Content
Introductory
When you often need the sudo by using other commands as root you may need to not have to type the password every time. Although the session "remembers" the previously entered password for a while, we don't have to retype it for a while, but we need to re-identify ourselves after a while. Also, if you work with multiple users, you will need our passwords more often. And if you also want to use commands running with root privileges in Shell scripts, you definitely need to avoid typing passwords so that our programs can run automatically. In this short description, we will look at how to persistently avoid asking for a password when using sudo.
The sudo
Sudo is a useful little tool on Unix-like operating systems that allows you to run commands or programs on behalf of other users, typically as root. It allows you to delegate tasks such as the entire server or some of its services (e.g. Apache) for plain users.
The sudoers file
A / Etc / sudoers file contains the rules that the sudo command takes into account when using it. The file typically contains entries such as who can run which command (s) using sudo, and so on.
This file is never edited directly, but is used for this purpose visudo command:
as root:
visudo
As a plain user:
sudo visudo
If we look at the file, we see this in a "factory" Debian 10 (Buster) system:
# # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d
You can also see examples of its use here, and at the beginning of the comments he suggests that you consider creating your own files instead of modifying this file. /etc/sudoers.d/ directory, which we can also see at the end of the file to read its contents, so it executes our own configuration files in the directory.
Run Sudo commands using a password
By default, if the user is not set to run commands without a password, it will of course ask for the password if we are authorized to use sudo in any way (e.g. sudo group membership, or the password setting in the sudoers file in case of):
The first time you use it, it also prints out the short policy and then asks for the user's own password.
This is not the case with sudo either, so if you are working with such a server environment, when you use sudo without a password, the web that "exists" with them (x) users in the sudoers file.
In other cases, such as outside a ISPConfig, for a manually created user, or for a simpler installation, or for a LAMP server in the case of, of course, the login must be referenced in the sudoers file.
Run Sudo commands without using a password
If you want to set up sudo to run different commands without a password, create your own file in /etc/sudoers.d/ library. Of course, this requires root privileges, so let's run this as root. For example:
nano /etc/sudoers.d/linuxportal
It's a good idea to choose a filename that refers to the settings in it so that we know what's in it later. For example, I create a file for my linuxportal user. Then the setting we need should be placed in this.
Set one or more specific commands
If you only need to run one or some specific commands with your user on a regular basis, you may need to invoke them from scripts with root privileges without asking for a password, e.g. various data backups, start, stop services, etc., you can put the following line in the file:
web4 ALL = NOPASSWD: /bin/systemctl
So here I am using the web4 username for the reasons described above, so everyone uses their own proper username.
Here, be sure to enter the command at the end with its full path, otherwise it will give a syntax error when calling sudo.
Save the file and then test sudo with the target user. For example, we query the status of Apache:
sudo systemctl status apache2.service
As you can see in the example, sudo no longer asked for a password, but ran the command right away.
If you want to enter more than one command, separate it with a comma and a space, still giving each with its full path from the root. In the example below, we also set the dwarf editor, so that we can modify the /etc/sudoerd.d/ directory that you previously created as root:
web4 ALL = NOPASSWD: /bin/systemctl, /usr/bin/nano
So we can list the necessary commands that we want to use with sudo without a password.
Comprehensive setting
If you want to be able to run anything using sudo without entering a password, set it to:
web4 ALL = (ALL) NOPASSWD:ALL
Here, of course, we specify our own suitable user instead of the web4 here.
Conclusion
So with these little simple settings, you can make regular work in the terminal easier, save time by skipping typing passwords, and easily create various automation scripts in which you can run the necessary commands with root privileges.
- To post registration and login required
- 1525 views