I always add a file into /etc/sudoers.d/, just remeber the last entry is trump, so it can overturn the first entries.

Because of this I always like to name the files like below.

/etc/sudoers.d/999_nick
/etc/sudoers.d/001_rick
/etc/sudoers.d/111_slick-rick
/etc/sudoers.d/222_slick-nick

This means if there’s an entry in 999_nick that conficts with any of the others it will trump the other configs.

This is how to run without password and only specific program, this is useful, for example my telegraf config when it has to run an exec, but the telegraf user doesn’t have perms.

USER ALL=(ALL) NOPASSWD: /FULL/PATH/TO/BIN/HERE

Here is how to run the program, but prompt for password. Useful for allowing someone to reboot, but remind them that their doing something important.

USER ALL=(ALL) /FULL/PATH/TO/BIN/HERE

Here is how to sudo no password for everything

USER ALL=(ALL) NOPASSWD: ALL

All done now enjoy, I know it’s pretty boring, but there ya go