Sudo is also user login password - why? how to change?

security permissions sudo login

Solution 1:

Yes, that is how it should be. Ubuntu is designed this way.

Benefits of using sudo (from the Community Help Wiki):

  1. The Ubuntu installer has fewer questions to ask.
  2. Users don't have to remember an extra password (i.e. the root password), which they are likely to forget (or write down so anyone can crack into their account easily).
  3. It avoids the "I can do anything" interactive login by default (e.g. the tendency by users to login as an "Administrator" user in Microsoft Windows systems), you will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing.
  4. sudo adds a log entry of the command(s) run (in /var/log/auth.log). If you mess up, you can always go back and see what commands were run. It is also nice for auditing.
  5. Every cracker trying to brute-force their way into your box will know it has an account named Root and will try that first. What they don't know is what the usernames of your other users are. Since the Root account password is locked, this attack becomes essentially meaningless, since there is no password to crack or guess in the first place.
  6. Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from groups, while not compromising the Root account.
  7. sudo can be setup with a much more fine-grained security policy.
  8. The Root account password does not need to be shared with everybody who needs to perform some type of administrative task(s) on the system (see the previous bullet).
  9. The authentication automatically expires after a short time (which can be set to as little as desired or 0); so if you walk away from the terminal after running commands as Root using sudo, you will not be leaving a Root terminal open indefinitely.

Other Linux distributions use a separate root user with a different password. If you wish to use Ubuntu like that, you can set a password for root:

sudo passwd

Then you can log in as root from TTY or run su - from a terminal and enter the root password.

Once you can log in as root, you can remove yourself from the sudo group:

gpasswd -d <user> sudo

Related

Wifi connected but no data transfer: "ping: sendmsg: No buffer space available"
Skype doesn't find my audio input
How to configure idle period for auto locking screen
How can I get the correct Spanish Keyboard layout?
Keep the Ubuntu package version I'm using now [duplicate]
Lifespan a flash drive running Ubuntu?
SSH welcome message on 17.04 shows notice about 12.04
Ubuntu says 13.04 but lsb_release says 12.10
What does // mean in a path?
How do I install, update and remove GNOME Shell Extensions? [duplicate]
Couldn't find hvm kernel for Ubuntu tree
How to get a Brother DCP-350C scanner working?