As we all know already, one of the advantages of using 'sudo' is we don't have to give root user password to all users to do administrative actions. The users who are added in the sudo group can perform administrative tasks by simply invoking sudo command. In this brief guide, we are going to see how to force users to use root password instead of their own password when using sudo in Linux.
Giving out the ROOT password to all users is dangerous. This method is opt for only one system admin who handles the entire systems in the network. Just in case the system admin's password is compromised, the hacker still needs to break the root password to do administrative tasks. So, the admin can immediately change his/her password or re-install the system before the hacker take down the system. This guide is only for educational purpose. Neither me nor OSTechNix is responsible for any damages on production.
Force Users To Use Root Password Instead Of Their Own Password When Using Sudo Command
Switch to root user using any one of the following commands:
$ sudo su
$ su root
Edit sudoers file using command:
Add/modify as shown below in sudoers file.
Defaults:sk rootpw sk ALL = (ALL) ALL
This allows the user called sk to run any command using sudo privileges on any system. However, s/he needs to use the root password rather than his/her own password when using sudo command.
$ sudo ls -l [sudo] password for root: total 0 drwxr-xr-x. 2 sk sk 6 May 17 19:07 ostechnix drwxr-xr-x. 2 root root 6 May 17 19:11 sk
As you see, it prompts you to enter the root password, not the user's own password.
Even if your password is hacked, the hacker still need to crack the root user password to get the root access on your system.
Recommended Read: How To Reset Root User Password In Linux
And, that's all. I hope this helps in some cases. If you find our guides useful, please share them on your social, professional networks and support OSTechNix. I will be soon here with another useful guide. Until then, stay tuned!
Thanks for stopping by!
Help us to help you:
- Subscribe to our Email Newsletter : Sign Up Now
- Support OSTechNix : Donate Via PayPal
- Download free E-Books and Videos : OSTechNix on TradePub
- Connect with us: Facebook | Twitter | Google Plus | LinkedIn | RSS feeds
Have a Good day!!
IF your password is compromised, you need to change it, everywhere. Check all computers you have ssh-login on. Reinstall the computer.
Blocking and forcing to use root password will not help.
Agreed. Sudo exists to prevent the need to give out a root password. This article is a bit much…
This method is for only one person who manages all systems. However, I must add an disclaimer note at the end.
Don’t ever do this. If you know your password is compromised and a hacker is using it to do admin things via sudo then it’s too late. Time for a re-installation.
Yes, agreed. Let us say “Steve” is the only one Administrator who manages all systems. If someone has hacked Steve’s password, the hacker can’t do any destructive tasks without knowing the root password. So, the admin can immediately either change the password or re-install the entire system before the hacker breaks the root user password. I have edited and added a disclaimer note in the guide now. Thanks.
This will add little bit security to your system.
No it doesn’t. Not in any way. Now your user has the root password which is most likely written on a post it note (or worse: in last pass). No one should ever use or see the root password. Ever. Mature companies implement Password Access Management tools that automate privileged access and can disable an account globally if compromised. In addition – you can have root credentials auto-rotate after each use if that type of access is required. That dramatically improves security.
So the solution to an admin’s password being compromised, is to give out the ROOT password to MORE people?
I didn’t mention anywhere giving root password to more people. This method is for only one person who manages all systems.
really, really, stupid.
If I had hacked _your_ account, and you had sudo rights. I’d change the root password, if there was one (which there shouldn’t be)
To the commenter who said “there shouldn’t be a root password” – so the answer is to allow ordinary users to perform all admin tasks, protected by nothing but their own, often easily-guessed or phished, password? Besides, what do you do if you need to boot into emergency mode and the system prompts you to enter the root password? Sudo is good to give limited access to certain people. Using it for full root access is misusing it.