Home > NUKM > Configuration > Sudo Setup

ReclaimNUKM Sudo Configuration

NUKM Definition: NUKM is defined by the acronym for 'Next Unit of Kill Module' as it pertains to data sanitization.

Overview

ReclaimNUKM requires elevated privileges to perform disk wiping operations. By default, this would require entering a sudo password for each operation. This configuration allows passwordless execution of the necessary commands.

⚠️ Security Considerations
IMPORTANT: This configuration grants passwordless sudo access to disk wiping commands. Only install this on systems where:

You trust all users who can access the ReclaimNUKM application
The system is dedicated to data destruction tasks
Physical security is maintained

Installation

Option 1: Automated Setup (Recommended)

./setup-sudoers.sh

This will configure passwordless sudo for all necessary commands and eliminate password prompts on subsequent application launches.

Option 2: Manual Installation

Copy reclaimzapper-sudoers to /etc/sudoers.d/:
sudo cp reclaimzapper-sudoers /etc/sudoers.d/reclaimzapper
Edit the file to replace username with your actual username:
sudo nano /etc/sudoers.d/reclaimzapper
Set proper permissions:
sudo chmod 0440 /etc/sudoers.d/reclaimzapper

Commands Configured

The following commands require sudo privileges:

Core Wipe Commands

dd - For zero-fill wiping operations
shred - For multi-pass secure deletion
sgdisk - For partition table operations
partprobe - For updating partition information
udevadm - For device management operations

Filesystem Commands

mkfs.ext4 - For filesystem creation
mkfs.ntfs - For NTFS filesystem creation
mkfs.exfat - For exFAT filesystem creation

Enterprise Drive Commands

sg_format - For reformatting enterprise drives to standard sectors
sg_readcap - For reading drive capacity and sector information
sg_vpd - For reading drive protection and VPD information
sg_start - For SCSI device start/stop operations

USB & Hardware Commands

usbreset - For USB device reset operations (optional)
smartctl - For drive health and temperature monitoring
hdparm - For drive performance benchmarking
blockdev - For block device information
ddrescue - For hardware error compensation operations
true - For authentication testing

Benefits

After running the setup script, ReclaimNUKM will:

Launch without password prompts on first boot
Not require password entry on subsequent reboots
Maintain security through command-specific sudo permissions
Work seamlessly in automated environments
Support enterprise drive operations with sg3_utils
Handle USB NVMe enclosures with device reset capabilities
Perform hardware error compensation with ddrescue
Monitor drive health with smartctl and hdparm

Testing

After installation, test that it works:

# This should not prompt for password

sudo dd --version

sudo sgdisk --version

sudo sg_readcap --version

sudo smartctl --version

sudo ddrescue --version

Verification

Check that the configuration is active:

sudo -l | grep NOPASSWD

Removal

To remove the configuration:

sudo rm /etc/sudoers.d/reclaimzapper

Alternative Approaches

Group-Based Configuration

For multi-user environments, create a dedicated group:

sudo groupadd diskadmin

sudo usermod -a -G diskadmin username

Then modify the sudoers file to use:

%diskadmin ALL=(ALL) NOPASSWD: /bin/dd

%diskadmin ALL=(ALL) NOPASSWD: /sbin/sgdisk

# ... etc

Temporary Elevation

Run ReclaimNUKM with sudo from the start:

sudo ./ReclaimNUKM

Troubleshooting

Still Getting Password Prompts

Check the sudoers file syntax:
sudo visudo -f /etc/sudoers.d/reclaimzapper
Verify your username is correct in the file
Check for syntax errors in sudoers:
sudo visudo -c

Permission Denied Errors

Ensure the commands exist at the specified paths:

which dd sgdisk partprobe udevadm mkfs.ext4 shred

Files

reclaimzapper-sudoers - Template sudoers configuration
setup-sudoers.sh - Automated installation script