9

I want to run any program without asking root password. Because I'm the only person who use the system. So I googled and edited /etc/sudoers.

What I did:

# chmod 640 /etc/sudoers
# vim /etc/sudoers

Added a line like below:

# User privilege specification
root    ALL=(ALL:ALL) ALL
sgg ALL=(ALL:ALL) ALL

saved and closed the file. Rebooted system. But no change/improvement. Am I want to change any other lines? or Is there any way?

EDIT:

1.I changed permissions /etc/sudoers to 0440. ls -l /etc/sudoers result is 

-r--r----- 1 root root 772 May  4 19:43 /etc/sudoers

2.I run # visudo. File content is

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
sgg ALL=NOPASSWD:ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

But still it asking for password when I run sudo ls.

System Info: Ubuntu 14.04 x86_64 3.13.0-24-generic

gangadhars
  • 697

2 Answers2

11

First some general points:

  1. Never edit /etc/sudoers directly. You should always use sudo visudo instead which allows you to edit the file but checks it for errors before saving. The syntax of sudoers is tricky and a mistake can render your system unusable since you will not longer be able to use sudo.

  2. Never change the permissions of /etc/sudoers. In general, you shouldn't change the permissions of system files. In many cases, the programs associated with them will not work properly and it is bad practice and a security hole. That's what sudo is for in the first place, so you don't need to change the permissions.

    In addition, if you have set the permissions of /etc/sudoers to 640 and were able to write to it, that means you have also changed its owner to your user. That will effectively break it. As explained in man sudoers:

    /etc/sudoers is owned by gid N, should be 1 The sudoers file has the wrong group ownership. If you wish to change the sudoers file group ownership, please add “sudoers_gid=N” (where ‘N’ is the group ID that owns the sudoers file) to the sudoers Plugin line in the sudo.conf(5) file.

  3. If you want regular users to be able to mount a drive, a better way is to specify that in /etc/fstab. Using your example, you would want this line there:

    /dev/sda6   /media/sgg/D    vfat    users,rw,errors=remount-ro,noauto  0   0

    That will allow regular users to mount it with

    mount /dev/sda6

  4. If despite the above, you still want to allow your user to run any command without a password, the line you want to add to /etc/sudoers (using sudo visudo) is:

    sgg ALL=NOPASSWD:ALL

    Save the file and exit visudo and try running sudo ls, you shouldn't be asked for a password. I just tested and can confirm it works on my LMDE.

terdon
  • 242,166
  • visudo giving usage: visudo [-chqsV] [-f sudoers] [-x file] – gangadhars May 04 '14 at 13:48
  • @SGG how are you running it? Did you run sudo visudo? – terdon May 04 '14 at 13:49
  • i already tried with /etc/fstab. It gave me error at booting time Unable to mount /dev/sda6. press S to skip and M to manually ... some kind of message – gangadhars May 04 '14 at 13:50
  • sudo visudo /etc/sudoers – gangadhars May 04 '14 at 13:51
  • @SGG please run it the way I suggest in my answer, simply sudo visudo. The error message you're getting suggests that you are trying to mount an external or network drive that is not present at boot time. Is that so? That's the kind of detail you should mention in your question. Anyway, try the updated answer, I have changed the fstab line. – terdon May 04 '14 at 13:53
  • that worked. why? and how? – gangadhars May 04 '14 at 14:01
  • 1
    @SGG what worked? The sudo visudo works because that's the correct format for it, not sudo visudo /path/to/file. The fstab line works because the noauto option tells your system not to try and mount the drive automatically when booting. The users option tells it to allow regular users to mount. – terdon May 04 '14 at 14:02
  • @SGG also, make sure to revert your /etc/sudoers file to the correct permissions. It should be 0440 and owned by root. – terdon May 04 '14 at 14:03
  • fstab worked. And I reverted back /etc/sudoers to default permissions – gangadhars May 04 '14 at 14:11
  • /etc/sudoers not working. Still it asking for password when I run sudo ls – gangadhars May 04 '14 at 14:12
  • 1
    @SGG you need to save the file and exit visudo for the changes to take effect. If this is still not working, please update your question with the current contents of your sudoers file and the output of ls -l /etc/sudoers. Also make sure you tell us what operating system you're using. I'm guessing Linux but which one? – terdon May 04 '14 at 14:13
  • Edited question. – gangadhars May 04 '14 at 14:25
  • @SGG that's very strange. I tried with the exact same file and the newly created user sgg was not asked for a password when running sudo. – terdon May 04 '14 at 17:54
  • Not working on ubuntu 20.04 . – Goran_Ilic_Ilke Sep 15 '21 at 09:57
  • @Goran_Ilic_Ilke sorry, but without more context I have no idea what you mean. Please ask a new question, explain what you need, explain what you tried and how it failed. – terdon Sep 15 '21 at 10:02
2

That just tells the system that you may run all commands (which is the default anyway) but doesn't say anything about passwords. You need:

sgg ALL = (ALL) NOPASSWD: ALL

From the man page:

FULLTIMERS      ALL = NOPASSWD: ALL

Full time sysadmins (millert, mikef, and dowdy) may run any command on any host without authenticating themselves.

Community
  • 1
Hauke Laging
  • 90,279