[sudo-users] Method(s) to disable sudo password prompt

Richard Jackson rjackson at mason.gmu.edu
Wed Jan 30 12:30:45 EST 2008


Yves PETRONIN writes:
> 
> On my system, I have just added the following line to get rid of the  
> password prompt: (the sudoes file is normally edited with visudo)
> 
> # User privilege specification
> 
> yves ALL=(ALL)  NOPASSWD: ALL

I have used the sudo NOPASSWD feature before but rarely.  NOPASSWD does
make the sudo -S password prompt problem go away.  However, if the
account is compromised in a way that allows an individual to gain, in
your example, yves user access then that individual has the same sudo
access as yves.  Not having NOPASSWD forces the intruder to know 
yves' password.

For example the Sun Solaris telnet vulnerability that allowed remote access
to accounts on a system without having to enter the initial login password.
The hacker could try sudo -l or simply experiment with various commands
via sudo to gain superuser privilege.

Richard



More information about the sudo-users mailing list