How to Configure Sudoers with NOPASSWD

Configuring your system to allow certain commands to run without needing to enter a password can be very useful. This is especially true for frequent administrative tasks. This guide will show you how to set up the /etc/sudoers file to allow passwordless sudo access using the NOPASSWD directive. In this tutorial, We will also include an example to demonstrate how to restart the Apache service with and without NOPASSWD settings.

Note: Be careful while making changes on production environment. Mistakes in this file can prevent you from using sudo, thereby locking you out of performing administrative tasks on the system.

Understanding the sudoers File

The /etc/sudoers file is where you control the permissions for sudo (superuser do). Editing this file correctly is crucial because any mistakes can lock you out of administrative access. Always use visudo to edit this file because it checks for syntax errors.

Setting Up NOPASSWD

Here’s how to configure the /etc/sudoers file to allow a specific user to execute a command without a password.

1. Open the sudoers file:

   sudo visudo
   

2. Add the NOPASSWD directive: Scroll down to the section where user permissions are specified. Add the following line to allow a specific user to run a command without a password. Replace username with your actual username.

   
   username ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart apache2.service
   
   

   To allow all the commands without asking password use:

   
   username ALL=(ALL) NOPASSWD: ALL
   
   

3. Save and exit: Save your changes and exit visudo. Typically, this is done by pressing Ctrl+X, then Y, and then Enter.

Example: Restarting Apache with and without NOPASSWD

Without NOPASSWD

By default, running a sudo command requires you to enter your password. For example, if you want to restart the Apache service, you’d use:

sudo systemctl restart apache2.service

After entering this command, you’ll be prompted to enter your password. Only after entering the correct password will the command execute.

With NOPASSWD

After configuring the /etc/sudoers file as described above, you can run the same command without needing to enter your password:

sudo systemctl restart apache2.service

This time, you won’t be prompted for a password. The command will execute immediately.

Conclusion

Configuring the /etc/sudoers file with the NOPASSWD directive can save time and streamline your workflow, especially for frequently used administrative tasks. However, be cautious and specific about the commands you allow to run without a password to maintain system security. By following this guide, you can easily set up passwordless sudo access for specific commands on your system.