Setting up passwordless sudo on Linux distributions

This is pretty trivial if you make use of the special Unix group called wheel on Fedora systems. You merely have to do the following:

1. Add your primary user to the wheel group

   $ sudo gpasswd -a <primary account> wheel
   

2. Enable NOPASSWD for the %wheel group in /etc/sudoers

   $ sudo visudo
   

   Then comment out this line:

   ## Allows people in group wheel to run all commands
   # %wheel        ALL=(ALL)       ALL
   

   And uncomment this line:

   ## Same thing without a password
   %wheel  ALL=(ALL)       NOPASSWD: ALL
   

   Save this file with Shift+Z+Z.

3. Logout and log back in

   NOTE: This last step is mandatory so that your desktop and any corresponding top level shells are re-execed showing that your primary account is now a member of the wheel Unix group.

Traditionally on Debian based distributions such as Debian/Ubuntu/Mint/Kali/Antix, the default group for sudo is, well, sudo.

So to add passwordless sudo enabled users to a Debian based system, the steps are:

1. Install sudo

   In Debian, depending on the installation options, you often end up without sudo installed by default.

   If the package sudo is not installed (e.g. you do not have /etc/sudoers), run as root:

   # apt install sudo
   

2. Add the user to the sudo group

   Add a user to the sudo group, if it is not already in the sudo group (Ubuntu and derivatives add a user created in installation automatically to the sudo group).

   When setting up the first sudo user, you have got to the first as root:

   # gpasswd -a <primary account> sudo
   

   When you already have a sudo user, it is advised as good security practice, to set up the other users in the sudo group via that user:

   $ sudo gpasswd -a <primary account> sudo
   

3. Modify /etc/sudoers for adding the NOPASSWD directive

   You then edit the default line in /etc/sudoers for the sudo group with:

   $ sudo visudo
   

   and change it from:

   # Allow members of group sudo to execute any command
   %sudo   ALL=(ALL:ALL) ALL
   

   to:

   # Allow members of group sudo to execute any command, no password
   %sudo   ALL=(ALL:ALL) NOPASSWD:ALL
   

4. Logout and log back in

   If logged in the system, the intended user has then to logout and login for the change of the user belonging to the sudo group to take effect.

NOTE: In Debian the group wheel is often used to restrict in PAM the use of su to a group, instead of using it for the sudo command as in RedHat/SuSE based distributions.

Traditionally in Debian based distributions, for the sudo command you use the sudo group.

Most distributions have this line in /etc/sudoers/:

#includedir /etc/sudoers.d

Consequently, an easy way to add one user is to create a suitable file in the /etc/sudoers.d/ directory; I normally name it for the user to be added:

add_sudoer() {
    if ! test -n "$1"
    then echo "Usage: $0 <user>" >&2; return
    fi

    printf >"/etc/sudoers.d/$1" '%s    ALL= NOPASSWD: ALL\n' "$1"
}

You might also want to add Defaults:%s !lecture, !authenticate\n and/or other options to the file.