So, some of you may have noticed that using sudo for elevated permissions no longer requires a passwd. This simplifies things, and I would imagine it was done on purpose, to keep support mails to a minimum.
However, I felt that I should let those of you who are relatively new to Linux / Debian know that this can be very insecure. It really depends mostly on *if* your beaglebone faces the internet or not. . . A couple things you can / should do about this. First, you should at minimum change the default passwd for the default user debian. This is done by using the *passwd* command. Logged in as the user debian, and in the past you could have simply typed the command, then enter the new passwd twice, and be done with it. However, I have found out through hands on experience recently this can be, or just is no longer the case. What *will* work is as follows: debian@beaglebone:~$ *sudo passwd debian* Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Second you *could* completely remove the debian user, and create a new normal user account. The command for this is *useradd*. I'll leave it up to you to explore this command yourselves. Lastly, there is the *visudo* command: debian@beaglebone:~$ sudo visudo Then if you scroll down to where you find . . . %admin ALL=(ALL) ALL debian ALL=NOPASSWD: ALL *debian ALL=NOPASSWD: ALL *is what defines the behavior. You could change "debian ALL=NOPASSWD: ALL" so that it is exactly like how %admin( admin group ) is setup. But I believe all this does is enforce the sudoer to use their own passwd for elevated privileges Not the root users passwd.. This behavior can also be changed. I will leave it up to you the reader however to search the internet using the keywords "debian sudoers file" to find and read the appropriate documentation. -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
