검색
검색

Can you make `su` require a password, even if called with sudo?

debugcn 에 게시 Dev
5
user323419

So, I recently secured my root log-in and all sudo requests with 2-factor authentication. However, I noticed that if a user with sudo access that does NOT have 2FA enabled could easily sudo su and gain complete root access. Basically, I want to make sure that this can't happen, and it will still ask for the root password if you try to su root or sudo su.

Rinzwind

Add

Defaults rootpw

to your sudoers file. This will have "sudo" ask for a "root" password and not the "current user" password. You can use a "group" to restrict this to that group.

Manual. The Arch wiki is very solid.

Always use visudo to edit your sudoers file (it will validate changes).

이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.

침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제

에서 수정
0

몇 마디 만하겠습니다

0리뷰
로그인참여 후 검토

관련 기사

분류에서Dev

What is it called when you can log into multiple workstations with one username and password

분류에서Dev

Permissions depending on how you login: ssh/su/sudo

분류에서Dev

Can't sudo because password is disabled

분류에서Dev

Is it possible to enter password for sudo only once, and configure it to not require for password on other terminals?

분류에서Dev

How to get sudo to prompt you for a password each time

분류에서Dev

`byobu` window with`sudo su -`

분류에서Dev

How EC2 instances don't require password for sudo for Ubuntu user but 'include' is commented?

분류에서Dev

sudo su "username"대 su "username"

분류에서Dev

Why is sudo -s better than sudo su?

분류에서Dev

sudo su 셸 변경

분류에서Dev

sudo su 셸 변경

분류에서Dev

Prompting for a password on sudo?

분류에서Dev

Rsync ask for password even though I can SSH in without a password using a key

분류에서Dev

su 대 sudo -s 대 sudo -i 대 sudo bash

분류에서Dev

Why does std::make_unique not require an argument in a default member initialisation if it is never called?

분류에서Dev

How to make input password require at least one special character (bracket included)

분류에서Dev

Installed RailsFTW and I can't even make a new project

분류에서Dev

Can someone determine my previous sudo password was if they have access to my machine and my new one?

분류에서Dev

how can i make a username and password test method that doesnt overlap?

분류에서Dev

sudo su-와 su-의 차이점

분류에서Dev

setting sudo password different from login password

분류에서Dev

Ruby on Rails, require old password to change password

분류에서Dev

sudo 노틸러스 대 su

분류에서Dev

sudo su-SSH 직후

분류에서Dev

redhat linux sudo su-실패

분류에서Dev

Sudo Su 자동 로그인

분류에서Dev

how to pass environment variable to sudo su

분류에서Dev

Sudo command not found (su login not working)

분류에서Dev

What is the difference between sudo -i and su?

Related 관련 기사

  1. 1

    What is it called when you can log into multiple workstations with one username and password

  2. 2

    Permissions depending on how you login: ssh/su/sudo

  3. 3

    Can't sudo because password is disabled

  4. 4

    Is it possible to enter password for sudo only once, and configure it to not require for password on other terminals?

  5. 5

    How to get sudo to prompt you for a password each time

  6. 6

    `byobu` window with`sudo su -`

  7. 7

    How EC2 instances don't require password for sudo for Ubuntu user but 'include' is commented?

  8. 8

    sudo su "username"대 su "username"

  9. 9

    Why is sudo -s better than sudo su?

  10. 10

    sudo su 셸 변경

  11. 11

    sudo su 셸 변경

  12. 12

    Prompting for a password on sudo?

  13. 13

    Rsync ask for password even though I can SSH in without a password using a key

  14. 14

    su 대 sudo -s 대 sudo -i 대 sudo bash

  15. 15

    Why does std::make_unique not require an argument in a default member initialisation if it is never called?

  16. 16

    How to make input password require at least one special character (bracket included)

  17. 17

    Installed RailsFTW and I can't even make a new project

  18. 18

    Can someone determine my previous sudo password was if they have access to my machine and my new one?

  19. 19

    how can i make a username and password test method that doesnt overlap?

  20. 20

    sudo su-와 su-의 차이점

  21. 21

    setting sudo password different from login password

  22. 22

    Ruby on Rails, require old password to change password

  23. 23

    sudo 노틸러스 대 su

  24. 24

    sudo su-SSH 직후

  25. 25

    redhat linux sudo su-실패

  26. 26

    Sudo Su 자동 로그인

  27. 27

    how to pass environment variable to sudo su

  28. 28

    Sudo command not found (su login not working)

  29. 29

    What is the difference between sudo -i and su?

뜨겁다태그

보관