Password-less sudo (auto-sudo): Sudo without entering a password

Sometimes "getting the work done" has a greater priority for people than security: And this how-to addresses those people. However a password-less sudo command execution might decrease the security level of your machine, as executing the sudo command without entering a password, allows all local users (which are also able to execute the sudo command itself) to execute commands as root user. So an auto-sudo may allow local users to gain root privileges.
sudo visudo
...should let you modify the sudoers file and enable auto-sudo:
# [...]
# User privilege specification
root ALL=(ALL) ALL

# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=NOPASSWD: ALL

# Members of the admin group may gain root privileges
#%admin ALL=(ALL) ALL
Note that these entries have to be in the "User privilege specification" part of the sudoers file. Entries like %admin ALL=(ALL) ALL would override the pasword-less sudo behavior and should be commented out. The %sudo in %sudo ALL=NOPASSWD: ALL represents the "sudo" group. To make auto-sudo work, you should either add the auto-sudo user to the "sudo" group or replace the "sudo" group by a group which contains the auto-sudo user. There is usually a system group which has the same name as the respective user. So you could use this group name instead of "sudo".

Comments

  1. Thanks for the post - saved me about 15 minutes of reading manuals.

    ReplyDelete

Post a Comment

Popular posts from this blog

Tuning ext4 for performance with emphasis on SSD usage

NetBeans 6.1: Working with Google´s Android SDK, Groovy and Grails