54

I'm trying to setup sudo without no password but still I get prompted for password, I'm using ubuntu, here is the relevant line from the sudoers configuration file :

gandalf ALL=(ALL:ALL) NOPASSWD: ALL
Roberto Alsina
  • 1,049
  • 7
  • 7
Gandalf StormCrow
  • 649
  • 1
  • 5
  • 4
  • 4
    *cough* [Allowing a user to sudo without a password](http://unix.stackexchange.com/questions/43135/allowing-a-user-to-use-sudo-without-a-password) *cough*. UNSECURE! You should not do this. – Thomas Ward Jul 26 '12 at 16:01
  • 1
    You can do this, but it breaks the security model. Are you absolutely sure you want to do this? – Paddy Landau Jul 26 '12 at 16:26
  • 2
    I can understand wanting to do this on a computer, say at home in a secure situation. Security forces a "good" password, which usually means long and harder to type. Trouble is, we have to type it in VERY regularly and it gets to be tiresome. I am not advocating against security, but, especially in the home situation, it may well be desirable to do this. – Jazz Jul 26 '12 at 22:44
  • 14
    To say this "breaks the security model" is rather extreme. `sudo` is designed to facilitate passwordless operation easily and even has ready-to-go commented configuration lines in `/etc/sudoers` to allow a whole group of users to run any command as `root` without being prompted for a password. There are some adverse security implications of doing this--any program can perform actions as root without you being notified!--but an actual *attacker*, with the ability to run programs as (non-`root`) you, can already capture your password as you enter it for `sudo` (and then run `sudo` with it). – Eliah Kagan Jul 27 '12 at 17:43
  • I was wanting to do this just for my ansible ci/cd user.. so that my management scripts can run unattended as part of my CI/CD process. I wouldn't say that's inherently insecure as it's for one user and only via ssh with a private/public key pair. – Tracker1 Jul 10 '14 at 21:16
  • What is most secure, password or keyfile. Ok, so if your computer is setup with no root login, and the user has a keyfile and an absurdly complicated password, why should it be a problem to let this authorized user su to root without entering a password? As others already pointed out it actually just leaves another attack vector for potential hackers. – Dokbua Jul 09 '17 at 11:46

3 Answers3

57

I believe the correct line is:

gandalf ALL=(ALL) NOPASSWD: ALL

Put it in the end of the file - replace gandalf with the appropriate username. (To edit the file, run the command sudo visudo.)

Eliah Kagan
  • 116,445
  • 54
  • 318
  • 493
LnxSlck
  • 12,146
  • 1
  • 41
  • 51
16

I use the sudo group and have:

%sudo ALL=NOPASSWD: ALL
StarNamer
  • 2,827
  • 20
  • 24
10

There is one note to mention. That line should be at end of the /etc/sudoers file.

Why: because some configuration lines from /etc/sudoers overwrite our line.

gandalf ALL=(ALL:ALL) NOPASSWD: ALL

Vitalie Ghelbert
  • 253
  • 3
  • 9