| ansible server prepping | Ansible Vault | arm k8s on prem | backup server - Part IV | backup solution | Cluster on a Pi | debian server setup | DNS on Ubuntu ARM | Docker Hub | Docker Swarm | downgrade k3s | GEO-blocking | HomeBrew | How to backup | install Docker Swarm | k3s | k3s cluster setup | k3s HA | K8s Dashboard | K8s Load Balancer | kube-vip | KVM-hypervisor | Mail setup on Pi | MetalLB | Mosquitto brocker on Swarm | Mosquitto container deployment | New Pi setup | new server setup | NFS-Share (shared storage) | Nginx reverse proxy | OPNsense ProtonVPN setup | Persisten Volume - Pi K8s | Portainer (Swarm) | Rancher HA on K3s | Raspbian 64bit | rclone backup - part 2 | Rclone continued III | Rclone GUI | rclone - part 1 | RPi backup solution | ssh-copy-id | SSH key exchange | ssh-keygen | sudo with no password | Swarm commands | sysadmin purpose | sysadmin skills | tmux | Traefik + cert-manager | Traefik + Consul + ssl/tls Letsencrypt | Traefik - oAuth and Letsencrypt | ubuntu webserver | upgrade k3s | Wazuh single node Swarm | webserver setup | what is a sysadmin

The Hotel Hero

Notes by a Sysadmin

Cluster | Philosophy | Stack

Sudoer without password

 July 17, 2021 | Stack

There may be occations where some tasks, that usually requires root privileges, would be more handy to run without the need to provide a password.

In this example it is an automation for update, upgrade and reboot. Ofcause it is not advisable to run all sudo commands without providing passwords, in particular not on a webserver.

Due to the importance of the sudoer config file, it is advised to use the "visudo" editor:

sudo visudo

NOT ADVISED. If you just want your sudo user to run all commands without the need to provide passwords, add the following line:

your_user_name ALL=(ALL) NOPASSWD:ALL

If you want to restrict this abillity, to ex. update/upgrade/reboot (it would still be very problematic if a script were set to reboot you machine every second, so you might just use update, upgrade only)

your_user_name ALL=(ALL) NOPASSWD:/usr/bin/apt update, /usr/bin/apt upgrade, /sbin/reboot

This will remove the need for passwords for these commands.

Search

About

I'm a Sysadmin, network manager and cyber security entusiast. The main purpose of this public "notebook" is for referencing repetitive tasks, but it might as well come in handy to others. Windows can not be supported! But all other OS compliant with the POSIX-standard can (with minor adjustments) apply the configs on the site. It is Mac OSX, RHEL and all the Fedora based distros and Debian based (several 100's of OS's), all the BSD distros, Solaris, AIX and HP-UX.

Links