Can I have my sudo/su password different from my desktop login password? [duplicate]

Is it possible to have a desktop login password that's different from the password used for super user permissions, like for example when you are installing software or running a command with sudo or something that needs super user access?

Solution 1:

Yes, sudo uses PAM and PAM supports configuration for each application.

Authentication and logging

The sudoers security policy requires that most users authenticate themselves before they can use sudo. A password is not required if the invoking user is root, if the target user is the same as the invoking user, or if the policy has disabled authentication for the user or command. Unlike su(1), when sudoers requires authentication, it validates the invoking user's credentials, not the target user's (or root's) credentials. This can be changed via the rootpw, targetpw and runaspw flags, described later.

...

rootpw

If set, sudo will prompt for the root password instead of the password of the invoking user when running a command or editing a file. This flag is off by default.

targetpw

If set, sudo will prompt for the password of the user specified by the -u option (defaults to root) instead of the password of the invoking user when running a command or editing a file. Note that this flag precludes the use of a uid not listed in the passwd database as an argument to the -u option. This flag is off by default.

runaspw

If set, sudo will prompt for the password of the user defined by the runas_default option (defaults to root) instead of the password of the invoking user when running a command or editing a file. This flag is off by default.

So yes, it is possible to change the password behavior. Be sure to test this out thoroughly. A mistake is easily made, locking you out of your system. Know how to get back to the default setup from "grub" and/or a live dvd before you change anything.