Linux distributions like Ubuntu, Debian, Mint, Kali, CentOS, RHEL, SUSE, etc. provide the sudo command in order to execute and run a command with root privileges without logging as the root user. The sudo command is very popular for daily usage power users generally provided the ability to run sudo command. The sudo command configuration is located in the /etc/sudoers file. By default, the sudo command asks for the current user password to provide root privileges as a security measure. But for heavy usage provide or typing the password is not a practical method. The sudo command provides the ability to run without any password which is also called as nopasswd configuration.
/etc/sudoers Configuration File
The sudoers configuration file is used to set configuration about the sudo command. In order to make the the sudo command passwordless we should edit this file. The sudoers configuration file can be opened with a command line or GUI editor but the most secure way to prevent errors and lockdowns is using the visudo command like below.
$ sudo visudo
A default configuration line is like below. Simply this line provides the ability to run all commands for the root user.
root ALL=(ALL:ALL) ALL
The users generally set for the sudo group in a Linux system in order to run the sudo command. This sudo group is configured with the following line in the sudoers file. Simply means the sudo group member can run all commands from all systems by providing password.
%sudo ALL=(ALL:ALL) ALL
NOPASSWD Configuration For Passwordless sudo Command
The magic of the passwordless sudo command or running sudo command without typing a password comes with the NOPASSWD configuration. In the following line, we eliminate interactive password authentication for the sudo command and all users of the sudo group can run all commands without a password.
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
NOPASSWD For User
We can also disable the sudo password for a specific user. We will just provide the username and change with the group name like below. In the following example, we will set the user ismail to run the sudo command without asking a password.
ismail ALL=(ALL:ALL) NOPASSWD: ALL
NOPASSWD For Group
Even we have set the sudo group for passwordless sudo command let’s make a different example by setting the sys group for passwordless sudo command.
%sys ALL=(ALL:ALL) NOPASSWD: ALL
NOPASSWD For Command or Application
Another use case for the NOPASSWD configuration is disabling the sudo password for a specific command. By default, the NOPASSWD will disable the password for all commands with the sudo. But we can set a specific command to run with sudo without a password. All other commands with sudo will require a password too. In the following example, the user ismail can run /bin/passwd commands with sudo without a password.
ismail ALL=(ALL:ALL) NOPASSWD: /bin/passwd
Multiple commands can be also specified for passwordless sudo usage like below.
ismail ALL=(ALL:ALL) NOPASSWD: /bin/passwd, /bin/rm, /bin/mkdir