passwordless sudo

Mike Chambers mike at miketc.net
Wed Nov 30 18:50:53 UTC 2011 

On Wed, 2011-11-30 at 17:36 +0000, Marko Vojinovic wrote:
> On Wednesday 30 November 2011 10:49:40 Mike Chambers wrote:
> > On Wed, 2011-11-30 at 13:38 +0300, Hiisi wrote:
> > > Hi, list!
> > > I'm trying to set up passwordless sudo for myself. It's a shiny brand
> > > new fresh-installed F16. During first boot I had been asked to create
> > > a new user and put him to administrative group. I answered yes and
> > > hence my user is able to run commands using sudo. However in
> > > /etc/sudoers there's not a mention of my user. I've added the
> > > following string to it:
> > > hiisi   ALL=(ALL)       NOPASSWD: ALL
> > 
> > On initial installs when this is setup, your userID is not added to the
> > sudoers file itself.  The *wheel* group is what is allowed/setup in
> > sudoers, and your userid is added to the *wheel* group in the /etc/group
> > file, such as below..
> > 
> > wheel:x:10:your-username-here
> > 
> > If you wanted to do passwordless, then comment out the line below..
> > 
> > ## Allows people in group wheel to run all commands
> > %wheel        ALL=(ALL)       ALL
> > 
> > And uncomment the line below here..
> > 
> > ## Same thing without a password
> > # %wheel  ALL=(ALL)       NOPASSWD: ALL
> > 
> > In other words, it doesn't add the username/ID itself to the sudoers
> > file, it goes through the *wheel* group and you add/drop users from
> > there on need to use basis.
> 
> Wouldn't this actually enable passwordless sudo for all members of the wheel 
> group, rather than just for one user?

Yes it would.  Or change the group to something else instead of wheel
and just make sure the groups file is updated.

> 
> What would the config look like if the OP wants to be both a member of the 
> wheel group, and have a paswordless sudo config *only* for himself?

If just using the stuff already in the config, for example the OP could
uncomment the first one with wheel and use that one with passwords, and
then uncomment the line below and put in his own group for ones without
passwords.

Not sure which one is read/used first but assuming it would know.  man
sudoers for more information.


-- 
Mike Chambers
Madisonville, KY

"The best town on Earth!"

More information about the users mailing list