Re: sudo password vs. login

[Digby Tarvin <digbyt@acm.org>]

On Sun, May 28, 2006 at 08:22:06AM -0600, Joseph Smidt wrote:
> Is there any way to make the sudo password different from the login
> password?  Wouldn't that make it more secure?  That would make two passwords
> you have to get through to have root access vs. one.

Yes, but it doesn't really make sense according to the originally intended
paradigm.

Sudo was intended to allow system administrators to grant normal users
authority to run specific applications with elevated (or just different)
priveledges, and to keep a comprehensive log of such activity.
Requesting the password was intended as a way to make sure that the
person executing the command was the intended user (or someone
who at least knew the users password), and not somebody taking advantage
of an unattended terminal. 

If, on the other hand, sudo is used to give a user permission to run
a shell or similarly open ended application as root, then it is
effectively being used as an alternative to 'su', with the detailed
logging purely optional and with more than one allowable root password,
resulting in a substantial reduction in security.

You can configure it to ask for the root password or target user
password instead of the invoking user's password.

See sudoers(5).

It isn't obvious to me what you would gain by doing this over just using
su - other than letting non-wheel users use the root password.

I suspect what you are thinking of would be some option to store
encrypted passwords in the sudoers file, effectively providing
some sort individual super user password to different users.
There might be something to be said for that if sudo is going to
be used as an open ended 'su' alternative, but as far as I know
it is not currently supported.

Regards,
DigbyT
-- 
Digby R. S. Tarvin                                          digbyt(at)digbyt.com
http://www.digbyt.com