Re: Don't try this at home kids
Hi,
On Mon, Nov 29, 2021 at 4:50 PM Pierre-Elliott Bécue <peb@debian.org> wrote:
>
>
> Hello,
>
> Bob Bernstein <poobah@ruptured-duck.com> wrote on 29/11/2021 at 23:25:52+0100:
>
> > How do I tell sudo not to ask me for my password?
> >
> > It's me. I'm on my computer. I already logged in with my password. No
> > one else is logged on.
> >
> > I know all you purists out there are rending your garments if not your
> > flesh. but c'mon sudo! Can't a brother catch a break around here?
> >
> > Thank you.
>
> While I would still recommend you not to do that, here is how you can do
> it.
>
> man 5 sudoers reads:
>
> > PASSWD and NOPASSWD
> >
> > By default, sudo requires that a user authenticate him or herself
> > before running a command. This behavior can be modified via the
> > NOPASSWD tag. Like a Runas_Spec, the NOPASSWD tag sets a default
> > for the commands that follow it in the Cmnd_Spec_List.
> > Conversely, the PASSWD tag can be used to reverse things. For
> > exam‐ ple:
> >
> > ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
> >
> > would allow the user ray to run /bin/kill, /bin/ls, and
> > /usr/bin/lprm as root on the machine rushmore with‐ out
> > authenticating himself. If we only want ray to be able to run
> > /bin/kill without a password the entry would be:
> >
> > ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
> >
> > Note, however, that the PASSWD tag has no effect on users who are
> > in the group specified by the exempt_group setting.
> >
> > By default, if the NOPASSWD tag is applied to any of a user's
> > entries for the current host, the user will be able to run “sudo
> > -l” without a password. Additionally, a user may only run “sudo
> > -v” without a pass‐ word if all of the user's entries for the
> > current host have the NOPASSWD tag. This behavior may be over‐
> > ridden via the verifypw and listpw options.
>
> Have a read at visudo's manpage, too. I won't give you the exact line to
> type, as it's a nice way to make sure you understand what you are doing.
>
> But still, you should consider not doing so, as it can bite back
> strongly should your computer be accessed by someone else while you're
> not at your desk and still logged in.
Especially if you have any kind of children... ;-)
Thank you.
>
> Anyway, meh.
>
> --
> PEB
Reply to: