If you’re an administrator of a computer with multiple users, it can
be a hassle having to give permission to certain users to perform tasks
above what their user privileges would normally grant them. For
instance, maybe a user wants to be able to install programs from the
Terminal or via the Synaptic package manager. Using “dpkg” or “apt-get”
or “synaptic” from the Terminal all require Administrator privileges,
which normal (non-Administrator) users don’t have.
Instead of the Administrator being required to grant privileges each
time it is requested, it’s possible to allow certain users to use
certain programs without requiring a password. This doesn’t mean a
typical user can do any task requiring a root password, but simply those
he or she is authorized. How do we do this? We simply edit a particular
file.
First, open up the Terminal.
Now type
sudo visudo.
You’ll be asked to enter your password.
We’ll be entering all of our edits at the end of the file, so scroll
all the way to the bottom. You should now see something similar to this.
To allow a user to run a certain program as root without a password,
you’ll need that person’s username, as well as the path to the program’s
binary.
Let’s say we want a user named “ericcflem” to be able to install
programs using “apt-get” but don’t want to make “ericcflem” a full
Administrator. We can allow “username” access to “apt-get” and only
“apt-get” by typing
ericcflem ALL = NOPASSWD: /usr/bin/apt-get at the end of the file, as shown below.
Now simply hit
Ctrl-x to close the program, then hit
y when you see this prompt. This tells the computer to save your changes (typing
n would tell it you don’t wish your changes to be saved).
You will then be asked (in the following prompt), to type a name and location for the saved file.
Simply hit the
Enter key, which will save the file with the same name and location as the original.
In our example, we chose our own username to be the one able to run
“apt-get” without entering a password, as it’s our personal computer,
and not having to enter a password saves time. To see that it worked, we
decided to install a program (in this case we installed gPodder, a
podcast client) via the Terminal, by using the
sudo apt-get install gpodder command.
As you can see in the following screenshot, we were never asked for a password.
Success! Obviously, giving any random user the power to perform
potentially dangerous tasks is something you won’t want to do without
serious thought. However, for some users, or for some tasks, this should
be an easy way to make certain tasks just a bit more convenient.