Can I run sudo without entering a password? [duplicate]
... but still be required for applications that need admin privilegies?
In order to allow the following:
$ apache2ctl restart
httpd not running, trying to start
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
$ sudo !!
sudo apache2ctl restart #no password asked
$ #works!
For reference I've seen this setup on amazon's e3 instances
Any idea?
Solution 1:
You need to edit the sudoers file. Be advised that success gives you a less secure system and failure can break sudo.
ALWAYS edit the sudoers file with sudo visudo
, as visudo checks for errors and will not save the file if any are found.
It's a bad idea to give everything permission to run as root without a password, so to just let through the one executable you need(apache2ctl); append the following to the very bottom of the file:
YOURNAME ALL = NOPASSWD: /usr/bin/apache2ctl
You can replace the path to an executable with "ALL" if you choose, giving you complete passwordless sudo.
Replace YOURNAME with your username and press Ctrl + X to save and exit. If an error occurred, it will offer to revert, edit, or save anyway.
Be sure that you use the full path to an executable:
ie. /usr/bin/apache2ctl
instead of just apache2ctl
. This is important because without explicitly stating the path sudo will allow any program named apachectl on the user's current path to run as root.
Solution 2:
The real answer to this question can be complicated because sudo is very powerful, and can be configured to do cool things. This is thoroughly explained in the documentation.
The short answer is run sudo visudo
in a terminal. If this is the first time that you have run visudo, it will ask you which editor you prefer. nano is generally thought to be the easiest to use, but pick the editor you are most comfortable/familiar with. You will need to decide who you want to give access to; it could be ALL
for everyone (a very bad idea), a user, or a system group. Groups are prefixed with a % sign. For example, if you wanted to give everyone in the steroid_users
group root privileges without the need for a password for all commands you would add:
%steroid_users ALL=(ALL) NOPASSWD: ALL
to the end of the file, exit, and save the file. If all goes well, and you are a member of the steroid_users group, you will be able to issue sudo *some-command*
without the bother of needing to enter your password.
Keep in mind that anyone who has access to your terminal while you are logged in -- or if you have ssh setup for key-based auth, or (even worse) have enabled password free session logins -- complete and unfettered access to your entire system. If you have multiple users on your system, or if this is a file server, all users files could be at risk as root can do anything!
Also, if you make a mistake, visudo will output and error message and not save changes to the file. This will help prevent breaking sudo completely. You should really read the documentation. Sudo is designed to give users just enough access to do their job without the need to expose your entire system. It may be advantageous to only give password free access for certain commands.
I hope this helps.
Solution 3:
You'll need to edit '/etc/sudoers' file (there is 'visudo' command for that.) to add NOPASSWD prior to list of allowed commands for Your user or group. If Your user is in 'admin' group - You need following:
%admin ALL=(ALL) NOPASSWD: ALL
Check https://help.ubuntu.com/community/Sudoers , btw.
Solution 4:
You COULD add the nopasswd flag to the user list but that does not eliminate all passwords asked questions. Only the first one will be asked.
- Edit sudoers:
sudo visudo
(You HAVE TO use sudo. This is an admin file.) - Add your user with the nopasswd flag after the Admin Line (at the end).
For example:
cyrex ALL = NOPASSWD: ALL
orcyrex ALL = (ALL) NOPASSWD: ALL