Sudo password for user

How do I set a password for any sudo commands in the user profile? So that sudo always asks for a password. sudo passwd user and sudo delgroup user sudo not help. I can use sudo -i -u root without a password. I couldn’t find the right command or instruction. Thanks

Change Password

Reboot required. (Simplified.)

Then you won’t be able to use sudo anymore at all since no longer a member of group sudo.

See also:

How to safely use sudo/root? See the Safely Use Root Commands, especially Prevent Malware from Sniffing the Root Password.

Oh, sorry. I tried to do it in live-mode without rebooting. Admin immediately got sudo rights, so I thought user should immediately lose it too. Thanks!

After a reboot in normal mode, user is restricted. But in live mode, user always remain with sudo privileges. Can this be fixed? I understand that live-mode is protected, but I would like to also restrict user in that mode.

It’s planned to implement user / admin separation by default. (Multiple Boot Modes for Better Security: an Implementation of Untrusted Root)

Meanwhile: Logout and re-login to make group change (removal of user user from group sudo make effect.)

The issue only occurs in live mode. Even if a user is removed from sudo, it still have sudo privileges in live mode. I logged in as an admin in live mode and deleted user from sudo again, but it didn’t work. This problem does not occur during regular system boot. I like live mode, but user’s privileges in it are too high, and I can’t seem to fix it.

There’s a nuance - when I enter live mode, user can’t access the firewall or timeshift by clicking on the shortcut. But he can easily access it without a password by simply typing ‘sudo’ in terminal, even though user is not in sudo group

Did you logout, re-login user “user”?

1 issue = 1 forum thread please. This needs to be described better and posted in separate forum thread.

Did you logout, re-login user “user”? - Yes.
I removed user from sudo and rebooted. Standard boot Kicksecure works great, user is blocked for sudo commands. But in live-mode user always has maximum rights: he cannot open timeshift or synaptic by clicking on icon - sudo restriction work. But in terminal he can easily do it, even if the groups sudo command shows that he is not in sudo. And password for sudo commands in terminal is never asked. This is a problem only user-profile in live mode.
It is possible this problem arose after update with a passwordless for user

In another thread on forum, a person said that he would use user for administration. But I have already set up user for work and styled it nicely. I will wait for update that will fix issue

I have this problem both on host and in KVM

linuxer via Kicksecure Forums:

Did you logout, re-login user “user”? - Yes.
I removed user from sudo and rebooted.

Re-login. Not reboot.

Because live mode + reboot reboot will reset all changes including the
groups change because it is non-persistent.

This will work - problem is only with user. But it is inconvenient - user is restricted and set up for work in a normal boot. I’d have to reconfigure browsers and some programs again. I will wait for an update if it comes out in near future - using sudo in live-mode is not that risky. If update doesn’t help, then I will have to make user the main profile and restrict admin

This problem also applies to autostart. I disabled it at normal system boot, but in live I will always log in to user. Need to make than live-user copies all normal user’s settings

Problem of user rights can be solved via sudo usermod -s /usr/sbin/nologin user - user will not be able to open terminal. This is a temporary and inconvenient solution, but it remains in live-mode. I will be using this method until a new kicksecure update

Hello. Yes, I also encountered this issue. User is limited in normal boot, but always has sudo without password input in live boot

Also meanwhile once you installed Kicksecure, you can configure it
persistently. Then once booted into live mode, it will have the same
configuration.

This is when not using the ISO anymore. (After installation.)

The same applies if using a virtual machine image.

Persistently - what does mean? I configured via sudo delgroup user sudo command. This does not work in live mode. Autostar user also does not work when starting live mode. It was possible to restrict user in live mode only using command sudo usermod -s /usr/sbin/nologin user. User is on his own in live mode, some user settings from a standart boot do not fall into live mode

Persistent mode is simply the opposite of live mode. To accomplish persistent mode:

  1. Don’t boot the ISO. +
  2. Install Kicksecure normally or use a VM image.
  3. Don’t choose live mode during boot. (Live Mode for Kicksecure)

= persistent mode. The “normal” / common way to use Kicksecure. Meaning, all system changes will persist. Nothing is “forgotten” after reboot.

Configure the system as intended while using persistent mode. (Which is just a normal use of most operating systems.) (Exceptions are ISO and live mode.)

Once booting the system in live mode by selecting that in the GRUB boot menu, all settings, files done prior in persistent mode should be available in live mode.

Once again. I installed Kicksecurity on host. I’ve set up user and admin rights in persistent mode. In persistent mode everything works great. But in live mode, user always has sudo rights, although in persistent mode he does not have it. I was rebooting to persistent mode. I tried restricting user to etc/sudoers and rebooted - that didnot help either. User in live mode is always with sudo. Only working solution - sudo usermod -s /usr/sbin/nologin user

I have this problem with live too

Got it.

Needs to be investigated.

Could be the case that some (Debian?) live related feature allows passwordless sudo in live mode.

Check the following for differences in persistent versus live mode using a graphical diff viewer such as meld or kdiff3.

sudo grep -r --invert-match "#" /etc/sudoers /etc/sudoers.d

I did not find any differences. I tried changing user permissions in /etc/sudoers.d but it didnt work. I think you’d better check it. Perhaps you should call user an admin in next update or add 2 profiles with different rights. User’s problem in live mode is the only one in kicksecure

This is only a user’s problem in live mode. I created a new profile without sudo - it works perfectly in live mode, all restrictions are preserved.