In the sudeors file, the authenticate parameter which is turned on by default is used for authentication purposes. If it is set, users must authenticate themselves via a password (or other means of authentication) before they run commands with sudo.

 

However, this default value may be overridden using the NOPASSWD (require no password when the user invokes sudo command) tag.

 

The syntax to configure user privileges is as follows:

user_list host_list=effective_user_list tag_list command_list

 

Where:

  • user_list – list of users or a user alias that has already been set.
  • host_list – list of hosts or a host alias on which users can run sudo.
  • effective_user_list – list of users they must be running as or a run as an alias.
  • tag_list – list of tags such as NOPASSWD.
  • command_list – list of commands or a command alias to be run by user(s) using sudo.

 

To allow a user (rootadminz in the example below) to run all commands using sudo without a password, open the sudoers file:

$ sudo visudo

 

And add the following line:

rootadminz ALL=(ALL) NOPASSWD: ALL

 

For the case of a group, use the % character before the group name as follows; this means that all member of the sys group will run all commands using sudo without a password.

%sys ALL=(ALL) NOPASSWD: ALL

 

To permit a user to run a given command (/bin/kill) using sudo without a password, add the following line:

rootadminz ALL=(ALL) NOPASSWD: /bin/kill

 

The line below will enable the member of the sys group to run the commands: /bin/kill, /bin/rm using sudo without a password:

%sys ALL=(ALL) NOPASSWD: /bin/kill, /bin/rm

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)