Sudo Commands without a Password

As certainly everybody knows, iOS 8 has been announced, and Xcode 6 is in the hands of us developers in the form of a beta. So far, things are looking great. I’ve played with Swift a bit and can see some promise in it. My favorite part is the new debugging tools.

Like any good developer, I’ve been working on making sure our apps will work with iOS 8, and that our new developments are using the latest SDK. As expected however, there have been some hiccups along the way. We’re using Frank to write automation as part of our development. Unfortunately, right now, that means we are using the Xcode 6 command line tools to build, and the Xcode 5 command line tools to launch the simulator and run the tests.

I’ve been getting really good at running sudo xcode-select, and typing my password. A lot.

xcode-select is a safe command. I know exactly what it will do, and honestly, I am not afraid of what will happen if someone were to get ahold of my computer and start using it without typing my password. Because of this, I decided to set things up so that the command can be run in sudo without me typing my password.

/etc/sudoers


DO NOT EDIT THIS FILE LIGHTLY!

The sudoers file has the potential of making your life very difficult very fast. This file has all of the information about who can do what kind of sudo stuff. You can add lines to grant or revoke sudo permissions for users, and you can also grant and revoke sudo permissions for specific commands.sudo for anything, except a hand full of people had rights to sudo su to become root. I imagine the reason it was set up that way is just because it keeps the sudoers file clean." rel="footnote">1

According to the comment at the top of the sudoers file:

This file MUST be edited with the ‘visudo’ command as root.
Failure to use ‘visudo’ may result in syntax or file permission errors
that prevent sudo from running.

So I suppose I’ll start paying attention to that comment and stop editing it with plain old vim.

So first thing we need to do is become root, and then run the visudo command.

visudo only allows a fixed list of editors to be used with it regardless of your VISUAL or EDITOR environment variables. This list is determined at the visudo compile time, so just use the default editor and be done with it (vi is the default visudo editor). If you happen to have VISUAL set to mac vim, you may run into some issues in which case you need to run export VISUAL= before running visudo

All we need to do now is add one line

If you really need to be told that “<YOUR USER NAME HERE>” needs to be replaced with your own user name then you might want to reconsider what action you are trying to take. Also, if you’re not used to seeing your user name because OS X uses your real name in all of the ui instead of your user name, just run whoami in the terminal.

Once you’ve added this line and saved, you will now be able to run sudo xcode-select without typing your password.

You can test this out by running

The first line invalidates the timestamp for the last time you ran sudo (makes you have to type your password the next time you sudo no matter what) and the second line will only prompt you for your password if something went wrong.

You can also do this with any commands. I believe you can just put in a comma delimited list of commands that you want to be able to execute without typing your password. You could also just add one line per command you want to run without typing your password. Additionally if you feel really lucky, you can put this in to make it so you never have to type your password to sudo anything.

Have fun not typing your password!


  1. At one company I worked at, no one could [crayon-5c16e943b935b397674503-i/] for anything, except a hand full of people had rights to [crayon-5c16e943b935d966291137-i/] to become root. I imagine the reason it was set up that way is just because it keeps the sudoers file clean. 

Leave a Reply

Your email address will not be published. Required fields are marked *