How to configure passwordless sudo on Linux

Passwordless sudo reduces friction for routine administrative work in Linux by removing repeated password prompts for trusted accounts. This behavior is particularly useful on single-user workstations, development machines, and automation hosts where privileged commands run frequently or non-interactively.

The sudo mechanism consults the main /etc/sudoers file and optional include files under /etc/sudoers.d to decide which users or groups may execute specific commands and whether authentication is required. The visudo helper edits these files safely, locking the configuration and performing a syntax check before installing any changes.

Granting passwordless sudo broadens the impact of any compromise of those accounts, so configuration should be restricted to well-understood users or groups and applied only where operationally necessary. Changes must always go through visudo to avoid syntax errors that could disable sudo entirely on a Linux system.

Steps to enable passwordless sudo access:

Open a terminal on the target Linux system.

Check if the account already has sudo privileges.

user@host:~$ sudo -l
Matching Defaults entries for user on host:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User user may run the following commands on host:
    (ALL : ALL) ALL

This step confirms that the account is allowed to use sudo before changing any configuration.

Use the visudo command to open the main /etc/sudoers configuration file.
```
user@host:~$ sudo visudo
```
Editing /etc/sudoers without visudo risks syntax errors that can break sudo for all users.
Add a rule for the chosen account that permits passwordless sudo access.
```
user       ALL = (ALL) NOPASSWD: ALL
```
Replace user with the actual username, or use %groupname to grant the same access to every member of a group.
Exit the editor to save changes so that visudo can validate and install the updated configuration.

Verify the updated permissions for the account using sudo -l again.

user@host:~$ sudo -l
Matching Defaults entries for user on host:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User user may run the following commands on host:
    (ALL : ALL) ALL
    (ALL) NOPASSWD: ALL

The presence of NOPASSWD: ALL confirms that passwordless sudo is active for this account.

Run a privileged command with sudo to confirm that no password prompt appears.

user@host:~$ sudo ls -la /root
total 32
drwx------  5 root root 4096 Jul 24 05:54 .
drwxr-xr-x 19 root root 4096 Jul 24 05:53 ..
-rw-------  1 root root   18 Jul 19 01:57 .bash_history
-rw-r--r--  1 root root 3106 Aug  6  2018 .bashrc
drwxr-xr-x  3 root root 4096 Jul 24 05:54 .local
-rw-r--r--  1 root root  148 Aug  6  2018 .profile
drwxr-xr-x  3 root root 4096 Apr 22 07:56 snap
drwx------  2 root root 4096 Apr 22 07:56 .ssh

Granting passwordless sudo means any process under this account can run privileged commands without authentication; apply this configuration only to trusted environments.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.