Can you make `su` require a password, even if called with sudo?

Tags:

Answer: 1

36 hours ago

So, I recently secured my root log-in and all sudo requests with 2-factor authentication. However, I noticed that if a user with sudo access that does NOT have 2FA enabled could easily sudo su and gain complete root access. Basically, I want to make sure that this can't happen, and it will still ask for the root password if you try to su root or sudo su.

Added by: Eric Legros

Answer: 2

21 hours ago

Add

Defaults rootpw

to your sudoers file. This will have "sudo" ask for a "root" password and not the "current user" password. You can use a "group" to restrict this to that group.

Manual. The Arch wiki is very solid.


Always use visudo to edit your sudoers file (it will validate changes).

Added by: Zoey Kuhn

Popular Search

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9