I‘m a new Unix system user. How do I use sudo command without a password on a Linux or Unix-like systems? I log in as tom@my-cloud-server-ip and disabled root login for ssh. After login, I need to run some commands as root user. I am the only sysadmin using my server. How do I run or execute sudo command without a password for a user named Tom under Debian/Ubuntu/CentOS Linux cloud server?
sudo (“superuser do”) is nothing but a tool for Linux or Unix-like systems to run commands/programs as another user. Typically as a root user or another user. You can delegate common tasks such as reboot the server or restart the Apache or make a backup using sudo for unprivileged users. By default, sudo needs that a user authenticates using a password before running a command. Some times you may need to run a command with root privileges, but you do not want to type a password using sudo command. This is useful for scripting or any other purpose. This can be achieved by editing /etc/sudoers file and setting up correct entries. You need to consider any security consequence of allowing a sudo command execute without a password.
| Tutorial details | |
|---|---|
| Difficulty level | Easy |
| Root privileges | No |
| Requirements | Linux terminal |
| Category | Commands |
| OS compatibility | BSD • Linux • macOS • Unix • WSL |
| Est. reading time | 4 minutes |
NOTE: Initial setup must be done using the root account. One can gain root access by directly log in as root using console, ssh, or su command:
su -
In all cases, you must know the root password in advance before sudo can be configured to commands without a password. You might have sudo access and grant another user account passwordless access for commands.
How to to run sudo command without a password:
The procedure to configure sudo without a password for a Unix or Linux account is as follows:
- Gain root access:
$ su -
## OR use the sudo command ##
$ sudo -i - Backup your /etc/sudoers file by typing the following command:
# cp /etc/sudoers /root/sudoers.bak - Edit the /etc/sudoers file by typing the visudo command:
# visudo - Append/edit the line as follows in the /etc/sudoers file for user named ‘vivek’ to run ‘/bin/kill’ and ‘systemctl’ commands without a password:vivek ALL = NOPASSWD: /bin/systemctl restart httpd.service, /bin/kill
- Save and exit the file.
- Test it by executing sudo without password for a normal user account. For instance:
$ sudo /bin/kill {pid}
Let us see more example about how to use sudo commands without a password in Linux or Unix.
How do I execute ALL sudo commands without password?
Type the following command as root user:# visudo
Or if you have sudo access and want to grant another user permission, try:$ sudo visudo
WARNING! The following examples tell you exactly what you searched for, but it is a bad security practice. Instead, only grant permission to run a single command without a password as described below.
Append the following entry to run ALL command without a password for a user named tom:
tom ALL=(ALL) NOPASSWD:ALL
Here is my sample config file:
Fig.01: How to execute sudo without password for tom user
A better solution
It is a good idea not to grant full access. Instead, give users limited access to commands they wish to execute without a password. For example, Allow marlena user (a developer account) to restart the Nginx service without any password:marlena ALL = NOPASSWD: /bin/systemctl restart nginx.service
Save and close the file. Now marlena can run any command (or limited set of commands depending upon your config option) as root user:$ sudo /bin/systemctl restart nginx.service
$ sudo /etc/init.d/nginx restart
$ sudo /sbin/reboot
$ sudo apt-get install htop
## get root shell ##
$ sudo -i
Please make sure only tom can login via ssh keys.
How do I test it?
Simply run /bin/kill to kill any process without a password:[vivek@server ]$ sudo /bin/kill pid-here
OR[vivek@server ]$ sudo /bin/systemctl restart httpd.service
Conclusion
You learned how to run a command without a password when using sudo on Linux or Unix-like systems. There is a significant security risk associated with passwordless operations. Hence, I would strongly recommend NOT doing this, but as they say, “it is not UNIX’s job to stop you from shooting your foot. If you so choose to do so, then UNIX’s job is to deliver Mr. Bullet to Mr. Foot in the most efficient way it knows.” For more info read man pages using the man command or help command:
man 5 sudoers man 8 visudo man 8 sudo
