Sudoers file, run specific commands without the password for sudo

Damián A.

4 minutes

about sudoers file run commands without password sudo

In the next article we are going to take a look at how we can run particular commands without the sudo password in Ubuntu thanks to the sudoers file. It seems logical to me to warn that what is going to be read below is for educational purposes only. It is essential to be very careful when applying what you will be able to read here. If for whatever reason you allow a user to execute the 'rm' command without having to write the sudo password, you could accidentally or maliciously remove important things from the operating system.

As I say, in the following lines we are going to see how to execute specific commands without having to write the sudo password in Unix-like operating systems. As all Ubuntu users know, it is necessary to write it when we execute a command using sudo. But when it comes to automating certain tasks, perhaps having to be writing it can be an inconvenience.

Execute specific commands without sudo password in Ubuntu

If for any reason, whatever it may be, you are interested in allowing a user to execute a particular command without having to type the sudo password, you should add that command to the sudoers file.

Let's say we want a user named interunosyceros run the mkdir command without having to type the sudo password. To do this, we will have to edit the sudoers. In the terminal (Ctrl + Alt + T) we write:

sudo visudo

When the file is opened, at the end of it we will add the following line:

line add file sudoers mkdir command 

entreunosyceros ALL=NOPASSWD:/bin/mkdir

In this line that is added in the previous capture, entreunosyceros is the username. According to this line, this user will be able to execute the command 'mkdir'without typing the sudo password.

mkdir without sudo password

The system is simple. We will be able add as many commands as we want separating them with commas, as it's shown in the following:

two commands add file sudoers 

entreunosyceros ALL=NOPASSWD:/bin/mkdir,/bin/chmod

After finishing adding the line, log out and log in again or reboot the system. From now on, the user referred to by the line added to the file sweats you will not need to enter the sudo password while executing any of the added commands. Yes indeed, when running all other commands, if you will be prompted to enter the password to use sudo.

Find the path to the command and add it to the sudoers file

In this case we want to add a command with a different path than the one we have used so far, the path to apt for example, we will need to correctly write the path to the executable file. In case of not being sure of it, we can use the command 'where's'to find out the correct path to apt. In the terminal (Ctrl + Alt + T) you would have to write:

path to apt 

whereis apt

As you can see in the screenshot above, the path for the apt command is / usr / bin / apt, therefore this is the path to add in the sudoers file.

In case we are interested in not having to type the password for sudo when executing the apt command, we will have to edit the sudoers file again:

sudo visudo

Inside it would be add the command 'apt' in the file as we did with the previous commands:

command apt add sudoers file 

entreunosyceros ALL=NOPASSWD:/bin/mkdir,/bin/chmod,/usr/bin/apt

After adding the command, save and close the sudoers file. Then log out and log in again. Now, it can be verified if the user can execute the command with the sudo prefix without using the password:

apt update without password 

sudo apt update

Ask for the sudo password for a specific command in the sudoers file

If after doing so, if you need the user to have to type the password again, all you have to do is edit the sudoers file and remove the added command. Save the file, log out, and log back in.

An alternative would be add the directive 'PASSWD:' in front of the command that we want it to need to write the sudo password. Following the example, we are going to modify the line added to the sudoers file as shown below:

passwd in a command inside sudoers file 

entreunosyceros ALL=NOPASSWD:/bin/mkdir,/bin/chmod,PASSWD:/usr/bin/apt

In this case, the user entreunosyceros can execute the commands'mkdir'Y'chmod'without typing the sudo password. However, you will have to type it when you want to run the command 'apt'.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   German Rivers said
    ago 4 years

    Hello. I was able to edit the sudoers file as you well explained in the post. Right now I am starting to use arch. To add the pacman command, for certain actions ... how should I do?, For example, I'm interested in not asking for a password to update the operating system, eg: sudo pacman update. But to quickly ask for pass. Thanks, best regard.

    Reply to German Rios