syaffers.xyz

Give Claude unfettered sudo

#linux #claude #raspi

New tricks for an old dog

I recently revived my Raspberry Pi 2 Model B (rev 1.1). It’s a decade-old piece of hardware to be sure, but I have a breakout garden HAT (not sponsored, nor affiliated) with ambient sensors that I hadn’t use in a few years.

A photograph of a Pimoroni breakout garden HAT on the left and a Raspberry Pi 2 Model B (rev 1.1) on the right

So I thought: let’s get Claude’s juices flowing. Let it draw inspiration from the Pimoroni Python libraries and build a fast HTTP weather station in Go.

But alas!

$ curl -fsSL https://claude.ai/install.sh | bash
Unsupported architecture: armv7l

Claude CLI cannot be installed on a armv7l CPU architecture. The only other way for Claude to do stuff on this Raspberry Pi was to issue SSH commands remotely from another host.

Claude complains

When I use Claude to set up new machines, it complains that it doesn’t have sudo privileges to run apt or journalctl, for example. Worse still: Claude prints out the commands it wants to run and asks me to run them! The gall

Claude also struggles with sudo via SSH but for a different reason: you cannot input a password via SSH. Even if you provided one in plaintext, you hit a wall.

The pain inflicted by these two events tempted me to write a sacrilegious prompt:

Unfettered sudo

How can I give you sudo access?

Lo, and behold: a one-liner that gives Claude the promised “Super Cow Powers”:

echo "$USER ALL=(ALL) NOPASSWD: ALL" | \
sudo tee /etc/sudoers.d/010_nopasswd

But, low-key, this is amazing. In a disposable environment which you can quickly restore (like SBCs and VMs), this unfettered sudo eliminates babysitting. Pop in this command, take the back seat, and enjoy the ride.

NOTE: I strongly advise against doing this in your daily driver, naturally. Safety first where it matters.

Fettering slightly

For the risk-averse among you, you can whitelist commands that need sudo.

echo "$USER ALL=(ALL) NOPASSWD: \
/usr/bin/systemctl, /usr/bin/apt upgrade" | \
sudo tee /etc/sudoers.d/010_nopasswd

Commands and sub-commands that appear after the colon no longer require intervention. In the case above: systemctl and apt upgrade.

Once you’re done, you can remove /etc/sudoers.d/010_nopasswd and return back to the original state.

EOF

Only caveat: this is a manual process. You still have to type in the password, but just once in every machine you want unfettered sudo.

This works on Debian systems; I haven’t tried on other flavors of Linux like Arch, OpenSUSE, etc.