sudo without password when logged in with SSH private keys
Is it possible to make sudo command to support SSH private keys, so that when the user logins using a private key then he/she could sudo without typing a password.
This would allow storing the UNIX sysadmin passwords in an encrypted cold storage and never need to access them, assuming the users use secure private SSH keys always to login on the server.
linux ssh sudo
asked Oct 24 '12 at 20:54
Mikko OhtamaaMikko Ohtamaa
94031432
add a comment |
Is it possible to make sudo command to support SSH private keys, so that when the user logins using a private key then he/she could sudo without typing a password.
This would allow storing the UNIX sysadmin passwords in an encrypted cold storage and never need to access them, assuming the users use secure private SSH keys always to login on the server.
linux ssh sudo
asked Oct 24 '12 at 20:54
Mikko OhtamaaMikko Ohtamaa
94031432
askubuntu.com/a/135838 If you put those users into a group, you sure can!
– Rob
Oct 24 '12 at 21:07
trysudo visudoand change your password toNOPASSWD: ALLsee if that works
– pneumatics
Oct 24 '12 at 21:08
3
@AlanTuring That would also work for users in that group who identified via a password.
– Xyon
Oct 24 '12 at 21:27
@AlanTuring That would effectively decrease the security of the server - I want only certain users, not all, sudo
– Mikko Ohtamaa
Oct 24 '12 at 22:14
It's possible to give priviliges to specific users. See my answer.
– Isaac Rabinovitch
Oct 26 '12 at 8:21
add a comment |
Is it possible to make sudo command to support SSH private keys, so that when the user logins using a private key then he/she could sudo without typing a password.
This would allow storing the UNIX sysadmin passwords in an encrypted cold storage and never need to access them, assuming the users use secure private SSH keys always to login on the server.
linux ssh sudo
asked Oct 24 '12 at 20:54
Mikko OhtamaaMikko Ohtamaa
94031432
Is it possible to make sudo command to support SSH private keys, so that when the user logins using a private key then he/she could sudo without typing a password.
This would allow storing the UNIX sysadmin passwords in an encrypted cold storage and never need to access them, assuming the users use secure private SSH keys always to login on the server.
linux ssh sudo
linux ssh sudo
asked Oct 24 '12 at 20:54
Mikko OhtamaaMikko Ohtamaa
94031432
asked Oct 24 '12 at 20:54
Mikko OhtamaaMikko Ohtamaa
94031432
edited Oct 24 '12 at 22:16
Mikko Ohtamaa
asked Oct 24 '12 at 20:54
Mikko OhtamaaMikko Ohtamaa
94031432
asked Oct 24 '12 at 20:54
Mikko OhtamaaMikko Ohtamaa
94031432
asked Oct 24 '12 at 20:54
Mikko OhtamaaMikko Ohtamaa
94031432
94031432
askubuntu.com/a/135838 If you put those users into a group, you sure can!
– Rob
Oct 24 '12 at 21:07
trysudo visudoand change your password toNOPASSWD: ALLsee if that works
– pneumatics
Oct 24 '12 at 21:08
3
@AlanTuring That would also work for users in that group who identified via a password.
– Xyon
Oct 24 '12 at 21:27
@AlanTuring That would effectively decrease the security of the server - I want only certain users, not all, sudo
– Mikko Ohtamaa
Oct 24 '12 at 22:14
It's possible to give priviliges to specific users. See my answer.
– Isaac Rabinovitch
Oct 26 '12 at 8:21
add a comment |
askubuntu.com/a/135838 If you put those users into a group, you sure can!
– Rob
Oct 24 '12 at 21:07
trysudo visudoand change your password toNOPASSWD: ALLsee if that works
– pneumatics
Oct 24 '12 at 21:08
3
@AlanTuring That would also work for users in that group who identified via a password.
– Xyon
Oct 24 '12 at 21:27
@AlanTuring That would effectively decrease the security of the server - I want only certain users, not all, sudo
– Mikko Ohtamaa
Oct 24 '12 at 22:14
It's possible to give priviliges to specific users. See my answer.
– Isaac Rabinovitch
Oct 26 '12 at 8:21
askubuntu.com/a/135838 If you put those users into a group, you sure can!
– Rob
Oct 24 '12 at 21:07
askubuntu.com/a/135838 If you put those users into a group, you sure can!
– Rob
Oct 24 '12 at 21:07
try
sudo visudo and change your password to NOPASSWD: ALL see if that works– pneumatics
Oct 24 '12 at 21:08
try
sudo visudo and change your password to NOPASSWD: ALL see if that works– pneumatics
Oct 24 '12 at 21:08
3
3
@AlanTuring That would also work for users in that group who identified via a password.
– Xyon
Oct 24 '12 at 21:27
@AlanTuring That would also work for users in that group who identified via a password.
– Xyon
Oct 24 '12 at 21:27
@AlanTuring That would effectively decrease the security of the server - I want only certain users, not all, sudo
– Mikko Ohtamaa
Oct 24 '12 at 22:14
@AlanTuring That would effectively decrease the security of the server - I want only certain users, not all, sudo
– Mikko Ohtamaa
Oct 24 '12 at 22:14
It's possible to give priviliges to specific users. See my answer.
– Isaac Rabinovitch
Oct 26 '12 at 8:21
It's possible to give priviliges to specific users. See my answer.
– Isaac Rabinovitch
Oct 26 '12 at 8:21
add a comment |
4 Answers
4
active
oldest
votes
The option to do so has existed since (at least) April 2014.
You will need to install a package called pam_ssh_agent_auth (available for Centos 7 out of the box, YMMV), then configure /etc/pam.d/sudo to accept it as an authorization method. Finally, you may need to add SSH_AUTH_SOCK to the list of environment variables that persist during sudo.
The Gentoo wiki has details for these steps.
answered Dec 27 '18 at 4:53
Liam DawsonLiam Dawson
21716
1
Lovely, thank you Liam. Too bad I have not been into sysadmin for many years!
– Mikko Ohtamaa
Dec 27 '18 at 14:16
add a comment |
This is not possible without some serious code changes to sudo and sshd. Sudo doesn't know about login methods, and ssh doesn't publish to other programs anything that would indicate whether public key, password, or some other mechanism was used for login.
As someone else said, you can use the NOPASSWD option in sudoers - this would apply to specified users always, though, not only when they use ssh with private keys.
If you really want, there may be tricks you can do with a suid program that checks the sshd log and locks/edits the sudoers file to let that user do a no-password sudo, and a periodic task to revoke this permission.
All that said, I think this is a bad idea. Requiring a password for privileged commands has a couple of nice benefits that private key SSH doesn't. Notably, it lets you have timeouts for the auth (password must be re-entered, not true for ssh sessions), it lets you have password minimums and rotation (unlike ssh keys, which have a passphrase outside the server's control).
answered Oct 24 '12 at 22:29
DagonDagon
552
8
"It can't be done" is not an answer, especially when it can be done.
– Isaac Rabinovitch
Oct 26 '12 at 22:58
Changing the answer to the correct one containing new informatino.
– Mikko Ohtamaa
Dec 27 '18 at 14:15
add a comment |
A couple of answers Point to sudo without a seperate user Password. You should be Aware that this will decrease your security.
For a user that already authenticated strongly with a certificate this might not be an issue because he is in posession of the certificate that theoretically could make him root.
However if you think about vulnerabilites that will provide an attacker with a limited user shell and this user has NOPASSWD set in the sudoers file the attacker is root without having any credentials to the System at all.
If sudo requires a password from the user the attacker needs time and luck to escalate his privileges to root.
answered Sep 23 '14 at 14:58
Sebastian BrabetzSebastian Brabetz
1311
add a comment |
No stored passwords or keys required. You can get the result you want by granting the user no-password acccess in /etc/sudoers. Just add the following line:
user ALL=(ALL) NOPASSWD: ALL
Be sure to use visudo to edit sudoers. You might want to give the sudoers man page a quick look so you understand what you're doing.
answered Oct 25 '12 at 2:00
Isaac RabinovitchIsaac Rabinovitch
2,5961728
2
This disables the password requirement for all users and not just those that have logged in with SSH keys, which is what the question is asking about.
– Burhan Ali
Oct 7 '14 at 15:40
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f492405%2fsudo-without-password-when-logged-in-with-ssh-private-keys%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
The option to do so has existed since (at least) April 2014.
You will need to install a package called pam_ssh_agent_auth (available for Centos 7 out of the box, YMMV), then configure /etc/pam.d/sudo to accept it as an authorization method. Finally, you may need to add SSH_AUTH_SOCK to the list of environment variables that persist during sudo.
The Gentoo wiki has details for these steps.
answered Dec 27 '18 at 4:53
Liam DawsonLiam Dawson
21716
1
Lovely, thank you Liam. Too bad I have not been into sysadmin for many years!
– Mikko Ohtamaa
Dec 27 '18 at 14:16
add a comment |
The option to do so has existed since (at least) April 2014.
You will need to install a package called pam_ssh_agent_auth (available for Centos 7 out of the box, YMMV), then configure /etc/pam.d/sudo to accept it as an authorization method. Finally, you may need to add SSH_AUTH_SOCK to the list of environment variables that persist during sudo.
The Gentoo wiki has details for these steps.
answered Dec 27 '18 at 4:53
Liam DawsonLiam Dawson
21716
1
Lovely, thank you Liam. Too bad I have not been into sysadmin for many years!
– Mikko Ohtamaa
Dec 27 '18 at 14:16
add a comment |
The option to do so has existed since (at least) April 2014.
You will need to install a package called pam_ssh_agent_auth (available for Centos 7 out of the box, YMMV), then configure /etc/pam.d/sudo to accept it as an authorization method. Finally, you may need to add SSH_AUTH_SOCK to the list of environment variables that persist during sudo.
The Gentoo wiki has details for these steps.
answered Dec 27 '18 at 4:53
Liam DawsonLiam Dawson
21716
The option to do so has existed since (at least) April 2014.
You will need to install a package called pam_ssh_agent_auth (available for Centos 7 out of the box, YMMV), then configure /etc/pam.d/sudo to accept it as an authorization method. Finally, you may need to add SSH_AUTH_SOCK to the list of environment variables that persist during sudo.
The Gentoo wiki has details for these steps.
answered Dec 27 '18 at 4:53
Liam DawsonLiam Dawson
21716
answered Dec 27 '18 at 4:53
Liam DawsonLiam Dawson
21716
answered Dec 27 '18 at 4:53
Liam DawsonLiam Dawson
21716
answered Dec 27 '18 at 4:53
Liam DawsonLiam Dawson
21716
21716
1
Lovely, thank you Liam. Too bad I have not been into sysadmin for many years!
– Mikko Ohtamaa
Dec 27 '18 at 14:16
add a comment |
1
Lovely, thank you Liam. Too bad I have not been into sysadmin for many years!
– Mikko Ohtamaa
Dec 27 '18 at 14:16
1
1
Lovely, thank you Liam. Too bad I have not been into sysadmin for many years!
– Mikko Ohtamaa
Dec 27 '18 at 14:16
Lovely, thank you Liam. Too bad I have not been into sysadmin for many years!
– Mikko Ohtamaa
Dec 27 '18 at 14:16
add a comment |
This is not possible without some serious code changes to sudo and sshd. Sudo doesn't know about login methods, and ssh doesn't publish to other programs anything that would indicate whether public key, password, or some other mechanism was used for login.
As someone else said, you can use the NOPASSWD option in sudoers - this would apply to specified users always, though, not only when they use ssh with private keys.
If you really want, there may be tricks you can do with a suid program that checks the sshd log and locks/edits the sudoers file to let that user do a no-password sudo, and a periodic task to revoke this permission.
All that said, I think this is a bad idea. Requiring a password for privileged commands has a couple of nice benefits that private key SSH doesn't. Notably, it lets you have timeouts for the auth (password must be re-entered, not true for ssh sessions), it lets you have password minimums and rotation (unlike ssh keys, which have a passphrase outside the server's control).
answered Oct 24 '12 at 22:29
DagonDagon
552
8
"It can't be done" is not an answer, especially when it can be done.
– Isaac Rabinovitch
Oct 26 '12 at 22:58
Changing the answer to the correct one containing new informatino.
– Mikko Ohtamaa
Dec 27 '18 at 14:15
add a comment |
This is not possible without some serious code changes to sudo and sshd. Sudo doesn't know about login methods, and ssh doesn't publish to other programs anything that would indicate whether public key, password, or some other mechanism was used for login.
As someone else said, you can use the NOPASSWD option in sudoers - this would apply to specified users always, though, not only when they use ssh with private keys.
If you really want, there may be tricks you can do with a suid program that checks the sshd log and locks/edits the sudoers file to let that user do a no-password sudo, and a periodic task to revoke this permission.
All that said, I think this is a bad idea. Requiring a password for privileged commands has a couple of nice benefits that private key SSH doesn't. Notably, it lets you have timeouts for the auth (password must be re-entered, not true for ssh sessions), it lets you have password minimums and rotation (unlike ssh keys, which have a passphrase outside the server's control).
answered Oct 24 '12 at 22:29
DagonDagon
552
8
"It can't be done" is not an answer, especially when it can be done.
– Isaac Rabinovitch
Oct 26 '12 at 22:58
Changing the answer to the correct one containing new informatino.
– Mikko Ohtamaa
Dec 27 '18 at 14:15
add a comment |
This is not possible without some serious code changes to sudo and sshd. Sudo doesn't know about login methods, and ssh doesn't publish to other programs anything that would indicate whether public key, password, or some other mechanism was used for login.
As someone else said, you can use the NOPASSWD option in sudoers - this would apply to specified users always, though, not only when they use ssh with private keys.
If you really want, there may be tricks you can do with a suid program that checks the sshd log and locks/edits the sudoers file to let that user do a no-password sudo, and a periodic task to revoke this permission.
All that said, I think this is a bad idea. Requiring a password for privileged commands has a couple of nice benefits that private key SSH doesn't. Notably, it lets you have timeouts for the auth (password must be re-entered, not true for ssh sessions), it lets you have password minimums and rotation (unlike ssh keys, which have a passphrase outside the server's control).
answered Oct 24 '12 at 22:29
DagonDagon
552
This is not possible without some serious code changes to sudo and sshd. Sudo doesn't know about login methods, and ssh doesn't publish to other programs anything that would indicate whether public key, password, or some other mechanism was used for login.
As someone else said, you can use the NOPASSWD option in sudoers - this would apply to specified users always, though, not only when they use ssh with private keys.
If you really want, there may be tricks you can do with a suid program that checks the sshd log and locks/edits the sudoers file to let that user do a no-password sudo, and a periodic task to revoke this permission.
All that said, I think this is a bad idea. Requiring a password for privileged commands has a couple of nice benefits that private key SSH doesn't. Notably, it lets you have timeouts for the auth (password must be re-entered, not true for ssh sessions), it lets you have password minimums and rotation (unlike ssh keys, which have a passphrase outside the server's control).
answered Oct 24 '12 at 22:29
DagonDagon
552
answered Oct 24 '12 at 22:29
DagonDagon
552
answered Oct 24 '12 at 22:29
DagonDagon
552
answered Oct 24 '12 at 22:29
DagonDagon
552
552
8
"It can't be done" is not an answer, especially when it can be done.
– Isaac Rabinovitch
Oct 26 '12 at 22:58
Changing the answer to the correct one containing new informatino.
– Mikko Ohtamaa
Dec 27 '18 at 14:15
add a comment |
8
"It can't be done" is not an answer, especially when it can be done.
– Isaac Rabinovitch
Oct 26 '12 at 22:58
Changing the answer to the correct one containing new informatino.
– Mikko Ohtamaa
Dec 27 '18 at 14:15
8
8
"It can't be done" is not an answer, especially when it can be done.
– Isaac Rabinovitch
Oct 26 '12 at 22:58
"It can't be done" is not an answer, especially when it can be done.
– Isaac Rabinovitch
Oct 26 '12 at 22:58
Changing the answer to the correct one containing new informatino.
– Mikko Ohtamaa
Dec 27 '18 at 14:15
Changing the answer to the correct one containing new informatino.
– Mikko Ohtamaa
Dec 27 '18 at 14:15
add a comment |
A couple of answers Point to sudo without a seperate user Password. You should be Aware that this will decrease your security.
For a user that already authenticated strongly with a certificate this might not be an issue because he is in posession of the certificate that theoretically could make him root.
However if you think about vulnerabilites that will provide an attacker with a limited user shell and this user has NOPASSWD set in the sudoers file the attacker is root without having any credentials to the System at all.
If sudo requires a password from the user the attacker needs time and luck to escalate his privileges to root.
answered Sep 23 '14 at 14:58
Sebastian BrabetzSebastian Brabetz
1311
add a comment |
A couple of answers Point to sudo without a seperate user Password. You should be Aware that this will decrease your security.
For a user that already authenticated strongly with a certificate this might not be an issue because he is in posession of the certificate that theoretically could make him root.
However if you think about vulnerabilites that will provide an attacker with a limited user shell and this user has NOPASSWD set in the sudoers file the attacker is root without having any credentials to the System at all.
If sudo requires a password from the user the attacker needs time and luck to escalate his privileges to root.
answered Sep 23 '14 at 14:58
Sebastian BrabetzSebastian Brabetz
1311
add a comment |
A couple of answers Point to sudo without a seperate user Password. You should be Aware that this will decrease your security.
For a user that already authenticated strongly with a certificate this might not be an issue because he is in posession of the certificate that theoretically could make him root.
However if you think about vulnerabilites that will provide an attacker with a limited user shell and this user has NOPASSWD set in the sudoers file the attacker is root without having any credentials to the System at all.
If sudo requires a password from the user the attacker needs time and luck to escalate his privileges to root.
answered Sep 23 '14 at 14:58
Sebastian BrabetzSebastian Brabetz
1311
A couple of answers Point to sudo without a seperate user Password. You should be Aware that this will decrease your security.
For a user that already authenticated strongly with a certificate this might not be an issue because he is in posession of the certificate that theoretically could make him root.
However if you think about vulnerabilites that will provide an attacker with a limited user shell and this user has NOPASSWD set in the sudoers file the attacker is root without having any credentials to the System at all.
If sudo requires a password from the user the attacker needs time and luck to escalate his privileges to root.
answered Sep 23 '14 at 14:58
Sebastian BrabetzSebastian Brabetz
1311
answered Sep 23 '14 at 14:58
Sebastian BrabetzSebastian Brabetz
1311
answered Sep 23 '14 at 14:58
Sebastian BrabetzSebastian Brabetz
1311
answered Sep 23 '14 at 14:58
Sebastian BrabetzSebastian Brabetz
1311
1311
add a comment |
add a comment |
No stored passwords or keys required. You can get the result you want by granting the user no-password acccess in /etc/sudoers. Just add the following line:
user ALL=(ALL) NOPASSWD: ALL
Be sure to use visudo to edit sudoers. You might want to give the sudoers man page a quick look so you understand what you're doing.
answered Oct 25 '12 at 2:00
Isaac RabinovitchIsaac Rabinovitch
2,5961728
2
This disables the password requirement for all users and not just those that have logged in with SSH keys, which is what the question is asking about.
– Burhan Ali
Oct 7 '14 at 15:40
add a comment |
No stored passwords or keys required. You can get the result you want by granting the user no-password acccess in /etc/sudoers. Just add the following line:
user ALL=(ALL) NOPASSWD: ALL
Be sure to use visudo to edit sudoers. You might want to give the sudoers man page a quick look so you understand what you're doing.
answered Oct 25 '12 at 2:00
Isaac RabinovitchIsaac Rabinovitch
2,5961728
2
This disables the password requirement for all users and not just those that have logged in with SSH keys, which is what the question is asking about.
– Burhan Ali
Oct 7 '14 at 15:40
add a comment |
No stored passwords or keys required. You can get the result you want by granting the user no-password acccess in /etc/sudoers. Just add the following line:
user ALL=(ALL) NOPASSWD: ALL
Be sure to use visudo to edit sudoers. You might want to give the sudoers man page a quick look so you understand what you're doing.
answered Oct 25 '12 at 2:00
Isaac RabinovitchIsaac Rabinovitch
2,5961728
No stored passwords or keys required. You can get the result you want by granting the user no-password acccess in /etc/sudoers. Just add the following line:
user ALL=(ALL) NOPASSWD: ALL
Be sure to use visudo to edit sudoers. You might want to give the sudoers man page a quick look so you understand what you're doing.
answered Oct 25 '12 at 2:00
Isaac RabinovitchIsaac Rabinovitch
2,5961728
answered Oct 25 '12 at 2:00
Isaac RabinovitchIsaac Rabinovitch
2,5961728
answered Oct 25 '12 at 2:00
Isaac RabinovitchIsaac Rabinovitch
2,5961728
answered Oct 25 '12 at 2:00
Isaac RabinovitchIsaac Rabinovitch
2,5961728
2,5961728
2
This disables the password requirement for all users and not just those that have logged in with SSH keys, which is what the question is asking about.
– Burhan Ali
Oct 7 '14 at 15:40
add a comment |
2
This disables the password requirement for all users and not just those that have logged in with SSH keys, which is what the question is asking about.
– Burhan Ali
Oct 7 '14 at 15:40
2
2
This disables the password requirement for all users and not just those that have logged in with SSH keys, which is what the question is asking about.
– Burhan Ali
Oct 7 '14 at 15:40
This disables the password requirement for all users and not just those that have logged in with SSH keys, which is what the question is asking about.
– Burhan Ali
Oct 7 '14 at 15:40
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f492405%2fsudo-without-password-when-logged-in-with-ssh-private-keys%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
askubuntu.com/a/135838 If you put those users into a group, you sure can!
– Rob
Oct 24 '12 at 21:07
try
sudo visudoand change your password toNOPASSWD: ALLsee if that works– pneumatics
Oct 24 '12 at 21:08
3
@AlanTuring That would also work for users in that group who identified via a password.
– Xyon
Oct 24 '12 at 21:27
@AlanTuring That would effectively decrease the security of the server - I want only certain users, not all, sudo
– Mikko Ohtamaa
Oct 24 '12 at 22:14
It's possible to give priviliges to specific users. See my answer.
– Isaac Rabinovitch
Oct 26 '12 at 8:21