3

How to ensure that all identity changes for a privileged user account belonging to the wheel group on a privileged user account are performed without having to provide a password without deleting the password for the root account?

KonradDos
  • 2,971
  • AFAIK there is no way to do such a thing, and it would be a bad idea if you could. The entire point of having a separate root account and a password for said account is that you need to be very intentional. What if you were logged in as this privileged user, and you went afk while forgetting to log out? Someone could very easily use your account to gain root access, create a backdoor into your system, and exit and you may be none the wiser if they did so fast enough. Not to say I would be necessarily surprised if some way to do this /does/ exist, but I don't think it would be a good idea. – Aargonian Mar 24 '17 at 19:24
  • I know its bad idea, but i am using virtual machine to learn that. I need to know it to pass my exams in near future. – KonradDos Mar 24 '17 at 19:28
  • 1
    I'm not really sure whatyou are asking for. But as far as I understand, you could manage that by adding the wheel group to the /etc/sudoers file with option NOPASSWD - see man sudoers. – ridgy Mar 24 '17 at 19:40

2 Answers2

3

It sounds like you want these users accounts to be able to sudo to root with out providing a password. If this is the case, this is actually quite easy.

You can create a file in /etc/sudoers.d to define the sudo behaviour and also to define sudo perimissions.

Say you have an account named a account defined named lindsay. You want Lindsay to have sudo access, without needing to type in her password when using sudo. To accomplish this you would do the following:

  1. Create a new file in /etc/sudoers.d using your favourite text editor. In my example I'll create a file in this location named lindsay since that'll help to remember what this is for later.
  2. Add the following single line of text to the newly created file and save the changes.

lindsay ALL=(ALL) NOPASSWD:ALL

  1. Next we need to set permissions of 0400 on this file:

chmod 0400 /etc/sudoers.d/lindsay

That's it! Our user Lindsay will now be able to sudo to root without re-authenticating by typing in her password. You can find more details about the syntax and some examples in the link below.

Be aware of the security implications of doing this since you are intentionally weakening the security of your Ubuntu installation.

Cheers!

Sudoers - Community Help Wiki

Community
  • 1
SimonSays
  • 84
  • You should be using visudo to make edits the reason being that visudo checks syntax. If you do not use visudo , and make a typo, you will break sudo. You can then only fix things by booting to recovery mode. – Panther Mar 27 '17 at 18:19
0

First, by default, there is no password set by default for the root account on Ubuntu.

Second, you access root by using sudo, and you may configure sudo to run without a password if you so desire. This can be set per user or per group.

How to configure sudo is covered

Execute sudo without Password?

Sudoers file, enable NOPASSWD for user, all commands

and https://www.sudo.ws/man/1.8.15/sudoers.man.html

I know it is an answer with a number of links, but, I am not sure if I am understanding what you are asking and IMO this is one instance where you really should read the manual before editing.

IMO use visudo as it will check your syntax before saving changes.

See Is there a GUI for visudo?

and https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos

Community
  • 1
Panther
  • 102,067