Wednesday, May 18, 2011

Using sudo command without password

Is it annoying for you always entering the password when using sudo command?
Or you just need certain program/script to run with sudo without prompting for password?
If you've answered yes to one of the above questions, then this article is for you.

Hereby I'd like to warn you that allowing sudo without password is a security risk, everyone who gets to your computer can act like root!!!

So we can now start. In the directory /etc/ is a file called sudoers. It contains groups and users, which are allowed to use sudo. You can edit this file with command visudo (recommended) or with your favorite text editor (don't forget you need root permissions for this file).
Visudo is recommended for editing because it'll lock the sudoers file and performs basic syntax check.

At the end of file we add line:
   krisko ALL = NOPASSWD: ALL
> this line ensures usage of the sudo command without password for user krisko and for all commands.

If you'd like allow only one program to be used without password, which is safer like enabling all commands, put into sudoers line:
   krisko ALL = (ALL) NOPASSWD:/bin/vim ,/home/krisko/myprogram ,/home/krisko/bin/myprog2
> this line allows passwordless running of programs /bin/vim, /home/krisko/myprogram and /home/krisko/bin/myprog2. (e.g. sudo /bin/vim)

Note: entries placed most at the bottom are affecting entries placed before them.
e.g. user krisko is in the admin group. If we allow for krisko passwordless sudo usage for all programs and lower in the file we forbit the group admin then krisko won't be able to execute sudo without password.

Hint: you can login as root with following commands: su, sudo su or sudo bash

No comments:

Post a Comment