Dan Ritter <d...@randomstring.org> wrote: > Chris Green wrote: > > I'd like to force a different password from my own password when I do > > 'sudo -i' to get root privilege. However I'm a bit frightened about > > what might happen if I set 'Defaults rootpw' in the sudoers file but > > forget to actually create a root password. (This is on systems where, > > previously, I've never had a root password). > > > > Would this totally lock me out from becoming root? Would the only way > > out be to boot into single user mode to mend things? > > Mostly, yes. > > > > ... or is visudo clever enough to spot this? > > No. > > How about this: > > Create a second user -- we'll call it foo. Give foo sudo > privileges. Take away sudo privileges from your normal account. > > Now, when you want to do something with root privileges, you ssh > to localhost as foo: > > ssh foo@localhost > > give foo's password to login, then run sudo, giving foo's > password again. > > Never use foo or foo's password in any other context. > > Does that solve your issue? > Yes, good idea, also suggested by the other reply. A new/different user with sudo rights will be insurance against the above problem and might even be a sensible alternative. It would have the advantage of not changing the default sudoers configuration too.
Thanks all. -- Chris Green ·
