Can someone explain what is ` ALL=(ALL) NOPASSWD:ALL` does in sudoers file?

Question

I know that that line above allows <user> to run sudo command without having to type in the password. But what does the syntax actually mean? If you can link to an article then that would be fine too. Thanks

score 8 · Answer 1 · edited Nov 09 '21 at 04:31

The sudoers man page describes this in great detail.

The format is;

user_spec host_spec=(runas_spec) NOPASSWD:cmd_spec

user_spec identifies which users can use the rule.
host_spec identifies which hosts the rule applies to. This is optional and defaults to ALL.
runas_spec identifies which users the commands can be run as.
NOPASSWD: or PASSWD: specifies whether a password is required. This is optional and defaults PASSWD unless the default has been changed in sudoers configuration.
cmd_spec identifies which commands the rule can be run for.

It is common to use aliases for various specs. Each spec has a predefined alias ALL, which is self-explanatory.

score 3 · Accepted Answer · answered Oct 25 '19 at 07:07

From man sudoers

By default, sudo requires that a user authenticate him or herself before running a command. This behavior can be modified via the NOPASSWD tag

So users or groups are able to run sudo without authenticating. This makes it a big security risk so be very careful with this command.

Also check https://askubuntu.com/questions/334318/sudoers-file-enable-nopasswd-for-user-all-commands

Can someone explain what is ` ALL=(ALL) NOPASSWD:ALL` does in sudoers file?

2 Answers2