99

I know I can become root (super user) via the su command but I have to authorize it after entering the commands. Is there a way I can become root and authorize (with password) in one line

Zanna
  • 70,465
Vader
  • 1,382
  • 2
  • 10
  • 18

6 Answers6

103

In terminal run the visudo command to edit the sudoers file:

sudo visudo

and add the following line to the sudoers list

username ALL = NOPASSWD : ALL

Note: Replace username with your real UserName in above line.

αғsнιη
  • 35,660
Din
  • 2,081
  • 5
  • 19
  • 20
  • 11
    This would seem to be a huge security risk. I certainly couldn't recommend this course of action. – Elder Geek Mar 27 '15 at 15:02
  • 10
    @ElderGeek why? Other than risking someone sitting at your computer and doing some sudo evil, is there any other security implications of adding username ALL = NOPASSWD : ALL? – brillout Jul 28 '15 at 15:57
  • @brillout.com isn't "sudo evil" reason enough? I'm not a proponent of passwordless access. You however are entitled to do as you wish and deal with the consequences. – Elder Geek Jul 30 '15 at 13:10
  • Related: http://askubuntu.com/questions/334318/sudoers-file-enable-nopasswd-for-user-all-commands – Elder Geek Jul 30 '15 at 13:12
  • 1
    Note: I had to log out and log back in before the password prompt went away using this technique (Mint 17.3) -- Also this should be placed at the end of the sudoers list or it could get clobbered by other settings as the sudoers is processed line by line. Also, be careful with this on production systems (see 'sudo evil' thread above :) – RyanNerd Mar 16 '16 at 22:50
  • 11
    Forgetting to put this line LAST in sudoers burns me every time. PUT IT AT THE END. – moodboom Sep 26 '16 at 01:56
  • @ElderGeek well, it truly is a security risk, but that's exactly what the OP was asking for - the question was: "How to avoid prompt password for sudo?". This is a valid answer. – prompteus Oct 01 '16 at 22:20
  • @cuddlecheek You may note that I said I couldn't recommend it (for what I would assume are obvious reasons) and also linked a closely related question. I don't see where you got the idea that I said it wasn't a valid answer. – Elder Geek Oct 01 '16 at 22:26
  • @ElderGeek Oh, I'm sorry for misunderstanding. I related your comments to the answer, not question. – prompteus Oct 02 '16 at 08:39
  • @cuddlecheek No confusion. I said what I meant. – Elder Geek Oct 02 '16 at 12:19
  • 2
    I would consider jiminikiz approach here a safer more well considered approach. http://askubuntu.com/questions/192050/how-to-run-sudo-command-with-no-password?noredirect=1&lq=1 – Elder Geek Oct 02 '16 at 12:25
  • try it and failed on CentOS. – MUY Belgium Jun 28 '18 at 08:26
  • 1
    @brillout, Elder Geek, This would be a security risk on a server. On a personal computer, sudo is just PITA for the user. If someone can "sit on your computer all day" sudo can't prevent him from doing whatever he wants. Root is one reboot away... – DimiDak May 07 '21 at 00:33
  • cat /etc/sudoers (and drop in folder /etc/sudoers.d) or man sudoers has more info. – ptommasi Oct 19 '21 at 11:34
98

Well, the only thing I can think of is 

echo 'password' | sudo -S command

The -S flag makes sudo read the password from the standard input. As explained in man sudo:

-S, --stdin

Write the prompt to the standard error and read the password from the standard input instead of using the terminal device. The password must be followed by a newline character.

So, to run ls with sudo privileges, you would do

echo 'password' | sudo -S ls

Note that this will produce an error if your sudo access token is active, if you don't need to enter your password because you've already done so recently. To get around that, you could use -k to reset the access token:

echo 'password' | sudo -kS ls

I don't know of any way of getting you into an actual root shell (like su or sudo -i) do. This might be enough for what you need though.

terdon
  • 100,812
  • 35
    It should be noted, too, that this method should be considered extremely insecure, as your password is written in your history and may also be visible to other users through a process listing. I'm not sure how big a deal that is for a single-user desktop system though. – jkt123 May 22 '14 at 02:07
  • 1
    The only use I can see for this is to write a script that includes a command that requires root privileges. This is very bad, as the password is in plain text in the script. – Marc May 22 '14 at 02:20
  • 1
    @Marc and everybody else, don't tell me. I would never use it and don't have any idea why the OP would want to. It is extremely insecure and cumbersome and playing with the access token timeout settings is much better. If you want to suggest to the OP that he not do this, please leave a comment under the question. I just answered the thing, I'm not espousing it. – terdon May 22 '14 at 02:36
  • 14
    If you don't want something saved to bash history, prepend it with a space. That (by default) will stop it being saved. – Oli May 22 '14 at 08:21
  • 11
    To anyone reading this answer: please don't do this. You don't automate password input - you avoid the need for passwords for specific situations. Like the other answer says. – mgarciaisaia Nov 13 '15 at 17:13
  • All the shells I'm using have a builtin echo: the password should not appear in the process list in this case. @jkt123 – ysdx Sep 13 '16 at 21:56
  • wait we put our password as clear text there? my file is going into source control, so I can't do that! – Alexander Mills Dec 21 '16 at 04:55
  • This came in very handy for mounting a shared folder in a virtualbox virtual machine. Far less risky than working with fstab. – www139 May 15 '18 at 04:06
  • This response is very relevant in some situations where you want to execute a comand using sudo escalation in many remote servers using a tool like parallel.ssh or similar. In this case frecuently you don't have privileges to execute visudo or modify the sudoers in the target servers. This solution will work in such situations and you may avoid to expose the password in the bash history by placing this in a file and using cat. – Luis Vazquez Aug 09 '19 at 14:20
31

The echo 'password' | sudo -kS ls solution works, but it has a few security drawbacks, most of which have already been mentioned in the comments to terdon's answer. Thus, I would like to suggest a different approach:

If it is only one command that you frequently need to execute, e.g. apt-get upgrade, you can configure your system such that sudo someCommand does not require a password.

To do that, run visudo and enter something similar to the following:

myusername ALL=(ALL) NOPASSWD: /usr/bin/apt-get upgrade

Note that if you enter a command without an argument (e.g. without upgrade in this example), the user will be allowed to run it with any argument, so use with care.

Heinzi
  • 411
17

You can do this too:

sudo -S <<< "password" command
Jahid
  • 337
12

Instead of removing the password altogether, you can increase the timeout so you only have to type it a few times per day; in a terminal, run:

sudo visudo

At the end of the file, add following line to set a timeout of 30 minutes (replace jsmith with your username).

Defaults:jsmith timestamp_timeout=30

You can use any number you want; -1 means no timeout (prompted only the first time), and 0 means instant timeout (prompted every time you sudo). The default timeout is 5 minutes.

Blaskovicz
  • 123
Shital Shah
  • 746
2

Vader, from your comment on your original question, you'd like to switch to an interactive shell running with super-user permissions, right?

Sudo has a specific argument to request a shell:

-s [command]
The -s (shell) option runs the shell specified by the SHELL environment variable if
it is set or the shell as specified in the password database. If a command is
specified, it is passed to the shell for execution via the shell's -c option. If no 
command is specified, an interactive shell is executed.

This avoids the already mentioned security drawbacks, and allows to "go root" by using the following command:

sudo -s

IF I really have to run a root shell (in most cases I don't), then I find it very helpful to have the HOME environment variable of the shell set accordingly (to reflect running as "root"), this can be done using the "-H" flag. So the full command would be

sudo -s -H

You can find a lot more details in sudo's man-page.

he1ix
  • 154