Run Sudo Command Without Password

The sudo command in Linux / Unix based systems allows a trusted user to execute a command with extended privileges, either as superuser (root) or as another user defined in the security policy.

The security policy determines the privileges assigned to a user as well. It may require that the users should authenticate themselves with a password or another authentication mechanism. If a password is required, the user will be prompted to enter its account's password, with a timeout period. Else, the specified command is executed as per security policy, without any prompts.

There are cases where one needs to automate a workflow and avoid interactive prompts like the one we discussed above for using sudo. This is where password-less sudo option is helpful and can be configured to execute sudo commands without any prompts.

In this tutorial, we'll explain how you can configure sudo to avoid prompting for password for a user.

sudo Configuration to Execute Any Command

Open a Terminal window on your system or connect to it via SSH remotely.

It is always safer to have a backup copy of the sudoers configuration file before making any changes to it. You can take backup of sudoers file to your home directory or any other safe location using cp command.

$ sudo cp /etc/sudoers ~/sudoers.bak

Now open the sudoers file for editing using recommended visudo tool (do not use vi/vim/nano directly to edit `/etc/sudoers` because visudo includes basic checks to verify the syntax of sudoers file before saving avoiding any unwanted changes or errors related to syntax).

$ sudo visudo

Add/modify the line for the user to include NOPASSWD keyword (where username should be the actual username of the user on the system for which sudo is being configured).

username ALL=(ALL) NOPASSWD:ALL

Here's a screenshot of what the configuration file looks like after adding the line for user abhisheknair.

Save the file and exit to the terminal/SSH prompt of your session. You should be able to now run any command as superuser (root) if you prefix it with sudo and it will execute without prompting for your account's password.

sudo Configuration to Execute Specific Commands

Instead of allowing any command to be executed, if you just want to allow the user to execute one or more given commands, without password prompt, use modified syntax in your sudoers file as shown below ?

username ALL=(ALL) NOPASSWD: /usr/sbin/fdisk -l, /usr/bin/apt update, /usr/bin/apt upgrade

sudo Configuration Using /etc/sudoers.d/ Directory

/etc/sudoers file is under the control of your Linux distribution's package manager. If the system's package manager updates this file, your changes may get modified or lost.

To avoid this, modern Linux systems allows adding your local changes to sudo configuration inside /etc/sudoers.d/ directory which is not touched by upgrades to your system or packages.

For this to work, your /etc/sudoers file must have the following directive to include the contents of /etc/sudoers.d/ directory (usually found by default at the bottom of the sudoers file).

As we can see, we find @includedir directive in our /etc/sudoers file.

@includedir /etc/sudoers.d

If everything is set, we can add the following file with required sudo command(s) ?

$ sudo visudo -f /etc/sudoers.d/somefilename

Here, somefilename could be anything. Usually to identify its purpose, you can name it intuitively like with username or purpose etc.

$ sudo cat /etc/sudoers.d/90-abhisheknair
abhisheknair ALL=(ALL) NOPASSWD:ALL
$

If you want to achieve this in a couple of steps, without doing all the above steps, you can simply define USERNAME variable and execute the command to create the file with required lines. Something like this ?

$ USERNAME=abhisheknair
$ echo "$USERNAME ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers.d/90-$USERNAME

If you want to do that for the current user, USER variable is already defined in shell and you can simply run below command to add NOPASSWD sudo configuration for current user ?

$ echo "$USER ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers.d/90-$USER

It assumes that the user executing the above command has the required sudo privileges to create or modify a file inside /etc/sudoers.d.

Conclusion

In this tutorial, we explained how you can modify the sudo configuration in a Linux system to allow a user to execute commands without password prompt. This can be done by updating sudo configuration file, i.e., /etc/sudoers using visudo command or by adding a new configuration file inside /etc/sudoers.d directory.