26

I feel there is no need for a password on WSL because it is already protected from my Windows account. Nobody could use my WSL without first knowing my Windows password.

How can I disable the WSL password? I have tried passwd but it does not accept a NULL password.

Daniel Kaplan
  • 725
  • 1
  • 10
  • 26
nowox
  • 2,849
  • 1
    passwd -d is the standard way to delete a password on Linux. Can't remember if that worked without consequences on WSL. – Bob Aug 11 '19 at 09:54
  • For some reason, passwd -d doesn't work: sudo still asks for the password after that, and because there is none, you're locked out. Just had to reset my password by logging in as root because of this. – BenMorel Sep 04 '19 at 21:54
  • 1
    This is not recommended... sudo should always require a password. The password isn't there just to prevent others from logging in to your WSL environment, it's also to prevent unauthorized privilege escalation. Please use google to understand why this is never recommened for Linux, unless it's a Single User OS where the only login account is root – JW0914 Oct 15 '19 at 11:27
  • 2
    @JW0914 Could you give me an example of some harm in WSL ? I don't think you can do privilege escalation. – nowox Oct 15 '19 at 11:30
  • @nowox I think you're right and WSL2 (unless you run it as admin) can't, even as sudo, do anything a user process can't do. – Rich May 20 '21 at 21:41
  • 1
    @JW0914 You can run wsl.exe -u root to get root with a password anyway. – sschoof Jul 14 '23 at 15:06

2 Answers2

44

In wsl add your username to a sudo config file.

Replace MY_USERNAME below to your username name.

sudo nano /etc/sudoers.d/MY_USERNAME

add the following line:

MY_USERNAME ALL=(ALL) NOPASSWD:ALL

If you don't replace MY_USERNAME with the target username you will receive an error no valid sudoers sources found.

Chris McKee
  • 608
1

Instead of editing the file by hand there is a dedicated tool (visudo) on linux that is the recommended way for modifying sudo access.

sudo visudo

or, if you want to use e.g. the editor nano, call

sudo EDITOR=nano visudo

Then you have 2 choices:

  1. Easy way

You can turn off the password check for all users in the sudo group. To do that, find the line that starts with

%sudo

and replace it with

%sudo ALL=(ALL) NOPASSWD:ALL

Done.

  1. Alternative way

Alternatively you can turn off the password check for a specific user. Here it is important that you add your new entry at the very last line. Otherwise it might fail, as you can read in man sudoers:

When multiple entries match for a user, they are applied in order.  Where there are multiple matches, the last
       match is used (which is not necessarily the most specific match).

So, add the following line as the very last line in the file. Do not forget to replace $USER with your username:

$USER ALL=(ALL) NOPASSWD:ALL

You can find your username by calling echo $USER on the command line in case of doubt.

codingdave
  • 111