sudo and /etc/sudoers

Derek Broughton derek at
Mon Dec 29 23:27:42 UTC 2008

jdow wrote:

> From: "Derek Broughton" <derek at>

>>  _Somebody_ has to run root programs, and ime it is both possible and
>> advisable to have it not be somebody who is logged in as root.  On one of
>> my
>> large server systems, I am one of the two prime administrators - neither
>> one
>> of us actually has the root password, which _does_ exist but only the
>> daytime computer room operator has.  Works fine.
> I'd feel safer with that sort of configuration if the sudo program had
> an option to use a second password list that had a second unique
> encrypted password for each of the sudoers. Then if your password is
> cracked the person still can't get at sufficient root level tools to

It would be pretty pointless, for the same reason that we don't want to be 
handing out the root password to everybody - _some_ (probably most) of your 
users would just set the password to be the same as their user password.  If 
you did anything to prevent that, they'd either set it to the closest 
possible permutation of their user password, or write it down.

More information about the ubuntu-users mailing list