Our staging server is on an Amazon EC2 instnace. When you ssh into it you can execute a sudo
command or sudo su
without having to enter a password.
Is there anyway I can require a password from a user when they try a command with sudo
? I have a 3rd party dev who needs access and I want to restrict root privileges for them.
I tried setting a password with sudo passwd
but I still don't require a password.
~$ sudo passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
~$ sudo su
/home/ubuntu# exit
~$ sudo passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
~$ sudo su
/home/ubuntu#
UPDATE
I tried requiring the password by running sudo visudo
and adding:
ubuntu ALL=(ALL) ALL
Now I'm asked for a password but the one which I set does not work! Luckily I created an AMI before I started any of this.
Could the issue be that I don't have a password set for the ubuntu
user, I should I have run sudo passwd ubuntu
rather than sudo passwd root
.
FINAL SOLUTION
Just to clarify, my mistake was that I set the password for the wrong user, I tried to set it for root whereas I should have set it for ubuntu with:
~$ sudo passwd ubuntu
And then updating /etc/sudoers so that the ubuntu user must give their password when running a sudo
command. To edit this file you must run sudo visudo
and add:
ubuntu ALL=(ALL) ALL
Best Answer
If you have a line like
in /etc/sudoers, this will allow all users to sudo without being prompted for passwords. If you uncomment this line you will have to specify which users that are allowed to use sudo, for instance