Password-less sudo (auto-sudo): Sudo without entering a password

Sometimes "getting the work done" has a greater priority for people than security: And this how-to addresses those people. However a password-less sudo command execution might decrease the security level of your machine, as executing the sudo command without entering a password, allows all local users (which are also able to execute the sudo command itself) to execute commands as root user. So an auto-sudo may allow local users to gain root privileges.
sudo visudo
...should let you modify the sudoers file and enable auto-sudo:
# [...]
# User privilege specification
root ALL=(ALL) ALL

# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=NOPASSWD: ALL

# Members of the admin group may gain root privileges
#%admin ALL=(ALL) ALL
Note that these entries have to be in the "User privilege specification" part of the sudoers file. Entries like %admin ALL=(ALL) ALL would override the pasword-less sudo behavior and should be commented out. The %sudo in %sudo ALL=NOPASSWD: ALL represents the "sudo" group. To make auto-sudo work, you should either add the auto-sudo user to the "sudo" group or replace the "sudo" group by a group which contains the auto-sudo user. There is usually a system group which has the same name as the respective user. So you could use this group name instead of "sudo".

Comments

  1. Unknown19.8.09

    Thanks for the post - saved me about 15 minutes of reading manuals.

    ReplyDelete

Post a Comment

Popular posts from this blog

Apple's evaluating a new JVM

To boost the Java performance on x64 Mac systems, Apple is evaluating a new Java VM  that is derived the BSD port. You can try the new JVM using the  -XXaltjvm=bsdserver VM args which is available in the recent JDK/JRE developer preview. Using this new VM may improve the Java performance and increase benchmark scores but performance drawbacks can be expected as well.
Read more

Tuning ext4 for performance with emphasis on SSD usage

The obligatory disclaimer: The more performance you gain, the more data integrity you loose! But if you want to tune something like a file system, I strongly assume that you know what you are doing :) These tips apply to all major Linux distributions like Fedora/Red Hat, OpenSUSE, and Ubuntu that are already using ext4 or are going to make ext4 their default file system. As write operations on Solid State Disks (SSD) are expensive the tips below are focused on SSD usage but also apply to HDD usage as well . My Ubuntu 9.04 Jaunty /etc/fstab after a fresh installation: [...] UUID=d818ddf9-ff01-e21a-a67d-3ceab43a9e2b / ext4 relatime,errors=remount-ro 0 1 UUID=0d339122-74e0-e0ea-805a-7879b1fa3172 /home ext4 relatime 0 2 [...] My tuned Ubuntu 9.04 Jaunty /etc/fstab : [...] UUID=d818ddf9-ff01-e21a-a67d-3ceab43a9e2b / ext4 noatime,barrier=0,nobh,commit=100,nouser_xattr 0 1 UUID=0d339122-74e0-e0ea-805a-7879b1fa3172 /home ext4 noatime,barrier=0,data=writeback,nobh,commit=100,nouser_xattr 0 2...
Read more