Force Users To Use Root Password Instead Of Their Own Password When Using Sudo Command

Force Users To Use Root Password

As we all know already, one of the advantages of using ‘sudo’ is we don’t have to give root user password to all users to do administrative actions. The users who are added in the sudo group can perform administrative tasks by simply invoking sudo command. In this brief guide, we are going to see how to force users to use root password instead of their own password when using sudo in Linux.

Disclaimer

Giving out the ROOT password to all users is dangerous. This method is opt for only one system admin who handles the entire systems in the network. Just in case the system admin’s password is compromised, the hacker still needs to break the root password to do administrative tasks. So, the admin can immediately change his/her password or re-install the system before the hacker take down the system. This guide is only for educational purpose. Neither me nor OSTechNix is responsible for any damages on production.

Force Users To Use Root Password Instead Of Their Own Password When Using Sudo Command

Switch to root user using any one of the following commands:

$ su

Or,

$ sudo su

Or,

$ su root

Edit sudoers file using command:

$ visudo

Add/modify as shown below in sudoers file.

Defaults:sk rootpw
sk ALL = (ALL) ALL

This allows the user called sk to run any command using sudo privileges on any system. However, s/he needs to use the root password rather than his/her own password when using sudo command.

$ sudo ls -l
[sudo] password for root:
total 0
drwxr-xr-x. 2 sk sk 6 May 17 19:07 ostechnix
drwxr-xr-x. 2 root root 6 May 17 19:11 sk

As you see, it prompts you to enter the root password, not the user’s own password.

Even if your password is hacked, the hacker still need to crack the root user password to get the root access on your system.


Recommended Read: How To Reset Root User Password In Linux


And, that’s all. I hope this helps in some cases. If you find our guides useful, please share them on your social, professional networks and support OSTechNix. I will be soon here with another useful guide. Until then, stay tuned!

Cheers!

Thanks for stopping by!

Help us to help you:

Have a Good day!!

You may also like...

10 Responses

  1. Anders Jackson says:

    IF your password is compromised, you need to change it, everywhere. Check all computers you have ssh-login on. Reinstall the computer.

    Blocking and forcing to use root password will not help.

  2. Steve From NH says:

    Don’t ever do this. If you know your password is compromised and a hacker is using it to do admin things via sudo then it’s too late. Time for a re-installation.

    • SK says:

      Yes, agreed. Let us say “Steve” is the only one Administrator who manages all systems. If someone has hacked Steve’s password, the hacker can’t do any destructive tasks without knowing the root password. So, the admin can immediately either change the password or re-install the entire system before the hacker breaks the root user password. I have edited and added a disclaimer note in the guide now. Thanks.

  3. regexp says:

    This will add little bit security to your system.

    No it doesn’t. Not in any way. Now your user has the root password which is most likely written on a post it note (or worse: in last pass). No one should ever use or see the root password. Ever. Mature companies implement Password Access Management tools that automate privileged access and can disable an account globally if compromised. In addition – you can have root credentials auto-rotate after each use if that type of access is required. That dramatically improves security.

  4. Seth McCombs says:

    So the solution to an admin’s password being compromised, is to give out the ROOT password to MORE people?

    • SK says:

      I didn’t mention anywhere giving root password to more people. This method is for only one person who manages all systems.

  5. really, really, stupid.

    If I had hacked _your_ account, and you had sudo rights. I’d change the root password, if there was one (which there shouldn’t be)

Leave a Reply

Your email address will not be published. Required fields are marked *