How to Run Sudo Command Without Password
If you spend a lot of time on the command line, sudo is one of the commands you will use often. By default, sudo prompts for your password and then caches your credentials for a short period. This is the safest behavior, but in some situations, like running automated scripts or CI pipelines, you may need to skip the prompt.
This guide explains how to configure the sudoers file so that specific users or groups can run sudo commands without being asked for a password.
NOPASSWD:ALL, removes a key security layer. Anyone who gains access to that user account can run any command as root without a challenge. Limit passwordless rules to the specific commands you actually need whenever possible.Adding User to the Sudoers File
The sudoers file contains information that determines a user’s and group’s sudo privileges.
You can configure the user sudo access by modifying the sudoers file or by adding a configuration file to the /etc/sudoers.d directory. The files created inside this directory are included in the sudoers file automatically.
Before making any changes, it is a good idea to back up the current file:
sudo cp /etc/sudoers{,.backup_$(date +%Y%m%d)}Open the /etc/sudoers file with the visudo command:
sudo visudoAlways use visudo when editing the sudoers file. This command checks the syntax after editing, and if there is an error it will not save the changes. Opening the file with a regular text editor risks a syntax error that could lock you out of sudo entirely.
On most systems, visudo opens the file in the vim text editor. If you do not have experience with vim, you can try another editor. For example, this often opens GNU nano
:
sudo EDITOR=nano visudoScroll down to the end of the file and add the following line. This allows the user linuxize to run any command with sudo without a password prompt:
linuxize ALL=(ALL) NOPASSWD:ALLlinuxize with the username you want to grant access to.If you want to allow the user to run only specific commands without a password, list them after the NOPASSWD keyword.
For example, to allow only the mkdir
and mv
commands:
linuxize ALL=(ALL) NOPASSWD:/usr/bin/mkdir,/usr/bin/mvYou can find the full path of a command with which, for example which mkdir.
To apply the same rule to an entire group, prefix the group name with %. The following line grants passwordless sudo to every member of the deploy group:
%deploy ALL=(ALL) NOPASSWD:ALLOnce done, save the file and exit the editor .
Using /etc/sudoers.d
Instead of editing the sudoers file directly, you can create a new file with the authorization rules in the /etc/sudoers.d directory. This approach makes managing sudo privileges easier, especially when you have many users or automated provisioning tools.
Create the file with visudo so that syntax checking still applies:
sudo visudo -f /etc/sudoers.d/linuxizeYou can name the file as you want, but it is a good practice to use the user name or group name as the filename.
Add the same rule as you would add to the sudoers file:
linuxize ALL=(ALL) NOPASSWD:ALLSave the file and close the editor. Make sure the file is owned by root and has the correct permissions; sudo may ignore files that are writable by others:
sudo chown root:root /etc/sudoers.d/linuxize
sudo chmod 0440 /etc/sudoers.d/linuxizeVerify the Configuration
After adding the rule, verify that it is active by running sudo -l as the target user:
sudo -lLook for a line containing NOPASSWD in the output. If it appears, the configuration is working. You can also test by running a command with sudo; it should no longer ask for a password.
Troubleshooting
Sudo still asks for a password
Check the file permissions in /etc/sudoers.d/. Files must be owned by root and must not be world-writable. Run sudo chmod 0440 /etc/sudoers.d/filename to fix this. Also make sure the username and hostname in the rule match exactly.
Syntax error locks out sudo
If you used visudo, it will refuse to save a broken file. If you edited the file with a regular editor and lost sudo access, boot into recovery mode or use a root shell to fix /etc/sudoers. This is why visudo should always be used.
Rule is ignored in /etc/sudoers.d/
File names in /etc/sudoers.d/ must not contain a dot (.) or end with a tilde (~). These files are silently skipped. Rename the file to remove the dot or tilde.
Conclusion
Configure passwordless sudo by adding a NOPASSWD rule to /etc/sudoers with visudo, or drop a file into /etc/sudoers.d/ for easier management. Whenever possible, limit the rule to specific commands rather than using NOPASSWD:ALL. For more on managing sudo access, see our guides on the sudo command
and adding users to sudoers
.
Tags
Linuxize Weekly Newsletter
A quick weekly roundup of new tutorials, news, and tips.
About the authors
Dejan Panovski
Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.
View author page