The sudo command allows users to change to another account with a different role. The default security standard on USGS Unix systems has always been to require a password to sudo to a different account on systems. To accommodate SCRIL, USGS will allow the use of passwordless sudo when necessary, with the knowledge that compensating controls are in place.
Compensating controls include the use of a screen lock when users walk away from their computers and that the list of users who have access to sudo is maintained and limited based on need.
How to setup passwordless sudo
- Edit sudoers file:
sudo nano /etc/sudoers - Find a line which contains includedir /etc/sudoers.d
- Below that line add: username ALL=(ALL) NOPASSWD: ALL , where username is your passwordless sudo username; Save your changes.