Re: If one sets 'Defaults rootpw' in sudoers but no root password is it disaster?
Chris Green <cl@isbd.net> wrote:
> Dan Ritter <dsr@randomstring.org> wrote:
> > Chris Green wrote:
> > > I'd like to force a different password from my own password when I do
> > > 'sudo -i' to get root privilege. However I'm a bit frightened about
> > > what might happen if I set 'Defaults rootpw' in the sudoers file but
> > > forget to actually create a root password. (This is on systems where,
> > > previously, I've never had a root password).
> > >
> > > Would this totally lock me out from becoming root? Would the only way
> > > out be to boot into single user mode to mend things?
> >
> > Mostly, yes.
> >
> >
> > > ... or is visudo clever enough to spot this?
> >
> > No.
> >
> > How about this:
> >
> > Create a second user -- we'll call it foo. Give foo sudo
> > privileges. Take away sudo privileges from your normal account.
> >
> > Now, when you want to do something with root privileges, you ssh
> > to localhost as foo:
> >
> > ssh foo@localhost
> >
> > give foo's password to login, then run sudo, giving foo's
> > password again.
> >
> > Never use foo or foo's password in any other context.
> >
> > Does that solve your issue?
> >
> Yes, good idea, also suggested by the other reply. A new/different
> user with sudo rights will be insurance against the above problem and
> might even be a sensible alternative. It would have the advantage of
> not changing the default sudoers configuration too.
>
Ah, but... Of course a different user with sudo rights won't protect
against the above problem as the 'Defaults rootpw' will still demand
the non-existent root password.
However a second user with sudo rights and no sudo rights for the main
user would achieve what I want.
--
Chris Green
·
Reply to: