https://github.com/1999azzar/passwordless_sudo

This guide explains how to safely configure passwordless sudo access for a user on Linux systems.
https://github.com/1999azzar/passwordless_sudo

linux passwordless sudo

Last synced: about 1 month ago
JSON representation

This guide explains how to safely configure passwordless sudo access for a user on Linux systems.

• Host: GitHub
• URL: https://github.com/1999azzar/passwordless_sudo
• Owner: 1999AZZAR
• Created: 2024-12-30T07:50:27.000Z (9 months ago)
• Default Branch: master
• Last Pushed: 2024-12-30T07:52:25.000Z (9 months ago)
• Last Synced: 2025-06-02T13:13:18.711Z (4 months ago)
• Topics: linux, passwordless, sudo
• Language: Shell
• Homepage:
• Size: 5.86 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: Readme.md

Awesome Lists containing this project

README

          
# Configuring Passwordless sudo in Linux - Complete Guide

This guide explains how to configure passwordless `sudo` access for a user on Linux systems, either manually or using our automated script.

## Table of Contents

- [Automated Configuration](#automated-configuration)

- [Manual Configuration](#manual-configuration)

- [Security Considerations](#security-considerations)

- [Troubleshooting](#troubleshooting)

- [Advanced Configuration](#advanced-configuration)

## Automated Configuration

### Using the Setup Script

1. Download the configuration script:

   ```bash

   curl -O https://raw.githubusercontent.com/1999azzar/passwordless_sudo/master/passwordless_sudo.sh

   ```

2. Make it executable:

   ```bash

   chmod +x passwordless_sudo.sh

   ```

3. Run the script:

   ```bash

   # Configure for current user

   sudo ./passwordless_sudo.sh

   # OR configure for specific user

   sudo ./passwordless_sudo.sh username

   ```

### Script Features

- Automatic user detection

- Comprehensive safety checks

- Automatic backup of existing configuration

- Detailed logging

- Configuration testing

- Security settings (session timeout, command logging)

## Manual Configuration

If you prefer to configure passwordless sudo manually, follow these steps:

### Prerequisites

- Root or sudo access on the system

- Username for configuration

- Basic familiarity with terminal commands

### Step 1: Create Custom Sudoers File

```bash

sudo -e /etc/sudoers.d/nopasswd-users

```

Add your configuration:

```bash

# Replace 'username' with your actual username

username ALL=(ALL) NOPASSWD: ALL

```

### Step 2: Set Correct Permissions

```bash

sudo chmod 440 /etc/sudoers.d/nopasswd-users

sudo chown root:root /etc/sudoers.d/nopasswd-users

```

### Step 3: Verify Configuration

```bash

# Check syntax

sudo visudo -c

# Test sudo access

sudo ls /root

```

## Security Considerations

⚠️ **Important Security Notice**

- Passwordless sudo reduces system security

- Only implement on trusted systems

- Consider using command-specific permissions instead of full access

- Regularly audit sudo configurations

- Monitor sudo usage logs

### Recommended Security Settings

1. **Limited Command Access**

   ```bash

   username ALL=(ALL) NOPASSWD: /usr/bin/apt, /sbin/reboot

   ```

2. **Session Timeout**

   ```bash

   Defaults:username timestamp_timeout=30

   ```

3. **Command Logging**

   ```bash

   Defaults:username logfile="/var/log/sudo_username.log"

   ```

## Troubleshooting

### Common Issues

1. **Password Still Required**

   - Check file permissions

   - Verify syntax

   - Look for conflicting rules

2. **Permission Denied**

   ```bash

   sudo chmod 440 /etc/sudoers.d/nopasswd-users

   sudo chown root:root /etc/sudoers.d/nopasswd-users

   ```

3. **Configuration Not Working**

   - Check logs: `sudo tail -f /var/log/auth.log`

   - List sudo rules: `sudo -l`

   - Verify syntax: `sudo visudo -c`

## Advanced Configuration

### Command Aliases

```bash

# In /etc/sudoers.d/nopasswd-users

Cmnd_Alias SYSTEM_COMMANDS = /usr/bin/apt, /sbin/reboot, /usr/bin/systemctl

username ALL=(ALL) NOPASSWD: SYSTEM_COMMANDS

```

### User Groups

```bash

# Allow all developers passwordless access to specific commands

%developers ALL=(ALL) NOPASSWD: SYSTEM_COMMANDS

```

### Logging Configuration

```bash

# Enhanced logging

Defaults:username log_output

Defaults:username logfile="/var/log/sudo_username.log"

Defaults:username log_year

Defaults:username loglinelen=0

```

## Reverting Changes

### Using the Script

```bash

sudo rm /etc/sudoers.d/nopasswd-username

```

### Manual Reversion

1. Remove custom configuration:

   ```bash

   sudo rm /etc/sudoers.d/nopasswd-users

   ```

2. Or comment out specific lines:

   ```bash

   sudo -e /etc/sudoers.d/nopasswd-users

   # Comment out the NOPASSWD line:

   # username ALL=(ALL) NOPASSWD: ALL

   ```

## Best Practices

1. Use separate files in `/etc/sudoers.d/` instead of editing main sudoers file

2. Implement specific command allowances rather than full access

3. Regular security audits

4. Maintain configuration backups

5. Document all changes

6. Monitor sudo usage logs

## Support

For additional help:

- System logs: `sudo tail -f /var/log/auth.log`

- Sudo manual: `man sudo`

- Sudoers manual: `man sudoers`

- Distribution documentation

## Contributing

Feel free to submit issues and enhancement requests!

---

**Note**: This guide and associated script are provided as-is. Always test in a safe environment first.