Ubuntu: How to run sudo command with no password?



Question:

How does the ubuntu user on the AWS images for Ubuntu Server 12.04 have passwordless sudo for all commands when there is no configuration for it in /etc/sudoers?

I'm using Ubuntu server 12.04 on Amazon. I want to add a new user that has the same behavior as the default Ubuntu user. Specifically I want passwordless sudo for this new user.

So I've added a new user and went to edit /etc/sudoers (using visudo of course). From reading that file it seemed like the default ubuntu user was getting it's passwordless sudo from being a member of the admin group. So I added my new user to that. Which didn't work. Then I tried adding the NOPASSWD directive to sudoers. Which also didn't work.

Anyway, now I'm just curious. How does the ubuntu user get passwordless privileges if they aren't defined in /etc/sudoers. What is the mechanism that allows this?


Solution:1

Okay, I have discovered the answer so may as well put it here for completeness. At the end of /etc/sudoers there is what I thought was just a comment:

#includedir /etc/sudoers.d  

However this actually includes the contents of that directory. Inside of which is the file /etc/sudoers.d/90-cloudimg-ubuntu. Which has the expected contents

# ubuntu user is default user in cloud-images.  # It needs passwordless sudo functionality.  ubuntu ALL=(ALL) NOPASSWD:ALL  

So that is where the sudo configuration for the default ubuntu user lives.

You should edit this file using visudo. The following command will let you edit the correct file with visudo.

sudo visudo -f /etc/sudoers.d/90-cloudimg-ubuntu  

And add a line like:

aychedee ALL=(ALL) NOPASSWD:ALL  

At the end.


Solution:2

I found that the most straight forward thing to do, in order to easily replicate this behavior across multiple servers, was the following:

sudo visudo  

Change this line:

# Members of the admin group may gain root privileges  %admin  ALL=(ALL) ALL  

to this line:

# Members of the admin group may gain root privileges  %admin  ALL=(ALL) NOPASSWD:ALL  

And move it under this line:

# Allow members of group sudo to execute any command  %sudo   ALL=(ALL:ALL) ALL  

you should now have this:

# This file MUST be edited with the 'visudo' command as root.  #  # Please consider adding local content in /etc/sudoers.d/ instead of  # directly modifying this file.  #  # See the man page for details on how to write a sudoers file.  #    Defaults        env_reset  Defaults        mail_badpass  Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"    # Host alias specification    # User alias specification    # Cmnd alias specification    # User privilege specification  root    ALL=(ALL:ALL) ALL    # Allow members of group sudo to execute any command  %sudo   ALL=(ALL:ALL) ALL    # Members of the admin group may gain root privileges  %admin  ALL=(ALL) NOPASSWD:ALL    # See sudoers(5) for more information on "#include" directives:    #includedir /etc/sudoers.d  

then for every user that needs sudo access WITH a password:

sudo adduser <user> sudo  

and for every user that needs sudo access WITH NO password:

sudo adduser <user> admin  

and finally, run this:

sudo service sudo restart  

And that's it!

Edit: You may have to add the admin group as I don't think it exists by default.

sudo groupadd admin  

You can also add the deafult AWS ubuntu user to the admin group via this command:

sudo usermod ubuntu -g admin  


Solution:3

Short answer without using any editor (tested on bash, very risky to execute on remote hosts)

Set sudo without password for the current user

sudo echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers  

Verify if you can use sudo without password ...

sudo cat /etc/sudoers | grep "$USER"  

.. or simply try it with

sudo <anything>  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »