HOWTO Setup sudo to Avoid Entering a Password

Share your own howto's etc. Not for support questions!

HOWTO Setup sudo to Avoid Entering a Password

Postby bchat » 2014-01-25 19:37

Recommended Setup
Instead of a password-less setup I recommend simply putting your userid into the sudo group. You will have to enter a password once and a while, but it is more secure because it doesn't leave you as vulnerable to malicious scripts that use sudo to get root access. When you enter your password you won't have to enter it again for a certain amount of time.

You should add your userid to the sudo group.This is the command you would use if you wanted to do this, replacing "bill" with your own userid:
Code: Select all
usermod --groups sudo --append bill

Password-Less Setup

DISCLAIMER: Following this procedure leaves you vulnerable to attacks from scripts that use sudo to get root access.

To setup sudo so that you don't need to enter a password, follow these steps:

Steps
  1. Become root by entering the "su" command followed by the root password, when prompted.
  2. Used your editor to create a file in the /etc/sudoers.d directory. You can name the file whatever you want. I named it sudoers-custom. For example:
    Code: Select all
    vi /etc/sudoers.d/sudoers-custom
  3. Add the following line to the file, replacing "bill" with your userid because "bill" is my userid:
    Code: Select all
    bill    ALL=(ALL:ALL) NOPASSWD: ALL
Last edited by bchat on 2014-05-10 17:38, edited 1 time in total.
PowerBook G4 15" Aluminum / 1.5 GHz PowerPC 7447a (32-bit) CPU with AltiVec Velocity Engine / 1 GB RAM / ATI Mobility Radeon 9700 (4X AGP) 64 MB
Debian Wheezy 7.8 ONLY / Gnome 3.4.2 Fallback Mode
$50 complete system cost
User avatar
bchat
 
Posts: 10
Joined: 2013-12-18 00:25
Location: Ohio, USA

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby ziggybopbopdoo » 2014-01-25 21:33


If you are reckless in regards to security then you might as well do this.

If you care about the security of your system you would never do this.

If you are hyper vigilant about security then you would not even have sudo installed if it isn't necessary.
Last edited by ziggybopbopdoo on 2014-02-09 06:26, edited 6 times in total.
ziggybopbopdoo
 
Posts: 107
Joined: 2014-01-25 21:27

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby caduceus » 2014-01-26 04:16

have you ever read the sudoers manual. this and other items in the manual configs is what makes the whole system difficult.
here is a set of procedures.
here is the way to basterdize it.
User avatar
caduceus
 
Posts: 46
Joined: 2012-08-03 22:38

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby Randicus » 2014-01-26 04:45

Do not be hard on the OP caduceus. This is a wonderful how-to. It almost removes those "annoying" security features of a Unix-based system entirely. The only step left is to configure automatic log-in as root without a password. Then the system would be configured perfectly!
Randicus
 
Posts: 2664
Joined: 2011-05-08 09:11

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby ziggybopbopdoo » 2014-01-26 05:46

I have no idea what he is bastardizing and certainly a admin can configure his system any way he wishes.

I would suggest a little warning but then again if someone is going to tweak then they certainly should understand their actions have consequences.

Heck I always like to give enough rope for someone to hang themselves, makes for great entertainment.
ziggybopbopdoo
 
Posts: 107
Joined: 2014-01-25 21:27

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby Randicus » 2014-01-26 08:11

ziggybopbopdoo wrote:certainly a admin can configure his system any way he wishes.

But if that person does something that is incorrect, unwise, foolish or stupid, that person should not give others instructions to do the same. Posts like the OP are an argument for guides to need a moderator's permission before being added to the how-to section. With the continual decline in the board's quality, such a system might need to be considered.
Randicus
 
Posts: 2664
Joined: 2011-05-08 09:11

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby ziggybopbopdoo » 2014-01-26 09:16

Randicus wrote:But if that person does something that is incorrect, unwise, foolish or stupid, that person should not give others instructions to do the same.

I agree, if it is inherently dangerous and glaringly obvious that in no situation could it be useful/desirable then it certainly should certainly get the torch. Could you please explain what about this is unwise, incorrect, foolish or stupid?


I do not see anything incorrect about properly configuring sudo. It is capable of being configured with no password so it is a valid configuration. It is simply a utility and a way of configuring the utility.

I do not see it as inherently unwise/foolish/stupid. It may be unwise/foolish/stupid depending on the situation but that is something each person will need to determine for themselves.

Now that I think about it I wonder why on earth I bother with a sudo password for myself. It doesn't actually make much sense in my situation. I don't run questionable code. I am the only user so no need for restricting which commands I can use. What would be the point in having to enter a password to run a command that I want to run?


As I mentioned a warning would be nice but then again the ramifications of doing this should be obvious anyway.
ziggybopbopdoo
 
Posts: 107
Joined: 2014-01-25 21:27

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby Randicus » 2014-01-26 09:28

ziggybopbopdoo wrote:Could you please explain what about this is unwise, incorrect, foolish or stupid?

Is disabling basic security features wise or unwise? That is for each to decide on their own.

I am the only user so no need for restricting which commands I can use. What would be the point in having to enter a password to run a command that I want to run?

That is fine if one knows what one is doing, but it is terrible advice to give to those who do not yet know. To use your earlier analogy, that is not giving someone enough rope to hang himself. It is giving him the rope and the idea.
Randicus
 
Posts: 2664
Joined: 2011-05-08 09:11

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby ziggybopbopdoo » 2014-01-26 09:41

That is your whole arguement? You keep saying is is unwise, foolish, stupid, terrible advice yet you never actually say what makes it so.


No security feature is being disable, negated, or even worked around. A tool is being used. The admin is configuring sudo apropriately for the situation.


How is this terrible advice to give a user? The user certainly already knows his password so what would having him type it again solve or cause?


Certainly he isn't going to accidently type in sudo before a dangerous command and press enter accidently. If he does then he could of just as easily typed in his password accidently, opened up a root terminal accidently, su'd to root accidently, etc.
ziggybopbopdoo
 
Posts: 107
Joined: 2014-01-25 21:27

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby curtaintwitcher » 2014-01-26 09:56

Passwordless sudo potentially gives malicious code unrestricted access. If I write a script and precede every command with sudo, on a regular sudo setup, it will prompt for the password, on the OP's system it can silently compromise security.
curtaintwitcher
 
Posts: 160
Joined: 2013-12-05 13:46

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby ziggybopbopdoo » 2014-01-26 10:03

curtaintwitcher wrote:Passwordless sudo potentially gives malicious code unrestricted access. If I write a script and precede every command with sudo, on a regular sudo setup, it will prompt for the password, on the OP's system it can silently compromise security.



So I am dumb enough to run malicious code but I am smart enough not to enter my password when malicious code asks for it?

Really?
ziggybopbopdoo
 
Posts: 107
Joined: 2014-01-25 21:27

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby Randicus » 2014-01-26 10:05

:?
Randicus
 
Posts: 2664
Joined: 2011-05-08 09:11

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby curtaintwitcher » 2014-01-26 10:06

No, just run the X server as root, go ahead, knock yourself out.
curtaintwitcher
 
Posts: 160
Joined: 2013-12-05 13:46

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby Randicus » 2014-01-26 10:11

curtaintwitcher wrote:on the OP's system it can silently compromise security.

ziggybopbopdoo wrote:but I am smart enough not to enter my password when malicious code asks for it?
I highlighted the word you missed.
Randicus
 
Posts: 2664
Joined: 2011-05-08 09:11

Re: HOWTO Setup sudo to Avoid Entering a Password

Postby ziggybopbopdoo » 2014-01-26 10:12

curtaintwitcher wrote:No, just run the X server as root, go ahead, knock yourself out.



Logging into a graphical environment as root would be a totally different issue. That would be a one of those inherently dangerous situations. Lets stick to this issue or create a new thread please.
ziggybopbopdoo
 
Posts: 107
Joined: 2014-01-25 21:27

Next

Return to Docs, Howtos, Tips & Tricks

Who is online

Users browsing this forum: No registered users and 4 guests

fashionable