Not silent, the passwordless sudo calls are logged and available for review. I do trust that after several months in a sandbox without calling sudo, it’s unlikely that a sleeper agent will awaken and call sudo out of the blue - more likely that my apps that have been calling sudo will do something nefarious on the 1000th access…
Somebody (possibly an AI agent…) could/should automate the process of transcribing the sudo logs to the NOPASSWD setup, just leave sudo unlocked for those things that show up as needing it during validation test runs and turn the sudo lock back on for everything else.
Not silent, the passwordless sudo calls are logged and available for review. I do trust that after several months in a sandbox without calling sudo, it’s unlikely that a sleeper agent will awaken and call sudo out of the blue - more likely that my apps that have been calling sudo will do something nefarious on the 1000th access…
Somebody (possibly an AI agent…) could/should automate the process of transcribing the sudo logs to the NOPASSWD setup, just leave sudo unlocked for those things that show up as needing it during validation test runs and turn the sudo lock back on for everything else.