diff --git a/linux-managements/setup.sh b/linux-managements/setup.sh
index 32b937e..3c167ec 100755
--- a/linux-managements/setup.sh
+++ b/linux-managements/setup.sh
@@ -540,6 +540,45 @@ ensure_sudo() {
     fi
 }
 
+# ─── Passwordless Sudo ────────────────────────────────────────────────────────
+setup_passwordless_sudo() {
+    step "Passwordless Sudo"
+
+    local sudoers_file="/etc/sudoers.d/${USER}"
+    local expected_line="${USER} ALL=(ALL) NOPASSWD: ALL"
+
+    # Already configured?
+    if [ -f "$sudoers_file" ] && grep -qF "$expected_line" "$sudoers_file" 2>/dev/null; then
+        info "Passwordless sudo already configured for '$USER'"
+        return
+    fi
+
+    prompt_read ans "Enable passwordless sudo for '${USER}'? [y/N] "
+    case "$ans" in
+        [Yy]*)
+            # Write to a temp file first, then validate with visudo -cf
+            local tmp_file
+            tmp_file="$(mktemp)"
+            echo "$expected_line" > "$tmp_file"
+            chmod 0440 "$tmp_file"
+
+            if visudo -cf "$tmp_file" >/dev/null 2>&1; then
+                psudo cp "$tmp_file" "$sudoers_file"
+                psudo chmod 0440 "$sudoers_file"
+                rm -f "$tmp_file"
+                success "Passwordless sudo enabled for '$USER'"
+            else
+                rm -f "$tmp_file"
+                error "Generated sudoers file failed validation, aborting"
+                return 1
+            fi
+            ;;
+        *)
+            info "Skipping passwordless sudo"
+            ;;
+    esac
+}
+
 # ─── Main ─────────────────────────────────────────────────────────────────────
 main() {
     echo -e "${BOLD}${CYAN}"
@@ -550,6 +589,7 @@ main() {
 
     detect_os
     ensure_sudo
+    setup_passwordless_sudo
 
     set_hostname
     disable_selinux