How to run sudo command with no password?

Solution 1:

Okay, I have discovered the answer so may as well put it here for completeness. At the end of /etc/sudoers there is what I thought was just a comment:

#includedir /etc/sudoers.d

However this actually includes the contents of that directory. Inside of which is the file /etc/sudoers.d/90-cloudimg-ubuntu. Which has the expected contents

# ubuntu user is default user in cloud-images.
# It needs passwordless sudo functionality.
ubuntu ALL=(ALL) NOPASSWD:ALL

So that is where the sudo configuration for the default ubuntu user lives.

You should edit this file using visudo. The following command will let you edit the correct file with visudo.

sudo visudo -f /etc/sudoers.d/90-cloudimg-ubuntu

And add a line like:

aychedee ALL=(ALL) NOPASSWD:ALL

At the end.

Solution 2:

I found that the most straight forward thing to do, in order to easily replicate this behavior across multiple servers, was the following:

sudo visudo

Change this line:

# Members of the admin group may gain root privileges
%admin  ALL=(ALL) ALL

to this line:

# Members of the admin group may gain root privileges
%admin  ALL=(ALL) NOPASSWD:ALL

And move it under this line:

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

you should now have this:

# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin  ALL=(ALL) NOPASSWD:ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

then for every user that needs sudo access WITH a password:

sudo adduser <user> sudo

and for every user that needs sudo access WITH NO password:

sudo adduser <user> admin

(on older versions of ubuntu, you may need to):

sudo service sudo restart

And that's it!

Edit: You may have to add the admin group as I don't think it exists by default.

sudo groupadd admin

You can also add the default AWS ubuntu user to the admin group via this command:

sudo usermod ubuntu -g admin

Note: As @hata mentioned, you may need to use adm as your admin group name, depending on which version of Ubuntu is being used.