Don't prompt a user for the sudo password

I have this user:

  users.users.myusername = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user.
  };

but I still have to type in my password the first time I use sudo as that user. How do I disable prompting for the sudo password?

There’s security.sudo.wheelNeedsPassword = false; if you want all users in group wheel to never type a password.

If you only want to apply NOPASSWD to myusername, then you probably want to use security.sudo.extraRules.

security.sudo.extraRules = [
  { users = [ "myusername" ];
    options = [ "NOPASSWD" ];
  }
];

I’m not sure if security.sudo.extraRules will merge with an existing list, or overwrite. Hopefully someone with better knowledge can clarify.

3 Likes

Actually, nowadays, you need the specify at which commands( given by a “command=” argument) the options apply and wrapping both into a “commands=” argument - please note the plural. For the example, we will assume that none command needs password prompt. The code becomes accordingly:

security.sudo.extraRules= [
  {  users = [ "privileged_user" ];
    commands = [
       { command = "ALL" ;
         options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
      }
    ];
  }
];

All the required documentation is provided at https://github.com/NixOS/nixpkgs/blob/2118cf551b9944cfdb929b8ea03556f097dd0381/nixos/modules/security/sudo.nix

2 Likes