Fixing security problems caused by sudo

At default, every Debian/Ubuntu installation will have two (main) groups of users: “average users” and superuser(root). Average user must use sudo and type her/his password to gain superuser rights, but only when root has added him/her to sudoers file.

In Cubian, every user can run program with sudo, but he/she mustn't to type password. This bug allows unprivileged apps and viruses to attack operating system.

To fix this problem we have to edit /etc/sudoers file. But it is not recommended to use standard nano session. Better choice is to use command sudo visudo.

img20130920_001.jpg

As we see on picture, we need to make 2 changes:

  • Comment line %sudo ALL=NOPASSWD: ALL (add # at the beginning - marked as 1)
  • Add line marked as 2 (you must change cubie to own username, if you are not cubie)

That's all - press ^X, Y, ENTER to save file.

Then, after returning to Bash, press ^D, log in again, and check if it helped.