That’d be a hosting provider choice, I guess (likely a bad one). Google does that on their VMs in Google Compute Engine. Amazon might do it, too, on EC2, I’m not sure. Been a while since I managed any EC2 instances.
But like I mentioned above earlier, we use a trust zone policy with ipset to allow our office and home IPs only to access ports to manage the servers. If we use Webmin, those ports are closed to public access.
On webmin yes…
Run this script as a user…
#!/usr/bin/env bash
username=$USER
sudo su
userdel -f $username
exit
And then imagine you got something on your system (malware), that creates this file, chmod +x and runs it, because you know, you can do that without needing a password…
#!/usr/bin/env bash
sudo -rf / --no-preserve-root
echo "sucker, you no longer have a root"
Have fun with that… xD
Just to be safe…
DO NOT RUN ANY OF THE SCRIPTS!!!
I have no words for your actions other than I’m out of this conversation…
1 Like
Just be careful, not having a sudo password is top 3 things recommended AGAINST by security experts.
With no1 being “do not have password: password123” and no2: “do not click on unknown links in emails.” xD
I’m not typing that to make you angry, it’s just a fact you really should consider enabling a password check when escalating privileges.
If it is that you have to type it over and over when you feel the credentials should still be valid, you can increase the time it takes before it asks again… The timeout…
create /etc/sudoers.d/10-password_timeout (010_password-timeout on debian based)
Defaults timestamp_timeout=10 # for 10 mins, IIRC 5 is default
sudo chmod 440 /etc/sudoers.d/10-password_timeout
Not one person here has mentioned ANYTHING about NOT having a SUDO password.
Please do your research on what NOPASS actually means in SUDO environment…
I honestly think you are taking things out of context and over reacting because you are not understanding the subject…
So yes, on that note I am out of this conversation with you…
Yes, agreed. That’s exactly what I was implementing.
1 Like
Ok, calm down… Stones in glasshouses and all that…
From man sudoers
By default, sudo requires that a user authenticate him or herself before running a command. This behavior can be modified via the NOPASSWD tag
I wonder, when I go outside for a walk, am I running as root, as a sudo-capable user, or neither?
If you walk, no… If you run however… 
Saw there was an update on the dev version.
Looks great! 
Start a new thread this one is 90 posts deep, and perhaps has no relevance to the topic title
1 Like
Really?
I give positive feedback about a change that was made in response to this thread, and this is the response you go with?
I’m so sorry, I will never post on this forum again.
Holy crap this forum is toxic…
What are you on about ? The thread is 90 posts long there is no chance anyone who reads this thread will understand it’s purpose as it is too long … if you feel I’m toxic fair enough
I’d like to ask everyone to please stay strictly focused on the technical side of the discussion.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.