Automation jobs and tightly controlled administration accounts can stall when sudo waits for an interactive password. A passwordless sudo rule lets a trusted Linux account run privileged commands without that prompt, so the account must be treated as a direct path to root access.

The sudo policy engine reads /etc/sudoers and included drop-ins under /etc/sudoers.d. A rule tagged with NOPASSWD changes the authentication requirement for the matching user or group, while visudo guards the policy syntax before the file is saved.

Use a dedicated drop-in instead of editing the main file directly, keep the filename free of dots or backup suffixes, and validate the full policy after saving. Grant NOPASSWD: ALL only to accounts that already have that level of trust, or replace ALL with the exact commands the account needs.

Related: How to add a user to a group in Linux
Related: How to audit local user accounts in Linux

Steps to enable passwordless sudo in Linux:

  1. Confirm that the target account exists before changing the sudo policy. 
    $ id sgnopass
uid=1001(sgnopass) gid=1001(sgnopass) groups=1001(sgnopass),27(sudo)

    Use getent group buildadmins instead when the rule should target an existing group instead of one user.

  2. Open a dedicated sudoers drop-in with visudo. 
    $ sudo visudo -f /etc/sudoers.d/90-sgnopass-nopasswd

    Use a simple filename without dots because sudo skips filenames containing . inside /etc/sudoers.d.

  3. Add the passwordless rule in the editor and save the file. 
    /etc/sudoers.d/90-sgnopass-nopasswd
sgnopass ALL=(ALL:ALL) NOPASSWD: ALL

    Replace sgnopass with the real account name, or use %buildadmins ALL=(ALL:ALL) NOPASSWD: ALL to grant the same behavior to every member of a group.

  4. Validate the full sudoers policy after saving the new drop-in. 
    $ sudo visudo -c
/etc/sudoers: parsed OK

    Use the full check instead of validating only the new file so visudo can catch policy-wide syntax, ownership, and permission problems.

  5. List the effective sudo rules for the target account. 
    $ sudo -l -U sgnopass
User sgnopass may run the following commands on host:
    (ALL : ALL) ALL
    (ALL : ALL) NOPASSWD: ALL

    The NOPASSWD: ALL entry confirms that the rule is active for the account.

  6. Clear any cached sudo authentication timestamp for the target account. 
    $ sudo -iu sgnopass sudo -k

    This forces the next privileged command to rely on the saved NOPASSWD rule instead of a previously cached password check.

  7. Verify that the target account can run sudo non-interactively. 
    $ sudo -iu sgnopass sudo -n whoami
root

    Passwordless sudo means any process running as that account can request root privileges immediately, so reserve it for tightly controlled accounts or narrow the rule to specific commands instead of ALL.