Re: Don't try this at home kids

Mon, 29 Nov 2021 14:50:47 -0800 

Hello,

Bob Bernstein <poo...@ruptured-duck.com> wrote on 29/11/2021 at 23:25:52+0100:

> How do I tell sudo not to ask me for my password?
>
> It's me. I'm on my computer. I already logged in with my password. No
> one else is logged on.
>
> I know all you purists out there are rending your garments if not your
> flesh. but c'mon sudo! Can't a brother catch a break around here?
>
> Thank you.

While I would still recommend you not to do that, here is how you can do
it.

man 5 sudoers reads:

>     PASSWD and NOPASSWD
>
>       By default, sudo requires that a user authenticate him or herself
>       before running a command.  This behavior can be modified via the
>       NOPASSWD tag.  Like a Runas_Spec, the NOPASSWD tag sets a default
>       for the commands that follow it in the Cmnd_Spec_List.
>       Conversely, the PASSWD tag can be used to reverse things.  For
>       exam‐ ple:
>
>       ray     rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
>
>       would allow the user ray to run /bin/kill, /bin/ls, and
>       /usr/bin/lprm as root on the machine rushmore with‐ out
>       authenticating himself.  If we only want ray to be able to run
>       /bin/kill without a password the entry would be:
>
>       ray     rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
>
>       Note, however, that the PASSWD tag has no effect on users who are
>       in the group specified by the exempt_group setting.
>
>       By default, if the NOPASSWD tag is applied to any of a user's
>       entries for the current host, the user will be able to run “sudo
>       -l” without a password.  Additionally, a user may only run “sudo
>       -v” without a pass‐ word if all of the user's entries for the
>       current host have the NOPASSWD tag.  This behavior may be over‐
>       ridden via the verifypw and listpw options.

Have a read at visudo's manpage, too. I won't give you the exact line to
type, as it's a nice way to make sure you understand what you are doing.

But still, you should consider not doing so, as it can bite back
strongly should your computer be accessed by someone else while you're
not at your desk and still logged in.

Anyway, meh.

-- 
PEB

Attachment: signature.asc
Description: PGP signature

Reply via email to