How can passwordless sudo access be setup on either RHEL (Fedora, CentOS, etc) or Ubuntu distributions? (If it's the same across distros, that's even better!)
Setting: personal and/or lab/training equipment with no concern for unauthorized access (ie, the devices are on non-public networks, and any/all users are fully trusted, and the contents of the devices are "plain-vanilla").
I'm switching this around a little bit from previous versions of this answer. I would suggest one of three approaches:
Recommended: make a group of users who can use sudo without a password:
%wheel ALL = (ALL) NOPASSWD: ALL
and add all user accounts which people might use to this group.
Secure-ish but annoying: grant passwordless sudo access to an explicit list of users:
User_Alias EVERYONE = user1, user2, user3, ...
EVERYONE ALL = (ALL) NOPASSWD: ALL
but you will have to edit the sudo configuration each time you want to change which users have access.
Insecure: if you really want to give all user accounts passwordless sudo access, thanks to a comment by medina, you can write
ALL ALL = (ALL) NOPASSWD: ALL
In each case, the lines in the code block should be added to /etc/sudoers (using the visudo command, of course, which will ensure that you haven't made any syntax errors), or to a file under /etc/sudoers.d if your system is set up to include those files in the sudo configuration (thanks Xetius). Note that lines in the sudo configuration are processed in order from top to bottom and later ones override earlier ones, so if you want to avoid something else overriding this, you should put it toward the end (thanks a1an).
The reason I recommend using a group rather than granting blanket passwordless sudo access to all users - even though I know that's what the question was asking for - is that, especially in the modern world, a significant security risk comes from compromise of other services running on the system. Sure, you might be able to totally trust all the real people who have access, but do you trust the mail server? The system logger? The Docker daemon? Whatever other services are running on the machine? And more to the point, do you trust whatever random person on the internet might have exploited a vulnerability in one of these services to make it do things? Giving passwordless sudo access to all users means that anyone who hacks into one of those services in a way that lets them execute commands can jump right to running commands as root, which probably means total compromise of the system. It's true that denying them access to sudo doesn't necessarily mean they can't compromise the system anyway, but you can at least make it harder for them.
Of course, different systems have different needs, and you might very well be in a situation where you really can trust that nobody will get the wrong kind of access to this computer, or that there is really nothing too bad anyone could do if they did. But at least stop to think about it. And when in doubt, it's better to limit access by default, because it sometimes turns out that you can't trust your system as much as you think you can, and if something does go wrong, it's going to be too late.
I tried the solutions above to no avail. The following solution worked for me Edit the /etc/sudoers file and add the following line
username ALL=(ALL) NOPASSWD: ALL
The key is to add it after the last line which says
#includedir /etc/sudoers.d
I tried all the answers on this page, with no useful results. Eventually I figured it out, use this command to list your sudo rights:
sudo -l
This should give you an output like this:
User gmurphy may run the following commands on this host:
(root) NOPASSWD: ALL
(ALL) ALL
It shows that I'm configured with root privileges but that I'm still part of a group (admin) matched to a sudo rule which expects the password ("(ALL) ALL"). This was forcing sudo to prompt me. The rule in question was the admin users:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
Once I commented this out, I was able to sudo without password. I hope this is of use to someone else.
Within /etc/sudoers there's an example of just that towards the bottom of the file:
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
There is another way to do it without touching the sudoers file.
Edit /etc/pam.d/su and uncomment the line below:
auth sufficient pam_wheel.so trust use_uid
Add the user to the wheel group.
This is an old thread, but it's interesting that no one has added the system default authenticate to this answer list. Using an entry of
Defaults !authenticate
In the sudoers file would allow any user to use their defined sudo commands without any password authentication. It's part of the default sudo specification and is portable across all platforms, as specified in the OP. And, if you need to scope it to a specific user, try
Defaults:<user_name> !authenticate
For those who are using Kali Linux and search engine guide you here, Kali Linux has a built-in utility to do this.
TL; DR
sudo apt install -y kali-grant-root && sudo dpkg-reconfigure kali-grant-root
There is another way to do it without touching the sudoers file.
Edit /etc/pam.d/sudo and add the line below:
auth sufficient pam_wheel.so trust use_uid
Add the user to the wheel group.
Props to "topdog" and "Daniel Serodio" for the original answer with regard to "su" rather than "sudo". I used that as a reference and shamelessly copied, and amended, their post.
echo -e "\n$USER ALL=(ALL) NOPASSWD: ALL\n" | sudo tee -a /etc/sudoers
sudo cat /etc/sudoers
reopen terminal, verify that you are not asked for your password:
sudo echo "it works!"
Specifically for Micro OS (opensuse) - I needed to use:
https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-adm-sudo.html#sec-sudo-usecases-userpw
In opensuse the wheel user is installed as a package:
system-group-wheeladd your user to the wheel group:
sudo usermod -a -G wheel USERNAME# /etc/sudoers.d/userpw
Defaults !targetpw
Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
wheel group with:transactional-update pkg in system-group-wheel
reboot
usermod -a -G wheel my-username
