How to Change Password-less sudo on Raspberry Pi

by Rian

I am leaving this post as a future reference. Though I’ve tested it myself, since I am in the process of retiring Pi docker machines, I won’t be updating it in the near future. One of the user-friendly touch added to Raspberry Pi OS from Debian is its sudo privilege — it doesn’t ask for password. I can’t imagine how the meeting must have happened, but I suspect it might have to do with XP-likeness in permission controls.

The setting to password-less sudo isn’t in consolidated into one file. From my experience, it was rather spread out to random files. So I first had to find which file even had it: sudo grep -r "NOPASSWD" /etc/sudoers /etc/sudoers.d/

Once identified, edit the files using visudo, e.g. sudo visudo -f "path/to/file". Edit the lines such as pi ALL=(ALL) NOPASSWD: ALL to remove NOPASSWD: from it. It is also possible to have NOPASSWD for specific programs for automation, for example, rebooting the Pi.

I think Raspberry Pi, for home labs and DIY, removing the privilege is more work than its worth, since it is likely to live only in LAN. As far as I am aware, Pi sees most of the demand not in primary PC area. Most people don’t buy it to replace their aging computer. But it was a precaution I wanted to take as I was running more and more dockers on it.