All Linux HowTo's Security HowTo's

Sudo Without a Password & Restricted Commands/Groups – CentOS and Redhat

This article explains how to use SUDO without being prompted for the password. We can restrict which users and/or groups can do this.

As root, edit the file “/etc/sudoers”. Add the line:

agix    ALL=(ALL) NOPASSWD:     ALL

The above means that the user “agix” can use sudo without being prompted for a password. We can also specify which groups of users can use sudo without a password prompt.

%wheel  ALL=(ALL)       NOPASSWD: ALL

The above means that any member of the “wheel” group (specified within “/etc/group”) can sudo without a password prompt. We can combine the two methods:

sam    ALL=(ALL) NOPASSWD:     ALL
sally    ALL=(ALL) NOPASSWD:     ALL
%wheel  ALL=(ALL)       NOPASSWD: ALL

You can limit the commands the “wheel” group members can run by replacing the above “%wheel” line with the following:

%wheel  ALL=NOPASSWD: WHEELLIMIT

And you need to specify what the “WHEELLIMIT” consists of. Put the following line near the top of the sudoers file where the other examples are for “Cmnd_Alias”:

Cmnd_Alias WHEELLIMIT = /bin/ls, /sbin/ifconfig, /usr/bin/vim, /usr/bin/vi, /sbin/service, /usr/bin/less, /bin/more

Similar Posts: