How to run sudo command with no password?
Solution 1:
Okay, I have discovered the answer so may as well put it here for completeness. At the end of /etc/sudoers
there is what I thought was just a comment:
#includedir /etc/sudoers.d
However this actually includes the contents of that directory. Inside of which is the file
/etc/sudoers.d/90-cloudimg-ubuntu
. Which has the expected contents
# ubuntu user is default user in cloud-images.
# It needs passwordless sudo functionality.
ubuntu ALL=(ALL) NOPASSWD:ALL
So that is where the sudo configuration for the default ubuntu user lives.
You should edit this file using visudo. The following command will let you edit the correct file with visudo.
sudo visudo -f /etc/sudoers.d/90-cloudimg-ubuntu
And add a line like:
aychedee ALL=(ALL) NOPASSWD:ALL
At the end.
Solution 2:
I found that the most straight forward thing to do, in order to easily replicate this behavior across multiple servers, was the following:
sudo visudo
Change this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
to this line:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
And move it under this line:
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
you should now have this:
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
then for every user that needs sudo access WITH a password:
sudo adduser <user> sudo
and for every user that needs sudo access WITH NO password:
sudo adduser <user> admin
(on older versions of ubuntu, you may need to):
sudo service sudo restart
And that's it!
Edit: You may have to add the admin group as I don't think it exists by default.
sudo groupadd admin
You can also add the default AWS ubuntu
user to the admin
group via this command:
sudo usermod ubuntu -g admin
Note: As @hata mentioned, you may need to use adm
as your admin group name, depending on which version of Ubuntu is being used.