Home / ubuntu / Questions / 1019795
Accepted
yarek
Asked: 2018-03-28 14:49:38 +0800 CST

How to disable sudo and su on Ubuntu?

  • 772

On Debian when I am logged on as root, I don't have to write sudo before each command.

On Ubuntu I have to write sudo or I use su -

Is there a way to remove sudo on Ubuntu so that when I am logged on as root, I write all commands directly such as mkdir, rm etc...?

sudo

3 Answers

  1. Best Answer

    The short answer is, no, you can't disable it.

    Ubuntu, which is Debian based, works the same as Debian. If you are logged in as root (which is userID 0 you will not have to use sudo for the elevated privilege, you'd already have it.

    The difference is that when you install Ubuntu, it'll prompt you for a username and password for logging it and add this user to the sudoers group. As mentioned in the comments, by default on Ubuntu (which is another difference) the root account is disabled. While it's not advisable, you could enable it just by setting up a password for it with:

    $ sudo passwd root

    Then you could log in as root... which would be the same as logging in as root on Debian.

    A security risk (among many) to having the root account enabled it that the root account is common on all Linux systems. Hackers run scripts to try to break into computers as root. Having the root account disabled is a layer of defense.

    As far as disabling sudo, that's not something you can do on Debian or Ubuntu. A normal user on both OSes will have to have sudoers access to use elevated commands. By the content in your question, you are already familiar with the sudo, and sudo su - variations.

    If there were a way to make normal users have full root access, it would be the exact same process with Ubuntu as with Debian.

    Note:

    By default user IDs below 1000 are hidden and aren't shown on the login screen. You can configure lightdm to allow manual logins with these steps:

    1. Edit the /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf configuration file.
    2. Add this line: greeter-show-manual-login=true
    3. Restart the lightdm service with: sudo systemctl restart lightdm
    4. Then use the new Login option to manually type in the root userID and password.

    To disable the root account (taking it back to the default) run this command:

    $ sudo passwd -dl root

    You can find other details about how this works on Ubuntu at:
    RootSudo - Community Help Wiki

    • 15

  2. You don't have to disable sudo to get a root shell. Run:

    sudo -i

    And now every command you type is as the root user.

    Also when you are logged in as root, you don't have to preprend every command with sudo anymore. If think, you are confused here. You sudo before a command when you run it as a user, but once root, you dont need it.

    It is obvious you should be extra carefull when you do that. Use a colored prompt (red, enabled by default) to always know when you are in a root shell.

    Also, it could be a good idea to set an timeout on your root session by using the TMOUT environment variable

    In /root/.bashrc, add the line

    export TMOUT=300

    for a 5 minutes timeout.

    • 5

  3. Just use sudo su to login as root from a user in the sudo group. If you want to disable this, you have to set a root passwd, then remove the other user from the sudo group. This will require you to su - root to login as root whenever root privileges are needed.

    Once you sudo su from a sudo user to root, and type whoami, it will display root. The root account is disabled from direct login by default in debian, but I wouldn't say that it's somehow more or less secure than other linux distros. In the end, the sudo user's password envokes root privileges, so... It's not much different than knowing the root user name. If you know the sudo group users, you can still attack their passwords to get to the same goal.

    • 1