23

I feel there is no need for a password on WSL because it is already protected from my Windows account. Nobody could use my WSL without first knowing my Windows password.

How can I disable the WSL password? I have tried passwd but it does not accept a NULL password.

Daniel Kaplan
  • 579
  • 8
  • 23
nowox
  • 2,687
  • 13
  • 43
  • 58
  • 1
    `passwd -d` is the standard way to delete a password on Linux. Can't remember if that worked without consequences on WSL. – Bob Aug 11 '19 at 09:54
  • For some reason, `passwd -d` doesn't work: `sudo` still asks for the password after that, and because there is none, you're locked out. Just had to [reset my password](https://winaero.com/blog/reset-password-wsl-linux-distro-windows-10/) by logging in as root because of this. – BenMorel Sep 04 '19 at 21:54
  • 1
    **This is _not recommended_...** `sudo` should always require a password. The password isn't there just to prevent others from logging in to your WSL environment, it's also to prevent unauthorized privilege escalation. Please use google to understand why this is never recommened for Linux, unless it's a Single User OS where the only login account is `root` – JW0914 Oct 15 '19 at 11:27
  • 1
    @JW0914 Could you give me an example of some harm in WSL ? I don't think you can do privilege escalation. – nowox Oct 15 '19 at 11:30
  • @nowox I think you're right and WSL2 (unless you run it as admin) can't, even as sudo, do anything a user process can't do. – Rich May 20 '21 at 21:41
  • @JW0914 You can run `wsl.exe -u root` to get root with a password anyway. – sschoof Jul 14 '23 at 15:06

1 Answers1

38

In wsl add your username to a sudo config file.

Replace MY_USERNAME below to your username name.

sudo nano /etc/sudoers.d/MY_USERNAME

add the following line:

MY_USERNAME ALL=(ALL) NOPASSWD:ALL

If you don't replace MY_USERNAME with the target username you will receive an error no valid sudoers sources found.

Chris McKee
  • 546
  • 6
  • 7