I have an ubuntu instance on AWS.
After getting ssh login, I was able to change to root password with sudo su
command.
For security reasons, I wanted to change the root password.
So I tried the following :
root@email:/home/ubuntu# sudo passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@email:/home/ubuntu#
After changing password when I try to sudo su
, it doesnt asks for password
ubuntu@email:~$ sudo su
root@email:/home/ubuntu#
Whereas, when I try only su
, it prompts for one:
ubuntu@email:~$ su
Password:
How to implement security or set a password for sudo su
?
Following are the details of sudoers (visudo)
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
sudo -k
also doesn't prompts for password. adding content of sudoers file in the question.sudo -k
,sudo su
isnt prompting for a password.sudo ls
is also not asking password:(su
never asks for a password when it is run by root. Since you are runningsudo
first,su
is run as root. Never runsudo su
. If you want a root shell, runsudo -s
.