Instead of setting a weak sudo password, ask root for approval.

Enables passwordless sudo without being too much of a security risk.

Compile binaries and install them to /usr/local/bin or some other global folder.

Make sure the binaries have the right permissions and are owned by root:

$ ls -l /usr/local/bin
-rwxr-xr-x 1 root root 5334856 Dec  9 22:32 sudo_approve
-rwxr-xr-x 1 root root 4646240 Dec  9 22:34 sudo_wait_for_approval

Add this line at the bottom of /etc/pam.d/sudo:

auth required pam_exec.so /usr/local/bin/sudo_wait_for_approval

If the installation was successful, running sudo ls as a normal user should not ask for a password, and instead it should panic with this error:

/usr/local/bin/sudo_wait_for_approval failed: exit code 1
sudo: PAM authentication error: Unknown error -1
sudo: a password is required

This is because the sudo_approve script should be running in the background. Start that script as root, and try sudo ls again.

This time you will not see anything in the user terminal, but the sudo_approve script will print something like this:

Got connection at 2023-12-09T22:03:22.852319794+00:00 from (unnamed)
Approve? [y/N]

Press y and enter to approve the sudo request. Now the user command will run successfully, and any further sudo commands will not require authorization (similarly to how you only need to input the password once in a while).