PDA

View Full Version : [ubuntu] Changing Sudo Password?



skymera
June 27th, 2008, 12:41 PM
Hi,

Is it possible to change the sudo password so it's not my login password?

I was thinking of creating a root password and removing myself from the sudoers file. This i would see as a last resort.

lisati
June 27th, 2008, 12:43 PM
It might be easier to set up a "day to day" account without admin privileges. That way, you can use your machine with greater protection against muck-ups, and then use your admin account only for system maintenance.

skymera
June 27th, 2008, 01:03 PM
Thats one idea.

But i install + remove programs a lot etc so it's necessary for me to have sudo.

neurostu
June 27th, 2008, 01:41 PM
No you cannot set your SUDO password to be different then the login password. Each account has a password associated with it.

forger
June 27th, 2008, 01:46 PM
Thats one idea.

But i install + remove programs a lot etc so it's necessary for me to have sudo.

You could limit your sudo: man sudoers

sudo cat /etc/sudoers

ibutho
June 27th, 2008, 02:12 PM
I was thinking of creating a root password and removing myself from the sudoers file. This i would see as a last resort.
Thats what I do on my systems (yeah some moan that its not recommended but their justification is pretty lame in my opion because thats what other distros do and it works fine). I setup a password for root, remove myself from the admin group and also disable the privileges for the admin group using visudo.

skymera
June 27th, 2008, 03:43 PM
Thats what I do on my systems (yeah some moan that its not recommended but their justification is pretty lame in my opion because thats what other distros do and it works fine). I setup a password for root, remove myself from the admin group and also disable the privileges for the admin group using visudo.

Could you give details how i would go about doing this?

Thanks =D

ibutho
June 27th, 2008, 04:06 PM
First you give root a password whilst logged in as the admin user (sudo passwd root). You then need to switch to root using the command "su -" and run visudo. Change

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

to

# Members of the admin group may gain root privileges
#%admin ALL=(ALL) ALL

You can then logout as root (exit or CTRL-D) and also log out of your normal user session and then log back in. You will then need to use "su" and "su -" to switch to root. To run individual commands as root, you can do

su -c "some commands"
To remove the user from the admin group, you can do

gpasswd -d user admin
user is the username of whoever you want to remove from the admin group. You can even go as far as removing the admin group using groupdel if you wish.

The downside to this is that some apps are hard coded for the sudo stuff, but you can start then using su or gksu.