There comes a time when you want to execute a command with root privileges but you don’t want to enter root password again and again. May be you want to allow a user to be able to execute one particular command but can’t share root password or some command needs to be executed on boot but requires root..sounds familiar? Keep reading.
The kind of approach we will be using is very often frowned upon. Mainly because it beats the purpose of sudo i.e. allowing only privileged users to execute certain commands. It is also looked upon as security breach, but you are fine if you know what you are doing.
You can run sudo command without password on linux by modifying /etc/sudoers file which maintains – which user can execute what. Before editing this file, lets take a backup – just in case – it gets messed up.
/etc/sudoers file can be edited in any editor of your choice but it is highly recommended to use visudo command. If there is a syntax error in sudoers file then you will be locked out of shell and we don’t want that. While visudo command checks for correct syntax and restricts user from saving a corrupt sudoers file. Enter following command to edit sudoers file:
For example, if we want user “ayush” to be able to execute, say, “visudo” without asking for password then we will have to append following line in sudoers file in the end.
ayush ALL = NOPASSWD: /usr/sbin/visudo
This needs to be added at the very last of sudoers file because if there are matching entries then last line will override all previous occurrences.
This is how my sudoers looks after editing:
Now, user “ayush” won’t be prompted to enter password while executing “sudo visudo”.
You can replace your own username and command(s) you want to execute without entering root password:
[username] ALL = NOPASSWD: [command]
This can be extended for multiple commands by comma separating them.
sudo command is required when executing a command with some other user’s permission. Other user can either be root or else. Why we need to execute command with root’s permission? There are some commands that do some change in the system which are dangerous and can bring the system down, only root has such permissions.
WITH GREAT POWER COMES GREAT RESPONSIBILITY!
One can also switch user via su command and then execute the desired command but sudo is much more secure than su. Commands (along with arguments) executed with sudo are logged in a file. For Red Hat distros, /var/log/secure saves all the logs and for debian based, its /var/log/auth.log.
The file /etc/sudoers can be edited for configuring sudo and giving privileges to individual users or group of users.
For an individual user
Syntax for allowing an individual user (here Ayush) is:
ayush ALL=(ALL) ALL
“ayush” here is username of the user you want to allow
“ALL” specifies that sudo is accessible from all terminals
“(ALL)” specifies all users
“ALL” for all commands
For a group
Entry in sudoers file goes like:
%linuxstall ALL=(ALL) ALL
“linuxstall” can be replaced by the name of group.
Once the sudoers file is all set, you can now execute commands as root. For an instance, mount command can only be executed by root, but things go well with sudo.
There are some files that only root can save (say /etc/group) but having sudo in hand, it can be done as follows:
But, if you have opened the file as a normal user and wish to save but unable as only root can do that- sudo is your friend:
:w !sudo tee %
Above command will the save the file for you as a root even when you didn’t use it while opening. sudo just doesn’t mind!
If a user is not listed in sudoers file and tries to use sudo, admin will be notified by making a log entry and user will get following error:
<user> is not in the sudoers file. This incident will be reported.