How does sudo and passwordless sudo work on my VM?

By default, virtual machines provisioned on our platform come with a user account - ubuntu - that has sudo privileges. This means you can run administrative commands prefixed with sudo to execute them as the root user.

What is `sudo`?

• sudo stands for “superuser do.”

• It allows a permitted user to execute commands as the superuser or another user, as specified by the security policy.

• For example:

sudo apt update
sudo systemctl restart nginx

What is passwordless `sudo`?

In many base images, passwordless sudo is enabled, meaning:

• You do not need to enter your password when running sudo commands.

• This is configured in the image by adding the user to the sudoers file with the NOPASSWD directive, such as:

user ALL=(ALL) NOPASSWD:ALL

This setup is useful for automation, scripts, and quick administrative access without interactive prompts.

Does Denvr set passwords or manage sudo configuration?

No. Denvr does not set user passwords during VM provisioning, nor do we install or run any agents within your virtual machines. Your VM is launched exactly as defined in your chosen OS image, with:

• No changes to sudo configuration or password settings by Denvr.

• No agents installed to manage user accounts or system settings.

All password configurations, sudo policies, and user management remain entirely under your control.

How does this impact security?

While passwordless sudo improves usability, it grants full administrative rights without authentication prompts. Therefore:

• Ensure your SSH keys are secured and only authorized personnel have access to your VMs.

• If your security or compliance policies require password prompts for sudo, modify the sudoers configuration within your VM to enforce that as needed.