Ubuntu: sudo doesn't ask for a password, even after multiples reboots


I haven't edited my sudoers, but I don't have to enter the password when running sudo in the command line. I can run any sudo command without entering the password, by just opening the terminal, even after rebooting the system, how can I stop this?

uid=1000(ktcool) gid=1000(ktcool) groups=1000(ktcool),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),1‌​24(sambashare)  


Use visudo to edit your sudoers file and look for NOPASSWD: - that's the directive disabling the user password prompt (you NEVER have to enter the password of the target user, i.e. the root password). Simply removing that directive (including the colon at the end) should require you to re-enter your password to use sudo (unless you used it recently, then it's still cached, you can clear this using sudo -k)


In the /etc/sudoers file, admin group should look like this %admin ALL=(ALL) ALL and root on the other hand is ALL=(ALL:ALL) ALL. Since in the output of your id command shows you belong to multiple groups, like lpadmin, check if any of them have line same as root's line. Alter those to look same as admin, save, reboot, and let us know if thigs are back to normal.


Try sudo --list to show us the active sudo configuration for your account:

skath@beast:~$ sudo --list  Matching Defaults entries for skath on beast:      env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin    User skath may run the following commands on beast:      (ALL : ALL) ALL  skath@beast:~$  

Check the timestamps on the cached credentials, this could help get an idea why you're not being prompted:

skath@beast:~$ sudo ls -al /var/lib/sudo/$USER/  total 20  drwx------ 2 root skath 4096 Jan 28 14:27 .  drwx------ 3 root root  4096 Jan 28 13:52 ..  -rw------- 1 root skath   40 Feb  5 16:18 1  -rw------- 1 root skath   40 Jan 28 14:51 2  -rw------- 1 root skath   40 Jan 28 13:56 tty1  skath@beast:~$  

Use sudo --remove-timestamp to try to wipe any cached credentials.

From man sudo:

 -K, --remove-timestamp               Similar to the -k option, except that it removes the               user's cached credentials entirely and may not be used               in conjunction with a command or other option.  This               option does not require a password.  Not all security               policies support credential caching.     -k, --reset-timestamp               When used without a command, invalidates the user's               cached credentials.  In other words, the next time sudo               is run a password will be required.  This option does               not require a password and was added to allow a user to               revoke sudo permissions from a .logout file.                 When used in conjunction with a command or an option               that may require a password, this option will cause sudo               to ignore the user's cached credentials.  As a result,               sudo will prompt for a password (if one is required by               the security policy) and will not update the user's               cached credentials.                 Not all security policies support credential caching.  


sudo -i is the way to go if you don't want to be typing a password every now and then while doing modifications in your system (or other systems), and you don't want to modify any system files. It will switch you toroot using your sudo user password, when you close the console or type exit you are back to your normal user. hopes this works , regards:)

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »