I'd like to force a different password from my own password when I do
'sudo -i' to get root privilege. However I'm a bit frightened about
what might happen if I set 'Defaults rootpw' in the sudoers file but
forget to actually create a root password. (This is on systems where, previously, I've never had a root password).

Would this totally lock me out from becoming root? Would the only way
out be to boot into single user mode to mend things?

... or is visudo clever enough to spot this?

--
Chris Green
·

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I am to tired to test this now - but I guess as prerequisite you should
then give the root user a password.  A long time ago I was "providing"
root with a password in some Debian or Ubuntu system using 'passwd'.

sudo should not cope with an undefined root password, and visudo is just
a wrapper around vi(m).


BTW just for testing you can create another - temporary - user and give
him the sudo rights.


On 15.10.2024 22.19, Chris Green wrote:

I'd like to force a different password from my own password when I do
'sudo -i' to get root privilege. However I'm a bit frightened about
what might happen if I set 'Defaults rootpw' in the sudoers file but
forget to actually create a root password. (This is on systems where, previously, I've never had a root password).

Would this totally lock me out from becoming root? Would the only way
out be to boot into single user mode to mend things?

... or is visudo clever enough to spot this?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Chris Green wrote:

I'd like to force a different password from my own password when I do
'sudo -i' to get root privilege. However I'm a bit frightened about
what might happen if I set 'Defaults rootpw' in the sudoers file but
forget to actually create a root password. (This is on systems where, previously, I've never had a root password).

Would this totally lock me out from becoming root? Would the only way
out be to boot into single user mode to mend things?

Mostly, yes.

... or is visudo clever enough to spot this?

No.

How about this:

Create a second user -- we'll call it foo. Give foo sudo
privileges. Take away sudo privileges from your normal account.

Now, when you want to do something with root privileges, you ssh
to localhost as foo:

ssh foo@localhost

give foo's password to login, then run sudo, giving foo's
password again.

Never use foo or foo's password in any other context.

Does that solve your issue?

-dsr-

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Dan Ritter <dsr@randomstring.org> wrote:

Chris Green wrote:

I'd like to force a different password from my own password when I do
'sudo -i' to get root privilege. However I'm a bit frightened about
what might happen if I set 'Defaults rootpw' in the sudoers file but
forget to actually create a root password. (This is on systems where, previously, I've never had a root password).

Would this totally lock me out from becoming root? Would the only way
out be to boot into single user mode to mend things?

Mostly, yes.

... or is visudo clever enough to spot this?

No.

How about this:

Create a second user -- we'll call it foo. Give foo sudo
privileges. Take away sudo privileges from your normal account.

Now, when you want to do something with root privileges, you ssh
to localhost as foo:

ssh foo@localhost

give foo's password to login, then run sudo, giving foo's
password again.

Never use foo or foo's password in any other context.

Does that solve your issue?

Yes, good idea, also suggested by the other reply. A new/different
user with sudo rights will be insurance against the above problem and
might even be a sensible alternative. It would have the advantage of
not changing the default sudoers configuration too.

Thanks all.

--
Chris Green
·

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Chris Green <cl@isbd.net> wrote:

Dan Ritter <dsr@randomstring.org> wrote:

Chris Green wrote:

I'd like to force a different password from my own password when I do 'sudo -i' to get root privilege. However I'm a bit frightened about
what might happen if I set 'Defaults rootpw' in the sudoers file but forget to actually create a root password. (This is on systems where, previously, I've never had a root password).

Would this totally lock me out from becoming root? Would the only way
out be to boot into single user mode to mend things?

Mostly, yes.

... or is visudo clever enough to spot this?

No.

How about this:

Create a second user -- we'll call it foo. Give foo sudo
privileges. Take away sudo privileges from your normal account.

Now, when you want to do something with root privileges, you ssh
to localhost as foo:

ssh foo@localhost

give foo's password to login, then run sudo, giving foo's
password again.

Never use foo or foo's password in any other context.

Does that solve your issue?

Yes, good idea, also suggested by the other reply. A new/different
user with sudo rights will be insurance against the above problem and
might even be a sensible alternative. It would have the advantage of
not changing the default sudoers configuration too.

Ah, but... Of course a different user with sudo rights won't protect
against the above problem as the 'Defaults rootpw' will still demand
the non-existent root password.

However a second user with sudo rights and no sudo rights for the main
user would achieve what I want.

--
Chris Green
·

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)