How to configure passwordless sudo on Linux

Passwordless sudo reduces friction for routine administrative work in Linux by removing repeated password prompts for trusted accounts. This behavior is particularly useful on single-user workstations, development machines, and automation hosts where privileged commands run frequently or non-interactively.

The sudo mechanism consults the main /etc/sudoers file and optional include files under /etc/sudoers.d to decide which users or groups may execute specific commands and whether authentication is required. The visudo helper edits these files safely, locking the configuration and performing a syntax check before installing any changes.

Granting passwordless sudo broadens the impact of any compromise of those accounts, so configuration should be restricted to well-understood users or groups and applied only where operationally necessary. Changes must always go through visudo to avoid syntax errors that could disable sudo entirely on a Linux system.

Steps to enable passwordless sudo access:

Open a terminal on the target Linux system.

Check if the account already has sudo privileges.

$ sudo -l -U user
Matching Defaults entries for user on host:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, use_pty

User user may run the following commands on host:
    (ALL : ALL) ALL

This step confirms that the account is allowed to use sudo before changing any configuration.

Create a sudoers drop-in file that grants passwordless access for the target account.
```
$ printf 'user ALL=(ALL) NOPASSWD: ALL\n' | sudo tee /etc/sudoers.d/90-user-nopasswd
user ALL=(ALL) NOPASSWD: ALL
```
Replace user with the actual username, or use %groupname to grant the same access to every member of a group.
Validate the syntax of the new sudoers file.
```
$ sudo visudo -cf /etc/sudoers.d/90-user-nopasswd
/etc/sudoers.d/90-user-nopasswd: parsed OK
```
Always validate sudoers changes to prevent syntax errors that can disable sudo for all users.

Verify the updated permissions for the account using sudo -l again.

$ sudo -l -U user
Matching Defaults entries for user on host:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, use_pty

User user may run the following commands on host:
    (ALL : ALL) ALL
    (ALL) NOPASSWD: ALL

The presence of NOPASSWD: ALL confirms that passwordless sudo is active for this account.

Run a privileged command with sudo to confirm that no password prompt appears.

$ sudo -u user -H bash -lc 'sudo -n ls -la /root'
total 24
drwx------ 1 root root 4096 Jan 12 22:41 .
drwxr-xr-x 1 root root 4096 Jan 13 00:01 ..
-rw-r--r-- 1 root root 3106 Apr 22  2024 .bashrc
-rw-r--r-- 1 root root  161 Apr 22  2024 .profile
drwx------ 2 root root 4096 Jan  1 02:43 .ssh
drwxr-xr-x 2 root root 4096 Jan 12 22:59 sg-work

Granting passwordless sudo means any process under this account can run privileged commands without authentication; apply this configuration only to trusted environments.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.