922 B
922 B
| title | date | url | layout | category |
|---|---|---|---|---|
| Deny regular users to have and use privileges | 2016-01-09 | deny-regular-users-to-have-and-use-privileges | post | Security |
I don't know if you noticed, but regular user may use sudo to do whatever they want by default on Raspberry.
If your current user can destroy the system without even typing the root password, what is the meaning of the root account ?
To disable this, as root this time, run :
# visudo
As you can see on the screen-shot above, find the lines which match with your regular account(s), and comment them. This will deny regular user to run commands which need privileges.
#pi ALL=(ALL) NOPASSWD: ALL
I've also deleted the user from the "sudo" group too. If you want :
# gpasswd -d pi sudo