1

The scenario is this:

  • I have a development machine I want (need) to have root access to
  • Our admin setups the machines using his own credentials for the root user. The explanation being that if something goes wrong or he needs to change something he just have to remember one password
  • He then proceeds to give each user access to "sudo" without questioning for the password

Now I really dislike the fact that sudo wouldn't prompt me for my password. How does a user configuration look like that gives me and the admin complete root permissions (2 logins), with sudo prompting me for my password (and not root) look like?

oschrenk
  • 223
  • 4
  • 5
  • Yeah. It is a little confusing. I don't often have to use sudo and having a password needed for it acts as a good safeguard for not ruining stuff. I can't use the password from root as its the sysadmins default password. He won't give the password to me, but he is ok with me running every command with sudo. – oschrenk Oct 27 '11 at 13:50
  • Which distro are you using? – quanta Oct 27 '11 at 14:16
  • I'm running OpenSuse 11.2 – oschrenk Oct 27 '11 at 14:36

3 Answers3

7

Type visudo, you will see something like this:

<your_user>  ALL=(ALL)   NOPASSWD:ALL

If you want sudo prompt for a password, just remove NOPASSWD

<your_user>  ALL=(ALL)   ALL

UPDATE

As @MikeyB mentioned, by default, sudo will prompt for a password of the invoking user. But if you turn on the targetpw flag:

Defaults targetpw

sudo will ask for the password of the target user.

quanta
  • 51,413
  • 19
  • 159
  • 217
  • But then it will prompt me for root's password which I don't have. I want it to prompt for mine – oschrenk Oct 27 '11 at 13:59
  • 2
    No - it will prompt you for your password. Sudo does not use the root password at all, only su does that. – pauska Oct 27 '11 at 14:03
  • 1
    No, you are wrong. It will prompt you for your password, not `root`. – quanta Oct 27 '11 at 14:05
  • I got to admit that I'm not that familiar with unix security model but this is what the terminal says after I changed ` ALL=(ALL) NOPASSWD:ALL` to ` ALL=(ALL) ALL`: `touch file`, `sudo rm file` `$ root's password:` and when I type in my own it states `Sorry, try again` – oschrenk Oct 27 '11 at 14:12
  • 1
    Ah, in your particular file the `targetpw` option is turned on. – MikeyB Oct 27 '11 at 14:33
  • What happens to the other users on the system if I turn off the option? Any side effects I don't see now? – oschrenk Oct 27 '11 at 14:45
  • It will prompt for their own password. – quanta Oct 27 '11 at 14:47
  • @quanta If you edit your answer to include the targetpw option, I'll accept it. – oschrenk Oct 27 '11 at 14:50
  • Frankly speaking, I forgot this option. – quanta Oct 27 '11 at 14:58
  • No problem. I'm new here. So what is the etiquette? Accept the answer if a comment points out missing some minor part of the solution? – oschrenk Oct 27 '11 at 15:08
2

The answer lies in the sudoers(5) file, which you edit using visudo(8).

As the exmaples there show you, your current sudoers setup will look like this:

%wheel ALL = (ALL) NOPASSWD: ALL

You can change this to:

%wheel ALL = (ALL) ALL

adaptr
  • 16,576
  • 23
  • 34
1

This is just a remark... Some people new with sudo may do the following mistake : sudo -u root -i or sudo -s or sudo -i -->which has the effect to ask your own password, and then if you re successful give you a brand new shell environment(/bin/bash) running with root privilege... Wonderfull... yeah, BUT then the "sudo-newbie" wants to create a file...and he type the following : sudo touch myEpicStoriesWithSudo.txt

--> Of course now sudo will ask for a password... but not your own!!! the one of root because you were not you --> you were root

And you can replace root by any generic-user you want, I had the issue with a lot of DBA when we went to sudo "sudo -u oracle -i" ;)

I hope this can helps you with sudo and all the schizophrenic issue that come with it ;) Regards

Mike
  • 61
  • 6