[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Emergency mode when root account locked

On 12/12/20 7:29 pm, Andrei POPESCU wrote:
AND run sudo as root, for additional safety
Is this supposed to be ironic? I really can't tell.

There was a detailed discussion here about sudo being a security issue
on our systems. It appears to be default in debian 10, so most of us get
it as default. I looked at replacing sudo.

I found an article that explained how to strengthen it by forcing sudo
to require root password.

If somebody breaks in, they now need my root password to execute
commands that require root permissions (except a couple that I have
given nopasswd privilege).

It's pretty simple.  AFTER you have tested your root password


Defaults        rootpw

to /etc/sudoers

The result:

keith@asus3 Sat12Dec2020@22:49:38 :~$ sudo nano /etc/sudoers
[sudo] password for root: ***

You'll understand that root password must be working BEFORE you amend


Keith Bainbridge


Reply to: