Wednesday, May 31, 2017

Force Users To Use Root Password Instead Of Their Own Password When Using Sudo Command

Force Users To Use Root Password Instead Of Their Own Password When Using Sudo Command


As we all know already, one of the advantages of using ‘sudo’ is we don’t have to give root user password to all users to do administrative actions. The users who are added in the sudo group can perform administrative tasks by simply invoking sudo command. Now, Picture this scenerio. Let us say, you’re the only one system admin who perform all administrative tasks, and your password is compromised by some hacker. Now, the hacker can do all sorts of administrative actions with sudo command, isn’t it? In such cases, we need to force some users (Admins& to use root password instead of their own password. This is just a simple example. The use cases might be different for you.

Disclaimer: Giving out the ROOT password to all users is dangerous. This method is opt for only one system admin who handles the entire systems in the network. Even If the system admin’s password is compromised, the hacker still needs to break the root password to do administrative tasks. So, the admin can immediately change his/her password or re-install the system before the hacker take down the system.
In this guide, We will see how to force users to use root password to do administrative tasks instead of using their own password when using sudo command.

Switch to root user using any one of the following commands:
su
Or,
sudo su
Or,
su root
Edit sudoers file using command:
visudo
Add/modify as shown below in sudoers file.
Defaults:sk rootpw
sk ALL = (ALL) ALL
This allows the user called sk to run any command using sudo privileges on any system. However, s/he needs to use the root password rather than his/her own password when using sudo command.
sudo ls -l
[sudo] password for root:
total 0
drwxr-xr-x. 2 sk sk 6 May 17 19:07 ostechnix
drwxr-xr-x. 2 root root 6 May 17 19:11 sk
As you see, it prompts you to enter the root password, not the user’s own password.
Even if your password is hacked, the hacker still need to crack the root user password to get the root access on your system. This will add little bit security to your system.

No comments: