28

I know how to create a command which a given user can execute via sudo. I have a given command I want to allow any user to be able to execute via sudo without entering a password. What would I put in my /etc/sudoers file in order to make that happen?

Josh
  • 9,190
  • 28
  • 80
  • 128
  • Thank you for asking this question. I looked in `man sudoers` once and did not find the answer. I looked into `man sudoers` a second time, more carefully. Still I failed, TMI! Then, thanks to the answers here I grepped `man sudoers` and found why this is working. Looks like you first need to know how to do it before you can understand `man sudoers`. Sigh! – Tino Apr 19 '18 at 14:07

2 Answers2

26

A section like this in your sudoers is probably what you want.

Cmnd_Alias NAMEOFTHIS=/usr/bin/program
ALL ALL=NOPASSWD: NAMEOFTHIS
Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • Doesn't that grant access just to user *username*? Is there a wildcard I can use instead? I want any authenticated user to be able to execute the command. – Josh Sep 23 '10 at 19:07
  • Then use a group they are all members of. – Broam Sep 23 '10 at 19:10
  • Thanks! I swear I tried that but I forgot a space, so it wasn't working! – Josh Sep 23 '10 at 19:10
  • @Broam: they're not all members of a single group, and I wanted an easier solution. – Josh Sep 23 '10 at 19:10
  • 1
    If it's not *all* users, I'd add a group simply because this is membership of something you wish to track - who can `sudo` this way. – Broam Sep 27 '10 at 15:45
  • 1
    If you really don't want to add a group (beats me why not) and still need individual users, use `User_Alias SOMEUSERS = user1, user2`. – Brett Ryan Aug 02 '12 at 05:37
20

You might consider the SUID bit. Certain programs require root privileges and use the SUID bit, such as passwd.

If sudo is the better choice for you, you could use:

ALL ALL=NOPASSWD: /path/to/command
Warner
  • 23,756
  • 2
  • 59
  • 69