Execute sudo without Password?
Solution 1
You can configure sudo
to never ask for your password.
Open a Terminal window and type:
sudo visudo
In the bottom of the file, add the following line:
$USER ALL=(ALL) NOPASSWD: ALL
Where $USER
is your username on your system.
Save and close the sudoers file (if you haven't changed your default terminal editor (you'll know if you have), press Ctl + x to exit nano
and it'll prompt you to save).
As of Ubuntu 19.04, the file should now look something like
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
YOUR_USERNAME_HERE ALL=(ALL) NOPASSWD: ALL
After this you can type sudo <whatever you want>
in a Terminal window without being prompted for the password.
This only applies, to using the sudo
command in the terminal. You'll still be prompted for your password if you (for example) try to install a package from the software center
Solution 2
sudo -i
is the way to go if you don't want to be typing a password every 10 mins while doing modifications in your system (or other systems), and you don't want to modify any system files.
It will switch you to root using your sudo
user password, when you close the console or type exit
you are back to your normal user.
Solution 3
The preferred way to grant individual (or group) permissions would be to add files under /etc/sudoers.d
This separates local changes from the default policy and saves time in case the distribution sudoers file changes.
To make the currently logged in user a a sudoer and make sudo
not prompt them for a password, use
echo "$USER ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/$USER
this will create a file called /etc/sudoers.d/$USER
(where $USER
is the username of the user that you were logged in as when you ran that command), making it clear which users are granted permission.
If you want to do that for a different user, just replace both instances of $USER
with some other username in the above command.
echo "otheruser ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/otheruser
Similarly, one file can be used to manage multiple directives:
echo "username ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers.d/local
See /etc/sudoers.d/README
and man sudoers
for more information.
Solution 4
Root sudo timeouts are the easiest and safest way of doing this. I'll lay out all examples but be warned it is very risky any way you do this although this way is much safer:
sudo visudo
This opens an editor and points it to the sudoers file -- Ubuntu defaults to nano, other systems use Vi. You're now a super user editing one of the most important files on your system. No stress!
(Vi specific instructions noted with (vi!). Ignore these if you're using nano.)
Use the arrow keys to move to the end of the Defaults
line.
(vi!) press the A (capital "a") key to move at the end of the current line and enter editing mode (append after the last character on the line).
Now type:
,timestamp_timeout=X
where X is the timeout expiration in minutes. If you specify 0 you will always be asked the password. If you specify a negative value, the timeout will never expire. E.g. Defaults env_reset,timestamp_timeout=5
.
(vi!) hit Escape to return to command mode. Now, if you're happy with your editing, type in :w
Enter to write the file and :q
Enter to exit vi. If you made a mistake, perhaps the easiest way is to redo from start, to exit without saving (hit Escape to enter the command mode) and then type :q! Enter.
Hit Ctrl+X, then Y, then Enter to save your file and exit nano.
You might want to read the sudoers and vi manual pages for additional information.
man sudoers
man vi
Reset timeout value using:
sudo -k
These instructions are to remove the prompt for a password when using the sudo command. The sudo command will still need to be used for root access though.
Edit the sudoers file
Open a Terminal window. Type in sudo visudo
. Add the following line to the END of the file (if not at the end it can be nullified by later entries):
<username> ALL=NOPASSWD: ALL
Replace <username>
with your username (without the <>
). This is assuming that Ubuntu has created a group with the same name as your user name, which is typical. You can alternately use the group users or any other such group you are in. Just make sure you are in that group. This can be checked by going to System -> Administration -> Users and Groups.
Example:
michael ALL=NOPASSWD: ALL
Type in ^X (Ctrl+X) to exit. This should prompt for an option to save the file, type in Y to save.
Log out, and then log back in. This should now allow you to run the sudo command without being prompted for a password.
The root account
Enabling the root account
Enabling the root account is rarely necessary. Almost everything you need to do as administrator of an Ubuntu system can be done via sudo or gksudo. If you really need a persistent root login, the best alternative is to simulate a Root login shell using the following command:
sudo -i
However, if you must enable root logins, you can do it like this:
sudo passwd root
Re-disabling your root account
If for some reason you have enabled your root account and wish to disable it again, use the following command in the terminal:
sudo passwd -dl root
System-wide group sudo
root$ echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
Log out, and then back in.
Reset sudo timeout
You can make sure sudo asks for password next time by running:
sudo -k
Solution 5
Of course what you want to do isn't recommended. After a while, though entering sudo
becomes so automatic that its usefulness diminishes.
Another approach is to leave your sudoers file as is and, while doing something complicated to your umpteen hundred servers, enter sudo bash
. That will give you a shell that will be authenticated as root until you exit it.
Related videos on Youtube
BhaveshDiwan
A programmer... Nocturnal.... Avid listener of Hindustani classical music. Hire me!? I do not support any war, whatsoever, Period. My Avatar image 'Z' is the logo since 2011 of a website I own.
Updated on September 18, 2022Comments
-
BhaveshDiwan over 1 year
Inspired by this question....
I am the sole person using my system with 12.04.
Every time I issue asudo
command; the system asks for the user password (which is good in its own way).
However I was thinking; without activating the root account; how can I execute the sudo commands which will not ask for user password to authenticate.NOTE: I want to execute sudo command without authenticating via password; only when they are executed via terminal.
I don't want to remove this extra layer of security from other functions such a while using 'Ubuntu software center' or executing a bash script by drag-drop something.sh file to the terminal.-
Dr_Bunsen almost 12 yearsso you only want to be asked for the password in the terminal and for other things not, or the other way arround?! in both ways, I think its a high security breach
-
BhaveshDiwan almost 12 yearsI want that system may not ask password only when in the terminal... for any other purpose the system must ask a password. This requirement is only temporary, and to be used while configuring n installing new servers.. during fresh server installations, it really take hours of configuring with sudo commands.. issuing password every 15 min. is headache. I don't want to use root account.
-
david6 almost 12 yearsYou need to read the discussion in: askubuntu.com/questions/135428/…
-
MauganRa over 7 yearsFor sure you can prolong the timeout. Also, if you're frequently doing fresh server setups you should think about automating the process. You are not paid to type, you are paid to solve problems and to get sh*t done.
-
Eliah Kagan almost 7 years
-
-
Lekensteyn almost 12 yearsIt's recommended to use
sudo visudo
instead of editing it directly. Also changing the permissions of the sudoers may lock yourself out. When editing withvim
, use:wq!
to write to read-only files and quit the editor. In that way, permissions 644 are not necessary. -
BhaveshDiwan almost 12 yearsThanks for your response. What workout you suggest for the statement by @Lekensteyn
-
BhaveshDiwan almost 12 yearsWill this hold true that I enter password only once... and till the time I don't exit; weather 5 hrs. or 15.... the system wont ask for authentication by password when any sudo command is issued.
-
BhaveshDiwan almost 12 yearsHow is it different form activating and using the
root account
???? -
Bruno Pereira almost 12 years@Z9iT Because you don't actually activate anything or change the root´s user password, there is no system modification at all except you login to a root shell allowing you to do stuff without typing
sudo foo
all the time. If thats all you want (to be able to type commands without usingsudo
all the time) and you want 0 modifications to your system this is the way to go imho. -
Bruno Pereira almost 12 years@Z9iT until you type
exit
or until you close the terminal emulator window. -
BhaveshDiwan almost 12 yearsThanks.. Accepted this answer because it servers the purpose of issuing sudo commands without password authentication for n-hours till the time we won't exit.. Not modifying system files is a plus.
-
Darael almost 12 years
sudo -s
orsudo -i
are probably both better ideas thansudo bash
, because they ensure the environment is sane and things. -
Bruno Pereira over 10 yearsThis is a serious security risk, anyone taking over any account with sudo rights can take control of the complete system and lock any further access to this computer, seriously not recommended.
-
user209328 over 10 yearsI posted this before I added, for a system wide way of doing this and others read here:
-
William over 9 years@BrunoPereira if someone takes control of a user account then he knows the password anyway (or he doesn't know it but he has physical access to the machine, so...)
-
William over 9 yearsNote that, in this way, if one of the N commands mustn't be ran with sudo then he'd have to exit first, or use
sudo -u <username> <command>
without exiting. -
Bruno Pereira over 9 years@wil93 you are missing the point: a script that calls for
sudo install crapware
will not ask for a password in this case and might mess up everything you have, and you do not need to be physically next to a machine to distribute scripts last time I checked... This is just an example. -
William over 9 years@BrunoPereira If you plan on running untrusted scripts then that is the security risk (even if sudo asks for a password, a malicious script could always do
rm -rf ~
messing quite some things up). Overall, I wouldn't call «serious security risk» the simple removal of password prompt from sudo. -
William over 9 yearsHowever I support the idea that removing the password prompt introduces "some" risk :) one should be aware that, when using this method, he/she should be more careful than before.
-
Bruno Pereira over 9 years@wil93 Define "untrusted"... Do you read every single script you download before running it? No, that would be a hassle. Besides, I said that was just a case in many.
-
William over 9 years@BrunoPereira I don't always need to run scripts downloaded from the internet, but when I do, I read them :). Besides, I said that I consider this "a risk", but not a "serious security risk".
-
Adam F almost 9 yearsThis doesn't really answer the question, because you still need to enter the password to become root at that point.
-
Nuzzolilo over 8 years"sane and things" isn't generally in the realm of "better ideas", could someone give a technical explanation of why sudo -s or sudo -i is better than sudo bash? (Edit: Here is a relevant question askubuntu.com/questions/376199/… )
-
muru almost 8 yearsI think you could just do:
echo "$USER ALL=(ALL:ALL) NOPASSWD: ALL" | sudo env EDITOR="tee -a" visudo
, onlyvisudo
needssudo
after all (and evenenv
won't be needed in the default configuration, IIRC). -
Jonathan Komar over 7 yearsNot if you're running a virtual machine in a secured environment and you just want the thing to do something immediately and you do not want to deal with passwords. This answer does not answer the question, while it is arguably helpful information. I agree with Adam F
-
Leo over 7 yearsAgree with @wil93. When running a untrusted script, inputing password is no more than a chance to cancel the process, while I doubt it's useless for most people. The point is you know where the script from and what it does.
-
Leo over 7 yearsWorth to mention that
username ALL=(ALL) NOPASSWD: ALL
must be put after%sudo ALL=(ALL) NOPASSWD: ALL
. Otherwise some strange things will happen if the user is a member of the sudo group. -
michael over 7 yearsre: first comment: to test out the change to the sudoers file (without inadvertently locking yourself out), either have a separate shell/login and test out
sudo
commands while the editor is still open; or, while editing (viasudo visudo
), save (but don't exit) the sudoers file (:w
in vim), typectrl-z
which suspends the editor, experiment withsudo ls
, then return to the editor withfg
if everything works as expected. -
michael over 7 yearsa number of
sudo
commands (thinking especially ofsudo pip ...
) requiresudo -H
(set HOME) in order for the command to run properly. In other cases,sudo -E
(preserve env) may be required. Runningsudo bash
probably will work in most cases, but not in all, and when it doesn't, it won't be clear as to why. -
michael over 7 yearsthere's so much that could go wrong here (all user-error, of course), that it is preferred, in my very humble opinion, to edit the sudoer file directly (
sudo visudo
), while testing the result (with the editor still open), for those new users that might be tempted to try this "one-liner". -
Eric Landry over 7 yearsThanks for the feedback! I was just quickly trying to script-ify the removal of sudo password prompt in my volatile test VMs. Feel free to suggest improvements :)
-
thebunnyrules over 7 yearsAs a response to it being a security risk, I would say that it will depend on the situation. If you open up sudo on a real OS you're using every day for work, than you're definitely opening yourself up for a world of vulnerabilities and attacks. On the other hand, if you intend to this for something in Virtualbox that has a set state that you restore to at the end of each session and you're the only one using it, then by all means do it.
-
mckenzm over 7 yearsIf you are the only user you should be fine, as an aside it is poor that there is not an easier way for laypeople to have access to commands that are benign enough on a workstation such as poweroff or reboot. Ma and Pa Kettle need not know about visudo.
-
jenming about 7 yearsThis was a late answer, but is the most comprehensive in terms of the options it gives you.
-
Eliah Kagan almost 7 yearsNote that the configuration change described in this answer does apply to
sudo
run graphically bygksu
,gksudo
, andkdesudo
as well. What it doesn't apply to is Polkit, which is the way most graphical utilities that need to perform actions as root do it these days on Ubuntu. (As another example of this, if you run a command as root usingpkexec
instead ofsudo
, you will still be prompted for a password even after the modification to/etc/sudoers
described in this answer.) -
scape over 6 yearsthe echo command failed, even though i'm root. but, I added the file and edited it directly and this worked on latest ubuntu (whereas adding the user to the sudoers directly did not!)
-
woto over 6 yearsThe right way is to do it with
tee
command. -
user1656671 over 6 yearssudo su is the traditional way to switch roles and start acting a sys admin.
-
wayofthefuture about 6 yearsIf only there was a way to require an "interactive" shell for allowing a password-less sudo command. I wonder if there would be a way to get the community to add a parameter into the visudo editor file such as --interactive-only or something like that. This would prevent malicious internet scripts from running but would make linux shell so much more enjoyable.
-
Kalpesh Soni about 6 yearssome of us use a vmware workstation to play with ubuntu, last thing I want to do is to type my super secure "password" every time
-
Vitalii almost 6 yearsDoesn't work at Ubuntu 16. I added the line, and it still asks me for password.
-
HappyCactus over 5 yearsThis is not suggested, because the password remains in cleartype in the shell history file. Apply any of other solutions instead.
-
WinEunuuchs2Unix over 5 years@HappyCactus can you place once space in front of
echo
so it doesn't appear in history? -
HappyCactus over 5 yearsYes this will avoid exposing the cleartext password to the history file. But do you always remember to add it ? :-)
-
WinEunuuchs2Unix over 5 years@HappyCactus I tend to add leading space by accident and then get annoyed when history can't be recalled :) Anyway the Super User has 129 upvotes so I think it's a good answer to leave here. People will read our comments and know of the risks and risk aversion steps.
-
HappyCactus over 5 yearsI Totally Agree. Have a nice day!
-
Peter over 5 yearsHmm, on Ubuntu 18.04 MATE this works perfectly, while doing the same on Ubuntu 18.04 GNOME caused me wrinkles with the "username is not in the sudoers file..." problem. Now, this is why so many pple just hate linux - cuz it is rarely "causal" :D Just in case U run into the same... This is how you fix the problem: tecmint.com/…
-
Yaya over 5 yearsThis is a better way that works:
sudo sh -c 'echo "$(logname) ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/$(logname)'
, followed bysudo chmod 440 /etc/sudoers.d/$(logname)
-
Yaya over 5 yearsYou still need to
sudo chmod 440 /etc/sudoers.d/$(logname)
to correct file permissions as stated in the README in that directory. -
Jacob Rodrigues over 5 yearsThe
HISTCONTROL
variable needs to containignorespace
for it not to be saved when prefixed with " ". This seems to be the default on Ubuntu, but can be changed... The password can still show up inps
output... NOPASSWD (ideally limited to certain commands) in sudoers seems safer... -
Jacob Rodrigues over 5 yearsThe EDITOR environment variable can set the editor used... e.g.
sudo env EDITOR=/bin/nano visudo
to reliably editsudoers
in nano. (update-alternatives can be used to set the editor as well) -
Konstantin Pelepelin over 5 yearsIn
sudo ... >file
shell redirection is executed in the original shell, so it could work only in root shell. -
Carson Ip over 5 yearsthe tee method, without permission issues:
echo "username ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/username
-
Kamil Naja about 5 yearsWorks very good in Ubuntu 18.04, many thanks!
-
Timo almost 5 yearsIt also works for
sudo -i
, which means that after entering this command, no password is ever needed. -
Nicolay77 over 4 yearsI prefer to add these to a new file I can copy to other installations (or when I reinstall the system and keep the home partition)
sudo visudo /etc/sudoers.d/<username>
-
Elie G. about 4 yearsIs it possible to do this only for a specific command? like apt
-
Fjor over 2 yearsActually,
sudo -s
is slightly unsafer, as it runs the shell indicated in the SHELL environment variable, that could be tainted. I prefersudo su -
that uses the real root environment as if root were logged in. -
B. Shea about 2 yearsPlease edit your answer and point out WHY you should be putting the line at the BOTTOM of file. You mention it should be at bottom in passing. But, this is easily overlooked if the importance and reason are not explained.
sudo
may not work as intended if placed above group(s) and user is member of said group.