I have an ubuntu instance on AWS.
After getting ssh login, I was able to change to root password with sudo su command.
For security reasons, I wanted to change the root password. So I tried the following :
root@email:/home/ubuntu# sudo passwd root Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@email:/home/ubuntu#
After changing the password when I try to sudo su, it doesn't ask for password
ubuntu@email:~$ sudo su root@email:/home/ubuntu#
Whereas, when I try only su, it prompts for one:
ubuntu@email:~$ su Password:
How to implement security or set a password for sudo su?
This line in your sudoers file
#includedir /etc/sudoers.d
makes it include other files from /etc/sudoers.d/ directory. One of these included files probably sets a rule with NOPASSWD that causes the issue.
Before you change something, make sure your regular user has a valid nonempty password. You can check this to set password for a user in Linux.
sudo will ask for a password even when you don't have one, and won't accept an empty password. When in doubt, invoke passwd and set a brand new password for your regular user.
Then edit files in the directory /etc/sudoers.d/
Look for lines like
ubuntu ALL=(ALL) NOPASSWD:ALL
Do
nano /etc/sudoers.d/
and comment out lines similar to above ones, So that it will looks like this
#ubuntu ALL=(ALL) NOPASSWD:ALL
