Sudo, short for Super User Do, allows a Linux user to execute commands with root user privileges. Running sudo commands requires a password. You can easily configure a passwordless sudo in Linux Mint, where users do not have to enter a password.
The root user on Linux is a special account that has the highest security clearance and, therefore, has full access to all commands and sensitive files on the system. The sudo command will require you to enter your password. If your system is at low-security risk or you are the only user of the system, you can go passwordless.
There are several motivations to remove the need for entering the password manually. Most of the common tasks in Linux, like installing packages, updating user information, updating system files, etc., require root user privileges on Linux. If you are not logged on as the root user, you will require temporary permissions to perform basic tasks that update the system.
An important prerequisite for sudo usage is that your user should have an entry in the sudoers list. This list is maintained in a system file located at
/etc/sudoers. If your user does not belong to the sudoers group, then the sudo command will not work. In this article, we will cover how to configure a passwordless sudo in Linux Mint systems.
As a root user, you will only enter the following command on the command prompt to install a package, say curl.
apt install curl
But as a normal user, you will get an error ‘
permission denied’ if you run the same command.
If you run the same command with sudo, you will have to enter your password. Once the system verifies the password, the package will be installed successfully.
sudo apt install curl
As mentioned before, a sudo session has a time limit, after which you will have to re-authenticate yourself. This time limit, even though configurable, will require you to re-enter your password. Also, if you open another terminal or start another session, you will have to enter your password. It can get monotonous.
Moreover, this manual intervention can become a nuisance in an automated environment. You would not want a script to wait for the user to enter the password, nor would you want to add the password in the script.
There is an easy resolution to this blip. All you need to do is to access the sudoers file and disable authentication for your user.
Configure a Passwordless Sudo in Linux Mint Systems
A sudo user is part of a user’s group called sudoers. This group is enlisted in the
/etc/sudoers file by default. The sudoers file also assigns a default security policy to the group, which means that any user in that group will follow the policy assigned to the whole group.
Authentication is one of the features of the security policy. By default, the sudoers have to enter their respective passwords to execute any command with sudo. However, we can change this. To do that, we must learn where and how the policy is defined.
Adding a User to the Sudo Group
Although users created by the administrator at the time of Linux installation are sudoers, the following command is used to add a user to the sudoers group. However, you can only do it from an account that is in the sudoers group.
sudo usermod -aG sudo <user>
Accessing Sudoers File
First of all, we need to understand how to access the sudoers file to change anything in it. It is a sensitive file, and only one user should be editing it at a time. For this reason, you should access with the following command.
Configuring User Privileges
The sudoers file has an entry for each group or a specific user on each line in the file. Use the following syntax:
<User x> <Host>=(<User y:Group>) <tag>: <Commands>
- User x: User name or group name for which you are defining the entry. A list of users/groups can also be specified. Group names start with %.
- Host: Hostname or IP address on which User x will operate. ‘ALL’ can be specified to represent all hosts.
- User y: The user that User x will run as. ‘ALL’ can be specified to represent all users.
- Group: The group with which you will associate User y. ‘ALL’ can be specified to represent all groups.
- Tag: You can add a special tag NOPASSWD before the commands to specify authentication status.
- Commands: The command which User x can run as User y. You can also specify a list of commands. The keyword ‘ALL’ means all commands.
Disabling Authentication to Configure Passwordless Sudo in Linux
Now that we have learned some basic syntax on how to create an entry in the sudoers file, we can use our knowledge to create an entry for the user ‘spock’ so that ‘spock’ can run commands without entering its password. Remember that ‘spock’ is already part of the sudoers group.
You must add the following entry at the end of the sudoers file. As you can see, we have added a NOPASSWD tag to disable authentication.
You can understand the command given below as: The user
spock can run any command as any user from any group on any host without entering spock’s password.
spock ALL=(ALL:ALL) NOPASSWD: ALL
Now, the moment of truth. As ‘
spock’, we will try to execute a privileged command and test if the password prompt comes up or not.
Here we go. As you can see, the password prompt did not appear, and package installation started without any authentication. Finally, you have learned how to configure a passwordless sudo on Linux.
A note of caution here: Be careful about disabling authentication. Password prompt not only secures the system from malicious users but also help avoid mistakes and accidents. When a password prompt appears, it gives you a chance to review your command as well. It is useful, especially when dealing with sensitive data. For more information, read the official manual.
In conclusion, you can configure the sudo command via the sudoers file to run privileged commands without entering a password. However, you must use this feature carefully because by-passing authentication on a system with multiple users is insecure. Thus, you have successfully learned how to configure a passwordless sudo in Linux Mint systems. If you have any questions or feedback, feel free to leave a comment.
If this guide helped you, please share it.