Re: If one sets 'Defaults rootpw' in sudoers but no root password is it disaster?
Dan Ritter <dsr@randomstring.org> wrote:
> Chris Green wrote:
> > I'd like to force a different password from my own password when I do
> > 'sudo -i' to get root privilege. However I'm a bit frightened about
> > what might happen if I set 'Defaults rootpw' in the sudoers file but
> > forget to actually create a root password. (This is on systems where,
> > previously, I've never had a root password).
> >
> > Would this totally lock me out from becoming root? Would the only way
> > out be to boot into single user mode to mend things?
>
> Mostly, yes.
>
>
> > ... or is visudo clever enough to spot this?
>
> No.
>
> How about this:
>
> Create a second user -- we'll call it foo. Give foo sudo
> privileges. Take away sudo privileges from your normal account.
>
> Now, when you want to do something with root privileges, you ssh
> to localhost as foo:
>
> ssh foo@localhost
>
> give foo's password to login, then run sudo, giving foo's
> password again.
>
> Never use foo or foo's password in any other context.
>
> Does that solve your issue?
>
Yes, good idea, also suggested by the other reply. A new/different
user with sudo rights will be insurance against the above problem and
might even be a sensible alternative. It would have the advantage of
not changing the default sudoers configuration too.
Thanks all.
--
Chris Green
·
Reply to: