How can I configure Linux to not require sudo for specific commands for specific users?
Solution 1
You can't configure Linux not to require sudo. Some commands need to be executed as root; if you want to trigger them from an unprivileged account, sudo or some other privilege escalation mechanism is necessary.
You can configure sudo not to require a password for specific commands, by adding a sudoers
rule with the NOPASSWD:
tag. Note that NOPASSWD rules must come after non-NOPASSWD rules that match the same command.
%admin: ALL = (ALL:ALL) ALL
%admin: ALL = (root) NOPASSWD: apt-get
Note that allowing apt-get
is as dangerous as allowing any command, since the caller could pass options that cause apt-get
to download packages from sources that they specify, that cause it to invoke hooks that they specify, etc.
If you feel you're seeing too many prompts, you can make sudo prompt you less often. Turn off the tty_tickets
option so that you can authenticate once for the whole session instead of once per terminal. By default, the timeout after which you need to enter your password again is 15 minutes.
Solution 2
Use visudo
to configure your /etc/sudoers file. You probably want something like this:
ALL ALL=NOPASSWD: /usr/bin/apt-get
See man sudoers
for details.
If you really want to avoid sudo altogether you can set the sticky bit like this:
chmod u+s /usr/bin/apt-get
Whether this works depends a bit on the application. This way the command runs as effective user root, but the command itself is able to detect that fact and refuse to work, if it decides so.
Related videos on Youtube
syntagma
Updated on September 18, 2022Comments
-
syntagma over 1 year
I am sure this question has been asked before but I can't find an answer.
I would like to configure Linux so that when I enter specific commands (e.g.
apt-get
), I wouldn't have to enter password as I have to right now.How can I do this?
-
Chris Davidson over 9 yearsAre you meaning to run
apt-get
withoutsudo
or just that when you do run it withsudo
you don't have to enter a password? -
syntagma over 9 years@Dayvo I mean to run it without
sudo
. -
Chris Davidson over 9 yearsI don't think it would be possible to not run it with sudo when not logged in as the root user, in order to do that you'd need to mess a lot with priveleges and expose the system A LOT.
-
-
alexises over 9 yearsusing sticky bit should be avoided, an alias seens to be proper
-
Barmar over 9 yearsAdding setuid to programs is not generally recommended. Programs that run with superuser privileges should be written especially carefully to avoid opening security holes, and programs that aren't intended to be run like that will not take the same precautions.