In the sudeors file, the authenticate parameter which is turned on by default is used for authentication purposes. If it is set, users must authenticate themselves via a password (or other means of authentication) before they run commands with sudo.
However, this default value may be overridden using the NOPASSWD (require no password when the user invokes sudo command) tag.
The syntax to configure user privileges is as follows:
user_list host_list=effective_user_list tag_list command_list
- user_list – list of users or a user alias that has already been set.
- host_list – list of hosts or a host alias on which users can run sudo.
- effective_user_list – list of users they must be running as or a run as an alias.
- tag_list – list of tags such as NOPASSWD.
- command_list – list of commands or a command alias to be run by user(s) using sudo.
To allow a user (rootadminz in the example below) to run all commands using sudo without a password, open the sudoers file:
$ sudo visudo
And add the following line:
rootadminz ALL=(ALL) NOPASSWD: ALL
For the case of a group, use the % character before the group name as follows; this means that all member of the sys group will run all commands using sudo without a password.
%sys ALL=(ALL) NOPASSWD: ALL
To permit a user to run a given command (/bin/kill) using sudo without a password, add the following line:
rootadminz ALL=(ALL) NOPASSWD: /bin/kill
The line below will enable the member of the sys group to run the commands: /bin/kill, /bin/rm using sudo without a password:
%sys ALL=(ALL) NOPASSWD: /bin/kill, /bin/rm