(ALL) NOPASSWD:ALL
So that is where the sudo configuration for the default ubuntu user lives.
You should edit this file using visudo. The following command will let you edit the correct file with visudo.
sudo visudo -f /etc/sudoers.d/90-cloudimg-ubuntu
And add a line like:
aychedee ALL=(ALL) NOPASSWD:ALL
At the end.
answered Sep 23 '12 at 10:27
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
4
I'm pretty sure I had to do a full reboot.
– aychedee
Feb 14 '13 at 20:40
2
new sudo rules will be used for every new logged user - so you need re login at least
– bluszcz
Feb 27 '13 at 10:17
32
'sudo service sudo restart' works :)
– Laice
Jun 11 '13 at 2:23
4
In later versions (14.04 for example) the included file is/etc/sudoers.d/90-cloud-init-users(so to edit..sudo visudo -f /etc/sudoers.d/90-cloud-init-users). Although it'd be cleaner to create additional files than editing the generated one. Note that files containing a.or ending in~will not be included.
– Molomby
Aug 27 '15 at 5:29
2
@Phil_1984_ Most likely, it was added as a comment to allow compatibility with other (standard?) versions of sudo, which don't allow includes, but wouldn't be tripped up by a weird comment. (Standards are hard! ;-)
– jpaugh
Nov 23 '16 at 14:39
|
show 4 more comments
Okay, I have discovered the answer so may as well put it here for completeness. At the end of /etc/sudoers there is what I thought was just a comment:
#includedir /etc/sudoers.d
However this actually includes the contents of that directory. Inside of which is the file /etc/sudoers.d/90-cloudimg-ubuntu. Which has the expected contents
# ubuntu user is default user in cloud-images.
# It needs passwordless sudo functionality.
ubuntu ALL=(ALL) NOPASSWD:ALL
So that is where the sudo configuration for the default ubuntu user lives.
You should edit this file using visudo. The following command will let you edit the correct file with visudo.
sudo visudo -f /etc/sudoers.d/90-cloudimg-ubuntu
And add a line like:
aychedee ALL=(ALL) NOPASSWD:ALL
At the end.
answered Sep 23 '12 at 10:27
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
Okay, I have discovered the answer so may as well put it here for completeness. At the end of /etc/sudoers there is what I thought was just a comment:
#includedir /etc/sudoers.d
However this actually includes the contents of that directory. Inside of which is the file /etc/sudoers.d/90-cloudimg-ubuntu. Which has the expected contents
# ubuntu user is default user in cloud-images.
# It needs passwordless sudo functionality.
ubuntu ALL=(ALL) NOPASSWD:ALL
So that is where the sudo configuration for the default ubuntu user lives.
You should edit this file using visudo. The following command will let you edit the correct file with visudo.
sudo visudo -f /etc/sudoers.d/90-cloudimg-ubuntu
And add a line like:
aychedee ALL=(ALL) NOPASSWD:ALL
At the end.
answered Sep 23 '12 at 10:27
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
edited Jan 7 '14 at 10:01
answered Sep 23 '12 at 10:27
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
answered Sep 23 '12 at 10:27
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
answered Sep 23 '12 at 10:27
aychedeeaychedee
6,6373 gold badges17 silver badges13 bronze badges
6,6373 gold badges17 silver badges13 bronze badges
4
I'm pretty sure I had to do a full reboot.
– aychedee
Feb 14 '13 at 20:40
2
new sudo rules will be used for every new logged user - so you need re login at least
– bluszcz
Feb 27 '13 at 10:17
32
'sudo service sudo restart' works :)
– Laice
Jun 11 '13 at 2:23
4
In later versions (14.04 for example) the included file is/etc/sudoers.d/90-cloud-init-users(so to edit..sudo visudo -f /etc/sudoers.d/90-cloud-init-users). Although it'd be cleaner to create additional files than editing the generated one. Note that files containing a.or ending in~will not be included.
– Molomby
Aug 27 '15 at 5:29
2
@Phil_1984_ Most likely, it was added as a comment to allow compatibility with other (standard?) versions of sudo, which don't allow includes, but wouldn't be tripped up by a weird comment. (Standards are hard! ;-)
– jpaugh
Nov 23 '16 at 14:39
|
show 4 more comments
4
I'm pretty sure I had to do a full reboot.
– aychedee
Feb 14 '13 at 20:40
2
new sudo rules will be used for every new logged user - so you need re login at least
– bluszcz
Feb 27 '13 at 10:17
32
'sudo service sudo restart' works :)
– Laice
Jun 11 '13 at 2:23
4
In later versions (14.04 for example) the included file is/etc/sudoers.d/90-cloud-init-users(so to edit..sudo visudo -f /etc/sudoers.d/90-cloud-init-users). Although it'd be cleaner to create additional files than editing the generated one. Note that files containing a.or ending in~will not be included.
– Molomby
Aug 27 '15 at 5:29
2
@Phil_1984_ Most likely, it was added as a comment to allow compatibility with other (standard?) versions of sudo, which don't allow includes, but wouldn't be tripped up by a weird comment. (Standards are hard! ;-)
– jpaugh
Nov 23 '16 at 14:39
4
4
I'm pretty sure I had to do a full reboot.
– aychedee
Feb 14 '13 at 20:40
I'm pretty sure I had to do a full reboot.
– aychedee
Feb 14 '13 at 20:40
2
2
new sudo rules will be used for every new logged user - so you need re login at least
– bluszcz
Feb 27 '13 at 10:17
new sudo rules will be used for every new logged user - so you need re login at least
– bluszcz
Feb 27 '13 at 10:17
32
32
'sudo service sudo restart' works :)
– Laice
Jun 11 '13 at 2:23
'sudo service sudo restart' works :)
– Laice
Jun 11 '13 at 2:23
4
4
In later versions (14.04 for example) the included file is
/etc/sudoers.d/90-cloud-init-users (so to edit.. sudo visudo -f /etc/sudoers.d/90-cloud-init-users). Although it'd be cleaner to create additional files than editing the generated one. Note that files containing a . or ending in ~ will not be included.– Molomby
Aug 27 '15 at 5:29
In later versions (14.04 for example) the included file is
/etc/sudoers.d/90-cloud-init-users (so to edit.. sudo visudo -f /etc/sudoers.d/90-cloud-init-users). Although it'd be cleaner to create additional files than editing the generated one. Note that files containing a . or ending in ~ will not be included.– Molomby
Aug 27 '15 at 5:29
2
2
@Phil_1984_ Most likely, it was added as a comment to allow compatibility with other (standard?) versions of sudo, which don't allow includes, but wouldn't be tripped up by a weird comment. (Standards are hard! ;-)
– jpaugh
Nov 23 '16 at 14:39
@Phil_1984_ Most likely, it was added as a comment to allow compatibility with other (standard?) versions of sudo, which don't allow includes, but wouldn't be tripped up by a weird comment. (Standards are hard! ;-)
– jpaugh
Nov 23 '16 at 14:39
|
show 4 more comments
I found that the most straight forward thing to do, in order to easily replicate this behavior across multiple servers, was the following:
sudo visudo
Change this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
to this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
And move it under this line:
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
you should now have this:
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
then for every user that needs sudo access WITH a password:
sudo adduser <user> sudo
and for every user that needs sudo access WITH NO password:
sudo adduser <user> admin
and finally, run this:
sudo service sudo restart
And that's it!
Edit: You may have to add the admin group as I don't think it exists by default.
sudo groupadd admin
You can also add the default AWS ubuntu user to the admin group via this command:
sudo usermod ubuntu -g admin
Note: As @hata mentioned, you may need to use adm as your admin group name, depending on which version of Ubuntu is being used.
answered Apr 3 '14 at 21:45
jiminikizjiminikiz
1,1057 silver badges7 bronze badges
3
Note to self: It's a convention to move less restrictive permissions lower in the stack. But not doing it won't affect functionality.
– poweratom
Sep 5 '14 at 9:47
2
As jiminikiz explained, I had to place the %admin after the %sudo on my Ubuntu GNOME 16.04 LTS. Plus, the administrators group id is exactly not admin but adm on my Ubuntu. No reboot was required.
– hata
Oct 26 '17 at 10:52
add a comment
|
I found that the most straight forward thing to do, in order to easily replicate this behavior across multiple servers, was the following:
sudo visudo
Change this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
to this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
And move it under this line:
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
you should now have this:
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
then for every user that needs sudo access WITH a password:
sudo adduser <user> sudo
and for every user that needs sudo access WITH NO password:
sudo adduser <user> admin
and finally, run this:
sudo service sudo restart
And that's it!
Edit: You may have to add the admin group as I don't think it exists by default.
sudo groupadd admin
You can also add the default AWS ubuntu user to the admin group via this command:
sudo usermod ubuntu -g admin
Note: As @hata mentioned, you may need to use adm as your admin group name, depending on which version of Ubuntu is being used.
answered Apr 3 '14 at 21:45
jiminikizjiminikiz
1,1057 silver badges7 bronze badges
3
Note to self: It's a convention to move less restrictive permissions lower in the stack. But not doing it won't affect functionality.
– poweratom
Sep 5 '14 at 9:47
2
As jiminikiz explained, I had to place the %admin after the %sudo on my Ubuntu GNOME 16.04 LTS. Plus, the administrators group id is exactly not admin but adm on my Ubuntu. No reboot was required.
– hata
Oct 26 '17 at 10:52
add a comment
|
I found that the most straight forward thing to do, in order to easily replicate this behavior across multiple servers, was the following:
sudo visudo
Change this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
to this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
And move it under this line:
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
you should now have this:
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
then for every user that needs sudo access WITH a password:
sudo adduser <user> sudo
and for every user that needs sudo access WITH NO password:
sudo adduser <user> admin
and finally, run this:
sudo service sudo restart
And that's it!
Edit: You may have to add the admin group as I don't think it exists by default.
sudo groupadd admin
You can also add the default AWS ubuntu user to the admin group via this command:
sudo usermod ubuntu -g admin
Note: As @hata mentioned, you may need to use adm as your admin group name, depending on which version of Ubuntu is being used.
answered Apr 3 '14 at 21:45
jiminikizjiminikiz
1,1057 silver badges7 bronze badges
I found that the most straight forward thing to do, in order to easily replicate this behavior across multiple servers, was the following:
sudo visudo
Change this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
to this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
And move it under this line:
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
you should now have this:
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
then for every user that needs sudo access WITH a password:
sudo adduser <user> sudo
and for every user that needs sudo access WITH NO password:
sudo adduser <user> admin
and finally, run this:
sudo service sudo restart
And that's it!
Edit: You may have to add the admin group as I don't think it exists by default.
sudo groupadd admin
You can also add the default AWS ubuntu user to the admin group via this command:
sudo usermod ubuntu -g admin
Note: As @hata mentioned, you may need to use adm as your admin group name, depending on which version of Ubuntu is being used.
answered Apr 3 '14 at 21:45
jiminikizjiminikiz
1,1057 silver badges7 bronze badges
edited Oct 11 '18 at 17:24
answered Apr 3 '14 at 21:45
jiminikizjiminikiz
1,1057 silver badges7 bronze badges
answered Apr 3 '14 at 21:45
jiminikizjiminikiz
1,1057 silver badges7 bronze badges
answered Apr 3 '14 at 21:45
jiminikizjiminikiz
1,1057 silver badges7 bronze badges
1,1057 silver badges7 bronze badges
3
Note to self: It's a convention to move less restrictive permissions lower in the stack. But not doing it won't affect functionality.
– poweratom
Sep 5 '14 at 9:47
2
As jiminikiz explained, I had to place the %admin after the %sudo on my Ubuntu GNOME 16.04 LTS. Plus, the administrators group id is exactly not admin but adm on my Ubuntu. No reboot was required.
– hata
Oct 26 '17 at 10:52
add a comment
|
3
Note to self: It's a convention to move less restrictive permissions lower in the stack. But not doing it won't affect functionality.
– poweratom
Sep 5 '14 at 9:47
2
As jiminikiz explained, I had to place the %admin after the %sudo on my Ubuntu GNOME 16.04 LTS. Plus, the administrators group id is exactly not admin but adm on my Ubuntu. No reboot was required.
– hata
Oct 26 '17 at 10:52
3
3
Note to self: It's a convention to move less restrictive permissions lower in the stack. But not doing it won't affect functionality.
– poweratom
Sep 5 '14 at 9:47
Note to self: It's a convention to move less restrictive permissions lower in the stack. But not doing it won't affect functionality.
– poweratom
Sep 5 '14 at 9:47
2
2
As jiminikiz explained, I had to place the %admin after the %sudo on my Ubuntu GNOME 16.04 LTS. Plus, the administrators group id is exactly not admin but adm on my Ubuntu. No reboot was required.
– hata
Oct 26 '17 at 10:52
As jiminikiz explained, I had to place the %admin after the %sudo on my Ubuntu GNOME 16.04 LTS. Plus, the administrators group id is exactly not admin but adm on my Ubuntu. No reboot was required.
– hata
Oct 26 '17 at 10:52
add a comment
|
I would create my own file under /etc/sudoers.d/ directory - the file created by Amazon Cloud might be overwritten in case of any update. After creating your file in /etc/sudoers.d, add this entry,
<your user name> ALL=(ALL) NOPASSWD:ALL
Reboot the system and this will work.
answered Apr 3 at 13:50
WaughWaughWaughWaugh
1711 silver badge2 bronze badges
add a comment
|
I would create my own file under /etc/sudoers.d/ directory - the file created by Amazon Cloud might be overwritten in case of any update. After creating your file in /etc/sudoers.d, add this entry,
<your user name> ALL=(ALL) NOPASSWD:ALL
Reboot the system and this will work.
answered Apr 3 at 13:50
WaughWaughWaughWaugh
1711 silver badge2 bronze badges
add a comment
|
I would create my own file under /etc/sudoers.d/ directory - the file created by Amazon Cloud might be overwritten in case of any update. After creating your file in /etc/sudoers.d, add this entry,
<your user name> ALL=(ALL) NOPASSWD:ALL
Reboot the system and this will work.
answered Apr 3 at 13:50
WaughWaughWaughWaugh
1711 silver badge2 bronze badges
I would create my own file under /etc/sudoers.d/ directory - the file created by Amazon Cloud might be overwritten in case of any update. After creating your file in /etc/sudoers.d, add this entry,
<your user name> ALL=(ALL) NOPASSWD:ALL
Reboot the system and this will work.
answered Apr 3 at 13:50
WaughWaughWaughWaugh
1711 silver badge2 bronze badges
answered Apr 3 at 13:50
WaughWaughWaughWaugh
1711 silver badge2 bronze badges
answered Apr 3 at 13:50
WaughWaughWaughWaugh
1711 silver badge2 bronze badges
answered Apr 3 at 13:50
WaughWaughWaughWaugh
1711 silver badge2 bronze badges
1711 silver badge2 bronze badges
add a comment
|
add a comment
|
Short answer without using any editor (tested on bash, very risky to execute on remote hosts).
Configure sudo to work without a password for the current user:
echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
Check the edit with:
sudo visudo -c
Verify if you can use sudo without a password:
sudo cat /etc/sudoers | grep "$USER"
...or simply try it with:
sudo <anything>edited Jan 2 '18 at 21:24
David Eison
1033 bronze badges
answered Aug 13 '14 at 22:25
user315445user315445
871 bronze badge
21
This is pretty dangerous advice... copy and paste this wrong and you'll lock yourself out of your own server. Hence the advice to use visudo. It checks that the syntax is correct before saving to disk. So, for anyone that wants to use this. Don't do it on a remote server that you care about. You might want to include a warning about that in your answer.
– aychedee
Aug 14 '14 at 9:25
8
Not using visudo is a horrible idea. Trust me, I know.
– trognanders
Sep 9 '15 at 17:22
1
IMHO, a copy-paste is safer than a manual edit. A minor simplification:echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
– theartofrain
Apr 5 '16 at 23:56
4
@theartofrain - Normally, I'd agree, butvisudois particularly nice about not allowing you to break the sudoers file, thus not locking you out of your machine (or at least sudo).
– Jon V
Mar 15 '17 at 2:43
3
@JonV You can lose admin rights viavisudotoo, but usually not by accident, becausevisudoonly saves changes that are well-formed according to the grammar for sudoers files. Most mistakes are syntactically wrong, so they cause no harm withvisudo. If/etc/sudoersor a file in/etc/sudoers.dis ill-formed,sudorefuses to elevate privileges for anyone as a security measure, which is why not usingvisudois dangerous. (Though sometimespkexeccan fix it without a reboot.)
– Eliah Kagan
Sep 28 '17 at 12:29
add a comment
|
Short answer without using any editor (tested on bash, very risky to execute on remote hosts).
Configure sudo to work without a password for the current user:
echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
Check the edit with:
sudo visudo -c
Verify if you can use sudo without a password:
sudo cat /etc/sudoers | grep "$USER"
...or simply try it with:
sudo <anything>edited Jan 2 '18 at 21:24
David Eison
1033 bronze badges
answered Aug 13 '14 at 22:25
user315445user315445
871 bronze badge
21
This is pretty dangerous advice... copy and paste this wrong and you'll lock yourself out of your own server. Hence the advice to use visudo. It checks that the syntax is correct before saving to disk. So, for anyone that wants to use this. Don't do it on a remote server that you care about. You might want to include a warning about that in your answer.
– aychedee
Aug 14 '14 at 9:25
8
Not using visudo is a horrible idea. Trust me, I know.
– trognanders
Sep 9 '15 at 17:22
1
IMHO, a copy-paste is safer than a manual edit. A minor simplification:echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
– theartofrain
Apr 5 '16 at 23:56
4
@theartofrain - Normally, I'd agree, butvisudois particularly nice about not allowing you to break the sudoers file, thus not locking you out of your machine (or at least sudo).
– Jon V
Mar 15 '17 at 2:43
3
@JonV You can lose admin rights viavisudotoo, but usually not by accident, becausevisudoonly saves changes that are well-formed according to the grammar for sudoers files. Most mistakes are syntactically wrong, so they cause no harm withvisudo. If/etc/sudoersor a file in/etc/sudoers.dis ill-formed,sudorefuses to elevate privileges for anyone as a security measure, which is why not usingvisudois dangerous. (Though sometimespkexeccan fix it without a reboot.)
– Eliah Kagan
Sep 28 '17 at 12:29
add a comment
|
Short answer without using any editor (tested on bash, very risky to execute on remote hosts).
Configure sudo to work without a password for the current user:
echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
Check the edit with:
sudo visudo -c
Verify if you can use sudo without a password:
sudo cat /etc/sudoers | grep "$USER"
...or simply try it with:
sudo <anything>edited Jan 2 '18 at 21:24
David Eison
1033 bronze badges
answered Aug 13 '14 at 22:25
user315445user315445
871 bronze badge
Short answer without using any editor (tested on bash, very risky to execute on remote hosts).
Configure sudo to work without a password for the current user:
echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
Check the edit with:
sudo visudo -c
Verify if you can use sudo without a password:
sudo cat /etc/sudoers | grep "$USER"
...or simply try it with:
sudo <anything>edited Jan 2 '18 at 21:24
David Eison
1033 bronze badges
answered Aug 13 '14 at 22:25
user315445user315445
871 bronze badge
edited Jan 2 '18 at 21:24
David Eison
1033 bronze badges
edited Jan 2 '18 at 21:24
David Eison
1033 bronze badges
edited Jan 2 '18 at 21:24
David Eison
1033 bronze badges
1033 bronze badges
answered Aug 13 '14 at 22:25
user315445user315445
871 bronze badge
answered Aug 13 '14 at 22:25
user315445user315445
871 bronze badge
answered Aug 13 '14 at 22:25
user315445user315445
871 bronze badge
871 bronze badge
21
This is pretty dangerous advice... copy and paste this wrong and you'll lock yourself out of your own server. Hence the advice to use visudo. It checks that the syntax is correct before saving to disk. So, for anyone that wants to use this. Don't do it on a remote server that you care about. You might want to include a warning about that in your answer.
– aychedee
Aug 14 '14 at 9:25
8
Not using visudo is a horrible idea. Trust me, I know.
– trognanders
Sep 9 '15 at 17:22
1
IMHO, a copy-paste is safer than a manual edit. A minor simplification:echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
– theartofrain
Apr 5 '16 at 23:56
4
@theartofrain - Normally, I'd agree, butvisudois particularly nice about not allowing you to break the sudoers file, thus not locking you out of your machine (or at least sudo).
– Jon V
Mar 15 '17 at 2:43
3
@JonV You can lose admin rights viavisudotoo, but usually not by accident, becausevisudoonly saves changes that are well-formed according to the grammar for sudoers files. Most mistakes are syntactically wrong, so they cause no harm withvisudo. If/etc/sudoersor a file in/etc/sudoers.dis ill-formed,sudorefuses to elevate privileges for anyone as a security measure, which is why not usingvisudois dangerous. (Though sometimespkexeccan fix it without a reboot.)
– Eliah Kagan
Sep 28 '17 at 12:29
add a comment
|
21
This is pretty dangerous advice... copy and paste this wrong and you'll lock yourself out of your own server. Hence the advice to use visudo. It checks that the syntax is correct before saving to disk. So, for anyone that wants to use this. Don't do it on a remote server that you care about. You might want to include a warning about that in your answer.
– aychedee
Aug 14 '14 at 9:25
8
Not using visudo is a horrible idea. Trust me, I know.
– trognanders
Sep 9 '15 at 17:22
1
IMHO, a copy-paste is safer than a manual edit. A minor simplification:echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers
– theartofrain
Apr 5 '16 at 23:56
4
@theartofrain - Normally, I'd agree, butvisudois particularly nice about not allowing you to break the sudoers file, thus not locking you out of your machine (or at least sudo).
– Jon V
Mar 15 '17 at 2:43
3
@JonV You can lose admin rights viavisudotoo, but usually not by accident, becausevisudoonly saves changes that are well-formed according to the grammar for sudoers files. Most mistakes are syntactically wrong, so they cause no harm withvisudo. If/etc/sudoersor a file in/etc/sudoers.dis ill-formed,sudorefuses to elevate privileges for anyone as a security measure, which is why not usingvisudois dangerous. (Though sometimespkexeccan fix it without a reboot.)
– Eliah Kagan
Sep 28 '17 at 12:29
21
21
This is pretty dangerous advice... copy and paste this wrong and you'll lock yourself out of your own server. Hence the advice to use visudo. It checks that the syntax is correct before saving to disk. So, for anyone that wants to use this. Don't do it on a remote server that you care about. You might want to include a warning about that in your answer.
– aychedee
Aug 14 '14 at 9:25
This is pretty dangerous advice... copy and paste this wrong and you'll lock yourself out of your own server. Hence the advice to use visudo. It checks that the syntax is correct before saving to disk. So, for anyone that wants to use this. Don't do it on a remote server that you care about. You might want to include a warning about that in your answer.
– aychedee
Aug 14 '14 at 9:25
8
8
Not using visudo is a horrible idea. Trust me, I know.
– trognanders
Sep 9 '15 at 17:22
Not using visudo is a horrible idea. Trust me, I know.
– trognanders
Sep 9 '15 at 17:22
1
1
IMHO, a copy-paste is safer than a manual edit. A minor simplification:
echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers– theartofrain
Apr 5 '16 at 23:56
IMHO, a copy-paste is safer than a manual edit. A minor simplification:
echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers– theartofrain
Apr 5 '16 at 23:56
4
4
@theartofrain - Normally, I'd agree, but
visudo is particularly nice about not allowing you to break the sudoers file, thus not locking you out of your machine (or at least sudo).– Jon V
Mar 15 '17 at 2:43
@theartofrain - Normally, I'd agree, but
visudo is particularly nice about not allowing you to break the sudoers file, thus not locking you out of your machine (or at least sudo).– Jon V
Mar 15 '17 at 2:43
3
3
@JonV You can lose admin rights via
visudo too, but usually not by accident, because visudo only saves changes that are well-formed according to the grammar for sudoers files. Most mistakes are syntactically wrong, so they cause no harm with visudo. If /etc/sudoers or a file in /etc/sudoers.d is ill-formed, sudo refuses to elevate privileges for anyone as a security measure, which is why not using visudo is dangerous. (Though sometimes pkexec can fix it without a reboot.)– Eliah Kagan
Sep 28 '17 at 12:29
@JonV You can lose admin rights via
visudo too, but usually not by accident, because visudo only saves changes that are well-formed according to the grammar for sudoers files. Most mistakes are syntactically wrong, so they cause no harm with visudo. If /etc/sudoers or a file in /etc/sudoers.d is ill-formed, sudo refuses to elevate privileges for anyone as a security measure, which is why not using visudo is dangerous. (Though sometimes pkexec can fix it without a reboot.)– Eliah Kagan
Sep 28 '17 at 12:29
add a comment
|
This is how I've implemented the non-root, passwordless user in an ephemeral Docker Image for use in a CICD pipeline:
RUN
groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo &&
sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' &&
echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers &&
echo "Customized the sudoers file for passwordless access to the foo user!" &&
echo "foo user:"; su - foo -c id
answered Sep 28 at 20:39
Seth BergmanSeth Bergman
987 bronze badges
add a comment
|
This is how I've implemented the non-root, passwordless user in an ephemeral Docker Image for use in a CICD pipeline:
RUN
groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo &&
sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' &&
echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers &&
echo "Customized the sudoers file for passwordless access to the foo user!" &&
echo "foo user:"; su - foo -c id
answered Sep 28 at 20:39
Seth BergmanSeth Bergman
987 bronze badges
add a comment
|
This is how I've implemented the non-root, passwordless user in an ephemeral Docker Image for use in a CICD pipeline:
RUN
groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo &&
sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' &&
echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers &&
echo "Customized the sudoers file for passwordless access to the foo user!" &&
echo "foo user:"; su - foo -c id
answered Sep 28 at 20:39
Seth BergmanSeth Bergman
987 bronze badges
This is how I've implemented the non-root, passwordless user in an ephemeral Docker Image for use in a CICD pipeline:
RUN
groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo &&
sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' &&
echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers &&
echo "Customized the sudoers file for passwordless access to the foo user!" &&
echo "foo user:"; su - foo -c id
answered Sep 28 at 20:39
Seth BergmanSeth Bergman
987 bronze badges
answered Sep 28 at 20:39
Seth BergmanSeth Bergman
987 bronze badges
answered Sep 28 at 20:39
Seth BergmanSeth Bergman
987 bronze badges
answered Sep 28 at 20:39
Seth BergmanSeth Bergman
987 bronze badges
987 bronze badges
add a comment
|
add a comment
|
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f192050%2fhow-to-run-sudo-command-with-no-password%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Related: Execute sudo without Password?
– Eliah Kagan
Jul 26 '17 at 7:12