How to do sudo su with password?

A

Anton B2016-02-24 23:57:58

Debian

Anton B, 2016-02-24 23:57:58

Goodnight!
I recently started using sudo... I
installed sudo, created a newroot user and added it to the sudo group, disabled root access in ssh.
I sit through neroot, I execute all commands through sudo, when I really need to log in as root, I write su and enter the root password.
... it was a revelation to me today that you can log in as root by writing the sudo su command without entering the root password.
Questions:
1. Is this sudo behavior normal or is it a security hole?
2. If this behavior is normal, why then sudo at all, only to create unnecessary inconvenience for yourself?
3. Should I close sudo su without root password, how to do it?
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry, 2016-02-25
@bigton

I recommend reading: rus-linux.net/nlib.php?name=/MyLDP/BOOKS/ubuntu_ha...
It is up to you whether or not to use sudo su, but this hole is best closed by configuring /etc/sudoers.
And it's better to configure it like this: sudo to users (to perform a limited set of actions), and su to administrators (to provide additional rights)
And to do sudo su without a password:
Add to /etc/sudoers:
%user ALL=(ALL) NOPASSWD: ALL
where user is the name of the user or group for which the privileges are being edited.
After that, the sudo su - command will be executed without asking for a password.