How to configure passwordless sudo on Linux

The sudo command in Linux allows users to execute commands with administrative privileges. Typically, users must authenticate with a password each time they run a sudo command. This ensures secure execution of commands that could affect system configuration or files.

However, it is possible to configure sudo to bypass the password prompt for certain users or groups. By modifying the sudoers configuration file, you can enable passwordless access. This setup is common in environments where users need to frequently run administrative commands without constant authentication.

The process involves editing the sudoers file using the visudo command. Users or groups can be granted passwordless sudo access by specifying permissions in this file. This configuration is commonly used on Ubuntu and other Linux distributions to streamline workflows and automate tasks.

Steps to enable passwordless sudo access:

Open the terminal application.

Check if the user has sudo privileges.

user@host:~$ sudo -l
Matching Defaults entries for user on host:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User user may run the following commands on host:
    (ALL : ALL) ALL

This step helps confirm if the user has existing sudo permissions.

Use the visudo command to open the sudoers file.
```
$ sudo visudo
```
Add the following line under the relevant username to grant passwordless sudo access.
```
user       ALL = (ALL) NOPASSWD: ALL
```
Replace username with the actual username or %groupname for group-based access. You can also use ALL for all users.
Save the changes and exit the editor.

Verify the updated permissions for the user.

user@host:~$ sudo -l
Matching Defaults entries for user on host:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User user may run the following commands on host:
    (ALL : ALL) ALL
    (ALL) NOPASSWD: ALL

Test running a command with sudo to confirm that no password is required.

user@host:~$ sudo ls -la /root
total 32
drwx------  5 root root 4096 Jul 24 05:54 .
drwxr-xr-x 19 root root 4096 Jul 24 05:53 ..
-rw-------  1 root root   18 Jul 19 01:57 .bash_history
-rw-r--r--  1 root root 3106 Aug  6  2018 .bashrc
drwxr-xr-x  3 root root 4096 Jul 24 05:54 .local
-rw-r--r--  1 root root  148 Aug  6  2018 .profile
drwxr-xr-x  3 root root 4096 Apr 22 07:56 snap
drwx------  2 root root 4096 Apr 22 07:56 .ssh

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.