Sudo without Password?

gjacobse

@aaronstuder said in Sudo without Password?:

Is it safe to remove the requirement to re-enter your password every time you use the sudo command?

in a production system - I would believe it is never safe to remove the requirement for sudo.

Alex Sage

@gjacobse Interesting. I am 99% sure @scottalanmiller told me he removes the requirement.

marcinozga

I hate sudo. If I need to do something as root, I login as root. Sudo has to be the biggest waste of keystrokes in history. Sudo su as a last resort.

Obsolesce

On any Linux PC, personal or production, if I need elevated privelages, and I'm going to actively be there, I'll just use su. Otherwise, to run things like updates or to install something quick, I'll use sudo. If I'm setting up a server from install, I'll definitely use su.

If you use su, don't walk away without entering exit.

EddieJennings

@aaronstuder said in Sudo without Password?:

Is it safe to remove the requirement to re-enter your password every time you use the sudo command?

In general, I'd say "no" to the idea of removing the password requirement, especially on a production system. I know if you have to make successive commands, you're not prompted for the password each time you use sudo. If you needed to do a good bit of work with elevated privileges, it would probably be better to use su, but be extra careful to exit out of it if you leave your workstation.

scottalanmiller

@aaronstuder said in Sudo without Password?:

@gjacobse Interesting. I am 99% sure @scottalanmiller told me he removes the requirement.

I do.

scottalanmiller

@aaronstuder said in Sudo without Password?:

@gjacobse Interesting. I am 99% sure @scottalanmiller told me he removes the requirement.

Keep in mind that I'm already working from a dedicated admin account, so the purpose of sudo is only a reminder that I'm making a root level change, not an access control.

Romo

When using configuration management tools it does make things a lot easier to work with if you atleast have one user with passwordless sudo. You really don't need to log to the servers anymore, you only need to properly secure your ssh keys.

stacksofplates

I keep it on for my account if I can on that machine but everything controlled by CM doesn't have it. The CM account is locked so you can't log in through the console, only SSH with a key.

Root gets a random password that no one knows.

travisdh1

@romo said in Sudo without Password?:

When using configuration management tools it does make things a lot easier to work with if you atleast have one user with passwordless sudo. You really don't need to log to the servers anymore, you only need to properly secure your ssh keys.

With things like salt stack, you don't even need that.