Skip to content

Enable passwordless sudo if user password not set#106

Merged
buildplan merged 2 commits into
buildplan:devfrom
prashantsengar:patch-1
Mar 3, 2026
Merged

Enable passwordless sudo if user password not set#106
buildplan merged 2 commits into
buildplan:devfrom
prashantsengar:patch-1

Conversation

@prashantsengar
Copy link
Copy Markdown
Contributor

@prashantsengar prashantsengar commented Mar 2, 2026

No description provided.

@buildplan
Copy link
Copy Markdown
Owner

buildplan commented Mar 2, 2026

Appreciate this but I my concern would be that silently adding NOPASSWD:ALL, it can be bit of security risk for some users who might not understand the implications...

Maybe a middleground could be that we have option to add a random password or user can explicitly choose to have no password and gets a warning message... I am thinking somehthing like:

            if [[ -z "$PASS1" && -z "$PASS2" ]]; then
                print_warning "Password skipped. Relying on SSH key authentication."
                print_warning "Without a password, you will NOT be able to use 'sudo' for administrative tasks."
                
                if confirm "Generate a secure random password for you? (Recommended)" "y"; then
                    local RAND_PASS
                    RAND_PASS=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24)
                    if echo "$USERNAME:$RAND_PASS" | chpasswd >/dev/null 2>&1; then
                        print_success "Generated random password for '$USERNAME'."
                        printf '\n%s\n' "${YELLOW}⚠ SAVE THIS PASSWORD FOR SUDO ACCESS:${NC}"
                        printf '  %s\n\n' "${BOLD}$RAND_PASS${NC}"
                        log "Generated random password for '$USERNAME'."
                        break
                    else
                        print_error "Failed to set random password."
                    fi
                elif confirm "Enable passwordless sudo? (WARNING: Security Risk)" "n"; then
                    echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$USERNAME"
                    chmod 0440 "/etc/sudoers.d/$USERNAME"
                    print_warning "Passwordless sudo enabled for '$USERNAME'."
                    log "Passwordless sudo explicitly enabled for '$USERNAME'."
                    break
                else
                    print_warning "No password set and passwordless sudo disabled. You will not have admin rights."
                    log "Password setting skipped, no sudo rights for '$USERNAME'."
                    break
                fi
            elif [[ "$PASS1" == "$PASS2" ]]; then

What you think would this work?

@buildplan buildplan changed the base branch from main to dev March 3, 2026 20:59
@buildplan buildplan merged commit 50b03cb into buildplan:dev Mar 3, 2026
9 checks passed
buildplan added a commit that referenced this pull request Mar 3, 2026
@buildplan @prashantsengar
fix: update passwordless sudo config and improve SSH service detection (
8a289e1 
#107)

* Enable passwordless sudo if user password not set (#106)

* fix: update passwordless sudo configuration and improve SSH service detection

---------

Co-authored-by: Prashant Sengar <45726744+prashantsengar@users.noreply.github.com>
Co-authored-by: buildplan <hello@buildplan.org>
@prashantsengar
Copy link
Copy Markdown
Contributor Author

prashantsengar commented Mar 4, 2026

Sorry I saw this late. I quickly fixed it when I saw for my own system and created a PR without thinking of other cases.

I agree with the changes you made - I would have done the same. Thanks for your response!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@prashantsengar @buildplan