Force Users To Use Root Password Instead Of Their Own Password When Using Sudo Command

Force Users To Use Root Password

As we all know already, one of the advantages of using ‘sudo’ is we don’t have to give root user password to all users to do administrative actions. The users who are added in the sudo group can perform administrative tasks by simply invoking sudo command. Now, Picture this scenerio. Let us say, you’re the only one system admin who perform all administrative tasks, and your password is compromised by some hacker. Now, the hacker can do all sorts of administrative actions with sudo command, isn’t it? In such cases, we need to force some users (Admins& to use root password instead of their own password. This is just a simple example. The use cases might be different for you.

Disclaimer: Giving out the ROOT password to all users is dangerous. This method is opt for only one system admin who handles the entire systems in the network. Even If the system admin’s password is compromised, the hacker still needs to break the root password to do administrative tasks. So, the admin can immediately change his/her password or re-install the system before the hacker take down the system.

In this guide, We will see how to force users to use root password to do administrative tasks instead of using their own password when using sudo command.

Force Users To Use Root Password Instead Of Their Own Password When Using Sudo Command

Switch to root user using any one of the following commands:

su

Or,

sudo su

Or,

su root

Edit sudoers file using command:

visudo

Add/modify as shown below in sudoers file.

Defaults:sk rootpw
sk ALL = (ALL) ALL

This allows the user called sk to run any command using sudo privileges on any system. However, s/he needs to use the root password rather than his/her own password when using sudo command.

sudo ls -l
[sudo] password for root:
total 0
drwxr-xr-x. 2 sk sk 6 May 17 19:07 ostechnix
drwxr-xr-x. 2 root root 6 May 17 19:11 sk

As you see, it prompts you to enter the root password, not the user’s own password.

Even if your password is hacked, the hacker still need to crack the root user password to get the root access on your system. This will add little bit security to your system.


Recommended Read: How To Reset Root User Password In Linux


And, that’s all. I hope this helps in some cases. If you find our guides useful, please share them on your social, professional networks and support OSTechNix. I will be soon here with another useful guide. Until then, stay tuned!

Cheers!

Thanks for stopping by!

Help us to help you:

Have a Good day!!

You may also like...

  • Anders Jackson

    IF your password is compromised, you need to change it, everywhere. Check all computers you have ssh-login on. Reinstall the computer.

    Blocking and forcing to use root password will not help.

    • Agreed. Sudo exists to prevent the need to give out a root password. This article is a bit much…

    • SK

      This method is for only one person who manages all systems. However, I must add an disclaimer note at the end.

  • Steve From NH

    Don’t ever do this. If you know your password is compromised and a hacker is using it to do admin things via sudo then it’s too late. Time for a re-installation.

    • SK

      Yes, agreed. Let us say “Steve” is the only one Administrator who manages all systems. If someone has hacked Steve’s password, the hacker can’t do any destructive tasks without knowing the root password. So, the admin can immediately either change the password or re-install the entire system before the hacker breaks the root user password. I have edited and added a disclaimer note in the guide now. Thanks.

  • regexp

    This will add little bit security to your system.

    No it doesn’t. Not in any way. Now your user has the root password which is most likely written on a post it note (or worse: in last pass). No one should ever use or see the root password. Ever. Mature companies implement Password Access Management tools that automate privileged access and can disable an account globally if compromised. In addition – you can have root credentials auto-rotate after each use if that type of access is required. That dramatically improves security.

    • SK

      Agreed.

  • So the solution to an admin’s password being compromised, is to give out the ROOT password to MORE people?

    • SK

      I didn’t mention anywhere giving root password to more people. This method is for only one person who manages all systems.

  • really, really, stupid.

    If I had hacked _your_ account, and you had sudo rights. I’d change the root password, if there was one (which there shouldn’t be)