Home –  sudo
Tag Archives: sudo

How to run sudo command without password on Linux?

There comes a time when you want to execute a command with root privileges but you don’t want to enter root password again and again. May be you want to allow a user to be able to execute one particular command but can’t share root password or some command needs to be executed on boot but requires root..sounds familiar? Keep reading.

The kind of approach we will be using is very often frowned upon. Mainly because it beats the purpose of sudo i.e. allowing only privileged users to execute certain commands. It is also looked upon as security breach, but you are fine if you know what you are doing.

You can run sudo command without password on linux by modifying /etc/sudoers file which maintains – which user can execute what. Before editing this file, lets take a backup – just in case – it gets messed up.

ayushhgoyal@linuxstall:$ sudo cp /etc/sudoers /root/sudoers.bak

/etc/sudoers file can be edited in any editor of your choice but it is highly recommended to use visudo command. If there is a syntax error in sudoers file then you will be locked out of shell and we don’t want that. While visudo command checks for correct syntax and restricts user from saving a corrupt sudoers file. Enter following command to edit sudoers file:

ayushhgoyal@linuxstall:$ sudo visudo

For example, if we want user “ayush” to be able to execute, say, “visudo” without asking for password then we will have to append following line in sudoers file in the end.

 ayush ALL = NOPASSWD: /usr/sbin/visudo 

This needs to be added at the very last of sudoers file because if there are matching entries then last line will override all previous occurrences.

This is how my sudoers looks after editing:

sudoers_sudo

Now, user “ayush” won’t be prompted to enter password while executing “sudo visudo”.

You can replace your own username and command(s) you want to execute without entering root password:

 [username] ALL = NOPASSWD: [command] 

This can be extended for multiple commands by comma separating them.

sudo command

sudo command

sudo command

sudo command is required when executing a command with some other user’s permission. Other user can either be root or else. Why we need to execute command with root’s permission? There are some commands that do some change in the system which are dangerous and can bring the system down, only root has such permissions.

sudo command

WITH GREAT POWER COMES GREAT RESPONSIBILITY!

One can also switch user via su command and then execute the desired command but sudo is much more secure than su. Commands (along with arguments) executed with sudo are logged in a file. For Red Hat distros, /var/log/secure saves all the logs and for debian based, its /var/log/auth.log.

The file /etc/sudoers can be edited for configuring sudo and giving privileges to individual users or group of users.

Setting up sudo

For an individual user

Syntax for allowing an individual user (here Ayush) is:

ayush ALL=(ALL) ALL

“ayush” here is username of the user you want to allow
“ALL” specifies that sudo is accessible from all terminals
“(ALL)” specifies all users
“ALL” for all commands

For a group

Entry in sudoers file goes like:

%linuxstall ALL=(ALL) ALL

“linuxstall” can be replaced by the name of group.

Execute commands as root

Once the sudoers file is all set, you can now execute commands as root. For an instance, mount command can only be executed by root, but things go well with sudo.

ayush@linuxstall:$ sudo mount /dev/sda1 /mnt

 

Use sudo command on the fly while editing in vim

There are some files that only root can save (say /etc/group) but having sudo in hand, it can be done as follows:

ayush@linuxstall:$ sudo vim /etc/group

But, if you have opened the file as a normal user and wish to save but unable as only root can do that- sudo is your friend:

:w !sudo tee %

Above command will the save the file for you as a root even when you didn’t use it while opening. sudo just doesn’t mind!

Security

If a user is not listed in sudoers file and tries to use sudo, admin will be notified by making a log entry and user will get following error:

<user> is not in the sudoers file. This incident will be reported.