2

This question is answered a number of times in the net, but none of those answer resulted useful in my case.

The problem

Accessing a remote machine using private key, I usually require root permissions, which imply writing a long password and is annoying.

For the purpose of having sudo su, I tried following steps:

  • Ensure the line <user> ALL=(ALL) NOPASSWD: ALL is in /etc/sudoers
  • Ensure the user is in sudo user group: $groups <user> -> sudo

But trying sudo su will just prompt me for my own password: [sudo] password for <user>:

The question

How to have password-less sudo su?

Adrian Maire
  • 1,916
  • 4
  • 20
  • 30
  • did you restart the Ubuntu machine or at least the sudo service (something like sudo service sudo restart) after you updated the the config file? – Yaron Feb 26 '18 at 10:27
  • 2
    It is a bad idea to have no password for sudo? – George Udosen Feb 26 '18 at 10:28
  • never use sudo su please use either sudo -i or sudo su - if you use sudo su your user variable such as PATH or aliases are more likely to be corrupted will be usable as root. If someone can corrupt your profil it might inject some env variable able to give him root access afterward. sudo -i and sudo su - will unload you profil and load only root env variable – Kiwy Feb 26 '18 at 10:32
  • Its a common way for automated processes, so why not? Yeah, you could make it only for special commands, but for development its okay. As long as there is no security audit ;) – Marc Feb 26 '18 at 10:33
  • Related, about sudo su: https://unix.stackexchange.com/questions/218169/is-there-ever-a-good-reason-to-run-sudo-su – Kusalananda Feb 26 '18 at 10:53
  • @Yaron: which service is this? doesn't seem any of the systemctl -l list – Adrian Maire Feb 26 '18 at 11:22

2 Answers2

6

I often place it below the line

# User privilege specification
root    ALL=(ALL:ALL) ALL
+++ myuser ALL=(ALL) NOPASSWD: ALL

The better way is to use an own file in /etc/sudoers.d with the line above.

If you would like to use the group policy, you need to modify the line for your group

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) NOPASSWD: ALL

Otherwise the group policy will overwrite your user policy and you will be asked for the password.

And an other hint:
Please don't use "sudo su". Instead use sudo su - or sudo -i. This will unload your env and load the one of root, avoiding to use bad env variable from your account with root.

Kiwy
  • 9,534
Marc
  • 439
  • 2
  • 3
1

Your sudoers file has something that already grants you the ability to run sudo su (or possibly any commands), but does not include the NOPASSWD: option.

Ordering within the sudoers file is important: last match wins.

You can use sudo -l to list all the sudo Defaults options and all the allowed commands for your user account.

telcoM
  • 96,466