IMPORTANT: sudo / sudoers passwd

So, some of you may have noticed that using sudo for elevated permissions no longer requires a passwd. This simplifies things, and I would imagine it was done on purpose, to keep support mails to a minimum.

However, I felt that I should let those of you who are relatively new to Linux / Debian know that this can be very insecure. It really depends mostly on if your beaglebone faces the internet or not. . .

A couple things you can / should do about this.

First, you should at minimum change the default passwd for the default user debian. This is done by using the passwd command. Logged in as the user debian, and in the past you could have simply typed the command, then enter the new passwd twice, and be done with it. However, I have found out through hands on experience recently this can be, or just is no longer the case. What will work is as follows:

debian@beaglebone:~$ sudo passwd debian
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Second you could completely remove the debian user, and create a new normal user account. The command for this is useradd. I’ll leave it up to you to explore this command yourselves.

Lastly, there is the visudo command:

debian@beaglebone:~$ sudo visudo

Then if you scroll down to where you find . . .

%admin ALL=(ALL) ALL

debian ALL=NOPASSWD: ALL is what defines the behavior. You could change “debian ALL=NOPASSWD: ALL” so that it is exactly like how %admin( admin group ) is setup. But I believe all this does is enforce the sudoer to use their own passwd for elevated privileges Not the root users passwd… This behavior can also be changed. I will leave it up to you the reader however to search the internet using the keywords “debian sudoers file” to find and read the appropriate documentation.

I should also point out that it would be unwise to completely remove the debian user before getting another regular user completely setup, and tested. keywords: “debian how to add user”, will go a long way to help towards this goal.

Also make completely sure you know what you’re doing when editing the sudoers file . . .