So, some of you may have noticed that using sudo for elevated permissions no longer requires a passwd. This simplifies things, and I would imagine it was done on purpose, to keep support mails to a minimum.
However, I felt that I should let those of you who are relatively new to Linux / Debian know that this can be very insecure. It really depends mostly on if your beaglebone faces the internet or not. . .
A couple things you can / should do about this.
First, you should at minimum change the default passwd for the default user debian. This is done by using the passwd command. Logged in as the user debian, and in the past you could have simply typed the command, then enter the new passwd twice, and be done with it. However, I have found out through hands on experience recently this can be, or just is no longer the case. What will work is as follows:
debian@beaglebone:~$ sudo passwd debian
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Second you could completely remove the debian user, and create a new normal user account. The command for this is useradd. I’ll leave it up to you to explore this command yourselves.
Lastly, there is the visudo command:
debian@beaglebone:~$ sudo visudo
Then if you scroll down to where you find . . .
%admin ALL=(ALL) ALL
debian ALL=NOPASSWD: ALL
debian ALL=NOPASSWD: ALL is what defines the behavior. You could change “debian ALL=NOPASSWD: ALL” so that it is exactly like how %admin( admin group ) is setup. But I believe all this does is enforce the sudoer to use their own passwd for elevated privileges Not the root users passwd… This behavior can also be changed. I will leave it up to you the reader however to search the internet using the keywords “debian sudoers file” to find and read the appropriate documentation.