How to run privileged (sudo) commands without the password

lah7 · 27 November 2015 19:03

Sometimes, you may wish to run a command but you wouldn’t want to pester the almighty super user (root / sudo) for the password.

→ …

This tip will step through how to exempt the command from the password prompt from sudo like this prompt:

[sudo] password for user:

Precaution!

Be cautious with which programs you wish to exempt from having to enter the password. Some commands could cause damage or put your system at risk if accidentally executed incorrectly.

Some commands like shutdown and pm-suspend may just add convenience for your workflow.

Modifying the sudoers file.

1) First, we need to find out the path of the executable. Use the command which to print its path.

For example, the shutdown command is at /sbin/shutdown:

$ which shutdown /sbin/shutdown

2) Next, open visudo.

sudo visudo

This is a utility that allows you to properly edit the sudoers file. This is a very important safety measure, because if your sudoers file is invalid, you will lose access to sudo on your system. Thankfully, if you do make a mistake after you save, visudo will not proceed.

Instead, you should create your own individual file, thanks to this tip by @layingback:

An advantage of saving to /etc/sudoers.d is that it’s easier to preserve copies if you perform a clean installation or if visudo is overwritten later (for instance, due to an upgrade).

3) At the bottom of the file, add the following:

username [tab] ALL=NOPASSWD: [tab] /path/to/executable

[tab] indicates an actual tab. Spaces might work.
Replace username with your actual username.
If you forgot who you are, see the lowercase name of home folder or type whoami.
Replace /path/to/executable with the full path to the command as we found out in step 1.

Here’s an example for shutdown for the user john:

john ALL=NOPASSWD: /sbin/shutdown

When you are done, press CTRL+X to save. You will see a confirmation if your changes have been successfully saved.

Executing the command

Since it’s still a privileged command, you still need to have sudo at the start of the command.

So, let’s say you wish to restart your system without entering a password:

sudo shutdown -r now

… →

No sudo password prompt should appear!

Tip: You could bind this as a keyboard shortcut or execute it from within a script and not have to worry of an invisible password prompt.

stevecook172001 · 27 November 2015 22:14

For anyone else, like me, who likes living dangerously, put the following line at the bottom of your sudoers file:

stephen ALL=NOPASSWD: ALL

(obviously, the username would need to be changed for someone else)

The above line kills any need for the sudo password for any and all things with no need to specify any particular command or program.

I use the above command in my sudoers file because it allows for start-up scripts that would ordinarily need a password.

Danny3 · 28 November 2015 12:18

Thanks for the tutorial, but I changed my password to ’ ’ (a single space made with spacebar)
Also I changed the feedback from nothing to asterisks

I really think that all linux distros security is crap, I’m not blaming anyone
But sudo this, sudo that is awful
Delaying me to run a command by asking to run as superuser and put the password is nonsense
It’s the same as Windows’ “Do you really want to run this program”
Right now, the single space pasword is working great for me

lah7 · 28 November 2015 12:57

No problem! I tend to forget these instructions myself for other systems.

Password prompts may seem like a nusiance, but I’d say that’s a good security precaution. There are other ways to reduce the prompt too:

Use bash as root: $ sudo bash
Extend the timeout for the sudo password

Like @stevecook172001 says, it’s living a bit dangerously, but yourself and others may not mind that.

If (in the very unlikely situation) there was a dodgy/tampered script or program that wanted to invoke commands as root, or lets suppose the system was hijacked via a poorly coded program, it could potentially ruin all (instead of some) of the file system and/or let a hacker do whatever they please while you’d have no idea (they can disguise it after all).

openSUSE has quite a nice fancy message:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

All it takes is one mistyped command to wreck the system…

sudo rm -rf /

Let’s just say:

By default:
“Hmm, I’m going to install unknown package XYZ.” → “You do trust what you found, right?”

To this:
→ → “This looks promising!” →

stevecook172001 · 28 November 2015 20:58

Yes Danny, but the great thing about Linux is that, on the one hand, it has an overarching penchant for security that some (including myself) may find a bit overbearing. But, on the other hand, it allows for the capacity to variably or more more less completely disable those security features.

Such flexibility and customisability is not a weakness.

It is a strength

layingback · 2 December 2015 12:08

TIP: If you want to avoid changing the sudoers file, you can create your own file instead. (See visudo comments for details: sudo visudo)

Replace sudo visudo command above with

sudo visudo -f /etc/sudoers.d/your_filename

where your_filename is the name of your file. It will be executed at the end of sudoers.

@lah7 : Thanks! Great for items I’ve added to the MATE Menu.

lah7 · 2 December 2015 21:42

Thanks for the tip @layingback ! I modified the first post so it’s not overlooked.

I guess the advantage of adding to /etc/sudoers.d/ is that changes can be easily preserved then overwritten later.

# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.

layingback · 3 December 2015 07:53

Living through an upgrade/update is the main advantage I would assume/hope.

GJohnson · 6 December 2015 15:25

I like stevecook172001’s method. Use it myself

layingback · 7 February 2017 14:19

It’s even simpler:

sudoer will execute any file found in the dir etc/sudoers.d, so no need to change sudoers file or run visudo command. Simply drop your file in etc/sudoers.d/ Validation of your file is still done at runtime, but to see the errors, if any, you’ll need to run in terminal the first time.

tiox · 8 February 2017 21:40

For people who want to change the shell root uses, you can directly wdit the sudoers file because that’s all chsh -s will modify. Edit as root to tell root what to load on login / in X.

Fun stuff.

GJohnson · 17 February 2017 22:59

As root or with root privilege:

echo ‘username ALL=(ALL) NOPASSWD: ALL’ >> /etc/sudoers

tiox · 6 July 2017 21:24

You don’t need sudo for basic power functions nowdays; these work:

Suspend - systemctl suspend
Restart - systemctl reboot
Shutdown - systemctl poweroff