sudo password

[Dave Howorth]

Fred Roller wrote:
> For me, Dave, when I build a system that needs this criteria I build 
> with the "admin" - default - account and a strong passphrase.  Once 
> built, I then create an unprivileged user for daily use.

Thanks for this suggestion, Fred. I'm trying your approach as a first
attempt. I created another user (not admin, to make it slightly harder
to attack) and made him part of the admin group and now he can sudo with
the best.

Then I tried to stop my own user from being able to sudo by removing me
from /etc/group with vigr (and vigr -s). But I can still sudo.

[A bit later] - I've now discovered that if I log in again, I can no
longer sudo. So I guess there's a security hole while any user who has
their privilege revoked still has a login session. But that doesn't
matter to me.

Cheers, Dave