[HowTo] Bypass prompt root permissions password everywhere|20201021

Difficulty: ★★★★☆

WARNING! Advanced users only!

The poster of this [HowTo] does not take responsibility for damages after applying changes to the settings. You use the below on your own responsibility. The kdesu section is intended exclusively for KDE users.

Issue

The sudo prompt (GUI and terminal) require you to enter the root password each time.

Main bypass guide

  1. Set nano temporary as default editor for visudo and edit sudoers file:

    sudo -i
    export EDITOR=nano
    visudo
    

    Add at end of file:

    @includedir /etc/sudoers.d
    

    Save the changes. Changes are applied immediately.

  2. Set nano as visudo default editor. Create file:

    sudo nano /etc/sudoers.d/02-visudo-editor
    

    with code

    ## Set nano as default editor
    Defaults env_reset
    Defaults editor=/usr/bin/nano, !env_editor
    
  3. Skip password prompt for current user. Remember to use your UID instead of user_name. Create file:

    sudo nano /etc/sudoers.d/01-skip_auth
    

    with code

    ## Skip password prompt for current user
    Defaults:user_name !authenticate
    

    Save the changes. Changes are applied immediately.

  4. Create a new Polkit rule in your favorite editor as root:

    in /etc/polkit-1/rules.d/49-nopasswd_global.rules add/change:

    /* Allow members of the wheel group to execute any actions
     * without password authentication, similar to "sudo NOPASSWD:"
     */
    polkit.addRule(function(action, subject) {
        if (subject.isInGroup("wheel")) {
            return polkit.Result.YES;
        }
    });
    

    Ensure that you are a member of the wheel group:

    groups
    

    IF NOT, then add yourself:

    sudo usermod --append --groups wheel user_name
    
  • Reboot to apply the above settings

KDE additional bypass guide (follow after applying the above guide)

  1. Set sudo as the default tool for kdesu command. Create file ~/.config/kdesurc with content:

    [super-user-command]
    super-user-command=sudo
    
  2. Add to /etc/environment these lines:

    KDE_FULL_SESSION=true
    KDE_SESSION_VERSION=5
    
    • Reboot to apply the above settings
2 Likes

An argument can be made to put these in a file in /etc/sudoers.d/ instead.

Please share details? :thinking:

Sure.

/etc/sudoers.d/01-skip_auth

## Skip password prompt for current user
Defaults:user_name !authenticate

This way, if you “by mistake” accept a pacnew file when sudo is updated, you’ll still have your skip password addition.

Note: you’d still need to add the polkit rule.

ETA: @FadeMind: for this to work, the line

@includedir /etc/sudoers.d

Must be present in /etc/sudoers

3 Likes

Merged in main guide. Thanks :heart_decoration:

1 Like

Also,

You can use a tool called doas,

opendoas is a port from BSD and is more simple than sudo.

at /etc/doas.conf

permit nopass mynewuser as root cmd vim

You can define that user x can run commnad y without any password prompt :slight_smile:

Of course … it probably goes without saying that this is generally considered a “bad idea”.

3 Likes

I agree especially the polikit part…
If the ultimate intention is to have full access to everything without needing a password, then changing the UID/GID of the user to be 0 (zero) would be the definitive answer :stuck_out_tongue:

So yea my advice would be to explicitly configure each command to be allowed to be used without password when using sudo in separate configs, but this howto is not about that part…

Heh. Talk about a borked setup…

Wonder why nothing has been said about this:

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL

## Same thing without a password
#%wheel ALL=(ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
# %sudo	ALL=(ALL) ALL

Since I switched to Linux less than 2 months ago I have developed an intensifying aggression control issue toward my PC, I am keep trying to stop myself smashing my 100 Eur keyboard into pieces when the system is keep asking a root/admin pass over and over again while I am in the “same process” that I have initiated seconds or a min ago… :sweat_smile: Especially because my root pass is not 1234 kind…

Maybe you should reconcile what you are doing because root access is something that is rarely needed under normal operation…
That’s why the need for a password, to kindly wake you up about the action you are trying to perform…

Now I edited my original post, modified root to root/admin pass. I used the wrong term, I wanted to refer to “password” in general. :wink: