Savage_Hams
Posts: 2
Joined: Sun Dec 30, 2018 12:15 am

Root Password For Sudo?

Sun Dec 30, 2018 12:25 am

Hi all,

New to Raspberry Pi and just started using a 3. Was doing some config changes through cli and noticed sudo commands don't ask for the root pwd. Feeling insecure (haha), I set a root password. However, using the default pi user, I'm still not prompted for root password when using sudo or even switching to the root user. This feels....wrong.

Is there a reason Jessie doesn't prompt for root password when root privileges are needed? Feels like a security hole and I can't get it to prompt for a password to root.

Thanks!

User avatar
scruss
Posts: 2477
Joined: Sat Jun 09, 2012 12:25 pm
Location: Toronto, ON
Contact: Website

Re: Root Password For Sudo?

Sun Dec 30, 2018 2:47 am

here's how to have sudo prompt you for a password: viewtopic.php?t=169212#p1087078
It's not the root password, but your own. Regular users shouldn't know the root password.

Also, jessie is an old Raspbian distribution. Use Stretch.
‘Remember the Golden Rule of Selling: “Do not resort to violence.”’ — McGlashan.

klricks
Posts: 6587
Joined: Sat Jan 12, 2013 3:01 am
Location: Grants Pass, OR, USA
Contact: Website

Re: Root Password For Sudo?

Sun Dec 30, 2018 5:08 am

Savage_Hams wrote:
Sun Dec 30, 2018 12:25 am
Hi all,

New to Raspberry Pi and just started using a 3. Was doing some config changes through cli and noticed sudo commands don't ask for the root pwd. Feeling insecure (haha), I set a root password. However, using the default pi user, I'm still not prompted for root password when using sudo or even switching to the root user. This feels....wrong.

Is there a reason Jessie doesn't prompt for root password when root privileges are needed? Feels like a security hole and I can't get it to prompt for a password to root.

Thanks!
All versions of Raspbian by design/ default have root password disabled, passwordless sudo and auto login to user pi without password.
IMO not necessary to change that unless running a server with open ports on the router.
A while back a nag pop up message was added if ssh is enabled AND the password has not been changed from the default: raspberry
Unless specified otherwise my response is based on the latest and fully updated Raspbian Buster w/ Desktop OS.

JamesPi123
Posts: 111
Joined: Fri Sep 23, 2016 10:02 pm
Location: Inside my Pi
Contact: Website

Re: Root Password For Sudo?

Sun Dec 30, 2018 6:46 am

Code: Select all

sudo bash
then

Code: Select all

passwd root

Savage_Hams
Posts: 2
Joined: Sun Dec 30, 2018 12:15 am

Re: Root Password For Sudo?

Sun Dec 30, 2018 6:54 pm

Thanks all! It's really not a big deal but was curious potential risks from it and wanted to see what the community thought. The ease of getting into root is counter to all my previous Linux knowledge.

mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: Root Password For Sudo?

Sun Dec 30, 2018 7:56 pm

Savage_Hams wrote:
Sun Dec 30, 2018 6:54 pm
Thanks all! It's really not a big deal but was curious potential risks from it and wanted to see what the community thought. The ease of getting into root is counter to all my previous Linux knowledge.
Based on the link in the first reply to this thread (2nd post) you can edit (or just remove) the file /etc/sudoers.d/010_pi-nopasswd which will result in sudo prompting for the users password. With the standard rules sudo can only be used like that by users in the sudo group (which pi is). You can also write custom sudo rules which allow certain users (or groups) to only run certain commands as another user (it doesn't just have to be root).

There are various arguments about whether sudo or su provides the best security. Both have their merits and drawbacks.

Return to “Beginners”