Home FAQ Force Users To Use Root Password Instead Of Their Own Password When Using Sudo Command

Force Users To Use Root Password Instead Of Their Own Password When Using Sudo Command

By sk
Published: Updated: 2.1K views

As we all know already, one of the advantages of using 'sudo' is we don't have to give root user password to all users to do administrative actions. The users who are added in the sudo group can perform administrative tasks by simply invoking sudo command. In this brief guide, we are going to see how to force users to use root password instead of their own password when using sudo in Linux.

Disclaimer

Giving out the ROOT password to all users is dangerous. This method is opt for only one system admin who handles the entire systems in the network. Just in case the system admin's password is compromised, the hacker still needs to break the root password to do administrative tasks. So, the admin can immediately change his/her password or re-install the system before the hacker take down the system. This guide is only for educational purpose. Neither me nor OSTechNix is responsible for any damages on production.

Force Users To Use Root Password Instead Of Their Own Password When Using Sudo Command

Switch to root user using any one of the following commands:

$ su

Or,

$ sudo su

Or,

$ su root

Edit sudoers file using command:

$ visudo

Add/modify as shown below in sudoers file.

Defaults:sk rootpw
sk ALL = (ALL) ALL

This allows the user called sk to run any command using sudo privileges on any system. However, s/he needs to use the root password rather than his/her own password when using sudo command.

$ sudo ls -l
[sudo] password for root:
total 0
drwxr-xr-x. 2 sk sk 6 May 17 19:07 ostechnix
drwxr-xr-x. 2 root root 6 May 17 19:11 sk

As you see, it prompts you to enter the root password, not the user's own password.

Even if your password is hacked, the hacker still need to crack the root user password to get the root access on your system.


Recommended Read: How To Reset Root User Password In Linux


And, that's all. I hope this helps in some cases. If you find our guides useful, please share them on your social, professional networks and support OSTechNix. I will be soon here with another useful guide. Until then, stay tuned!

Cheers!

Thanks for stopping by!

Help us to help you:

Have a Good day!!

You May Also Like

11 comments

Anders Jackson May 18, 2017 - 4:22 pm

IF your password is compromised, you need to change it, everywhere. Check all computers you have ssh-login on. Reinstall the computer.

Blocking and forcing to use root password will not help.

Reply
Seth McCombs May 20, 2017 - 2:56 am

Agreed. Sudo exists to prevent the need to give out a root password. This article is a bit much…

Reply
SK May 20, 2017 - 8:44 pm

This method is for only one person who manages all systems. However, I must add an disclaimer note at the end.

Reply
Steve From NH May 20, 2017 - 1:26 am

Don’t ever do this. If you know your password is compromised and a hacker is using it to do admin things via sudo then it’s too late. Time for a re-installation.

Reply
SK May 20, 2017 - 9:00 pm

Yes, agreed. Let us say “Steve” is the only one Administrator who manages all systems. If someone has hacked Steve’s password, the hacker can’t do any destructive tasks without knowing the root password. So, the admin can immediately either change the password or re-install the entire system before the hacker breaks the root user password. I have edited and added a disclaimer note in the guide now. Thanks.

Reply
regexp May 20, 2017 - 2:04 am

This will add little bit security to your system.

No it doesn’t. Not in any way. Now your user has the root password which is most likely written on a post it note (or worse: in last pass). No one should ever use or see the root password. Ever. Mature companies implement Password Access Management tools that automate privileged access and can disable an account globally if compromised. In addition – you can have root credentials auto-rotate after each use if that type of access is required. That dramatically improves security.

Reply
SK May 20, 2017 - 8:39 pm

Agreed.

Reply
Seth McCombs May 20, 2017 - 2:52 am

So the solution to an admin’s password being compromised, is to give out the ROOT password to MORE people?

Reply
SK May 20, 2017 - 8:42 pm

I didn’t mention anywhere giving root password to more people. This method is for only one person who manages all systems.

Reply
Derek Broughton May 22, 2017 - 2:49 am

really, really, stupid.

If I had hacked _your_ account, and you had sudo rights. I’d change the root password, if there was one (which there shouldn’t be)

Reply
Kevin January 26, 2019 - 10:14 pm

To the commenter who said “there shouldn’t be a root password” – so the answer is to allow ordinary users to perform all admin tasks, protected by nothing but their own, often easily-guessed or phished, password? Besides, what do you do if you need to boot into emergency mode and the system prompts you to enter the root password? Sudo is good to give limited access to certain people. Using it for full root access is misusing it.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More