Why does `sudo passwd root` reset my root password? Is this a security risk?
Solution 1
First of all, sudo executes commands as root, so resetting the actual root password while accessing as root to begin with usually isn't a problem. You already have root access through sudo, so there's little change. (This assumes you don't have a setup that restricts user commands but allows them to sudo passwd ... But that's a configuration issue.)
Secondly, in order to remotely infiltrate a PC through the use of sudo passwd, you would have to a) trick the user into giving you the user password one way or another (which, again, gives sudo access just as well), or b) have physical access to the machine, in which case "remote" probably isn't so true anymore.
So, no, there is no direct security risk. Certain (but uncommon and illogical) configurations may create a loophole there, but that's it.
Solution 2
No, it's not a security problem. If you have the ability to run sudo commands as root, which users generally do in Ubuntu, you're fine. The idea behind sudo is that you can run commands as root, without logging in as root.
Not a security problem. Not unusual. The system is working like it's supposed to. Nothing to see here.
Solution 3
It is not a big problem, Your user was granted as root.You can create a user that is not granted as root.
Look at account type, a Administrator can use sudo to become root.
Administrator:
Standard:
But how it actually work? We can find answer at /etc/sudoers (open it as root)
You will see
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
It means only member of sudo and admin can use sudo to have more permission than a normal user.
You may also wants to check /etc/group (open it as root) to know who is in these group.
Solution 4
sudo runs commands as a user other than the one currently logged in. Usually you'd use this to run stuff as root, though you can run stuff as other users too.
So sudo passwd root tells the system to change the root password, and to do it as though you were root. The root user is allowed to change the root user's password, so the password changes. The system is working as designed.
The missing piece of this puzzle is that not everyone is allowed to use sudo. In fact, the way that sudo is configured by default, only one group of users is allowed to do that. The user you created when you installed the system is automatically put into that group, but you can create users who aren't. You can even take yourself out of that group if you really want to. You can even set sudo up so that some users (or groups of users) are only allowed to do certain specific things.
That said, it's true that your first user is allowed to do anything as root. This is why sudo asks you for your password. An attacker who gets into your account won't need that the root password to do root-y things, but will still need your password to do them. A lot of attacks don't actually give the attacker your password, so sudo still limits the damage that can be done by those attacks.
Related videos on Youtube
04 : 10
01 : 35
04 : 18
03 : 06
02 : 50
Harry
Graduate student study computer engineering, Computer security applications. Intrusion detection system and attack forensics. C/C++ developer. Distributed system and cloud computing security.
Updated on September 18, 2022Comments
-
Harry over 1 year
Both in my ubuntu desktop host and virtual machine. I have't login as root for about a month, during which I upgraded the kernel. I found my root password doesn't work anymore. However, by using
sudo passwd root, I can easily reset the root password by current user password. How could this happen? I don't have a problem anymore, just curious about the underline reason for this. Thank you!