The sys admin's daily grind: sudoers

Charly's Column – sudoersn

Article from Issue 221/2019
Author(s):

"I've seen penguins that can type better than that." If you give sudo the wrong password, you deserve to be shouted at, says sys admin columnist Charly. He is not exempt from the insult and sees it as an opportunity to raise sudoing awareness.

If you work with and on Linux, you are likely to type sudo regularly to execute programs with another user's privileges – typically the superuser's. sudo will then understandably ask for the appropriate password. In times when my fingers refuse to obey me and I enter the secret password wrong three times in succession, sudo rejects my request to escalate. Okay, if you fail to type the password correctly despite having had three attempts, maybe you shouldn't be messing around on the system with root privileges. So far, so good, but free software can surely offer more than that!

sudo visudo

sudo looks for its default settings in the /etc/sudoers file. You can't just open it with an editor; instead, you need to use the visudo command – assuming you're root. (If I'm on the road as a user, I have to type sudo visudo, which strangely makes me laugh.) At the beginning of the file are some lines that start with Defaults. You need to add two lines here (Figure 1):

Defaults insults
Defaults passwd_tries=5

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Sudo Voodoo

    By taking the time to learn sudo's many options, you can make your system more secure.

    more »
  • Command Line: Sudo and Passwords

    Sudo provides the building blocks to secure your system exactly the way you want it.

    more »
  • Sudo and PolicyKit

    If you give users who are usually supervised more scope to help themselves, they will need additional privileges. The sudo tool and the PolicyKit authorization service can control who does what on Linux.

    more »
  • The sys admin's daily grind: rss2email

    In order to keep up to date with security, Charly uses RSS feeds, among other things. He lets rss2email send the most important feeds directly to his mailbox to ensure that nothing is overlooked.

    more »
  • Charly's Column – pwquality

    Regular password changes are a thing of the past: Strong passwords for each individual service provide more protection. Charly pimped his Ubuntu accordingly with a suitable PAM module.

    more »
comments powered by Disqus