Switch user and elevate to root as a single action?












2















I have a system that is setup to require a password both to elevate to root, and to switch to the only user that can do so, so currently if I need to do something as root from another account I would do the following:



su admin
sudo su


The problem with this is that it requires me to enter my password twice, and since my admin account's password is long that makes it prone to mistakes.



What I'm wondering is, assuming the basic setup cannot be changed (i.e- no passwordless sudo etc.), is there a way to combine both commands so that I can only have to enter my password once?










share|improve this question


















  • 2





    I know of no way to solve your requirement directly. I would ask though what extra security you think this gains you over a strong(er) password for your usual account and direct access to root using sudo -s.

    – roaima
    Dec 29 '17 at 10:40






  • 2





    You could run the whole su+sudo+following shell setup inside expect, and use it to programmatically enter the password, but that's a bit of a horrible way to process passwords.

    – ilkkachu
    Dec 29 '17 at 12:21











  • @roaima: It's not so much about the security as about convenience; the system in question is macOS, but it could apply to any unix-y system really, where I would prefer to keep root access locked down to a single, probably over-secured account, because it lets me use easier to enter (not necessarily weak) passwords for other accounts, and forces me to stop and think more whenever I do anything with root access. For that reason I like that I still have to enter it under my admin account on occasions where I do use it directly, but when switching in from another account it's a pain.

    – Haravikk
    Dec 30 '17 at 11:40
















2















I have a system that is setup to require a password both to elevate to root, and to switch to the only user that can do so, so currently if I need to do something as root from another account I would do the following:



su admin
sudo su


The problem with this is that it requires me to enter my password twice, and since my admin account's password is long that makes it prone to mistakes.



What I'm wondering is, assuming the basic setup cannot be changed (i.e- no passwordless sudo etc.), is there a way to combine both commands so that I can only have to enter my password once?










share|improve this question


















  • 2





    I know of no way to solve your requirement directly. I would ask though what extra security you think this gains you over a strong(er) password for your usual account and direct access to root using sudo -s.

    – roaima
    Dec 29 '17 at 10:40






  • 2





    You could run the whole su+sudo+following shell setup inside expect, and use it to programmatically enter the password, but that's a bit of a horrible way to process passwords.

    – ilkkachu
    Dec 29 '17 at 12:21











  • @roaima: It's not so much about the security as about convenience; the system in question is macOS, but it could apply to any unix-y system really, where I would prefer to keep root access locked down to a single, probably over-secured account, because it lets me use easier to enter (not necessarily weak) passwords for other accounts, and forces me to stop and think more whenever I do anything with root access. For that reason I like that I still have to enter it under my admin account on occasions where I do use it directly, but when switching in from another account it's a pain.

    – Haravikk
    Dec 30 '17 at 11:40














2












2








2








I have a system that is setup to require a password both to elevate to root, and to switch to the only user that can do so, so currently if I need to do something as root from another account I would do the following:



su admin
sudo su


The problem with this is that it requires me to enter my password twice, and since my admin account's password is long that makes it prone to mistakes.



What I'm wondering is, assuming the basic setup cannot be changed (i.e- no passwordless sudo etc.), is there a way to combine both commands so that I can only have to enter my password once?










share|improve this question














I have a system that is setup to require a password both to elevate to root, and to switch to the only user that can do so, so currently if I need to do something as root from another account I would do the following:



su admin
sudo su


The problem with this is that it requires me to enter my password twice, and since my admin account's password is long that makes it prone to mistakes.



What I'm wondering is, assuming the basic setup cannot be changed (i.e- no passwordless sudo etc.), is there a way to combine both commands so that I can only have to enter my password once?







sudo login su






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 29 '17 at 9:46









HaravikkHaravikk

3191416




3191416








  • 2





    I know of no way to solve your requirement directly. I would ask though what extra security you think this gains you over a strong(er) password for your usual account and direct access to root using sudo -s.

    – roaima
    Dec 29 '17 at 10:40






  • 2





    You could run the whole su+sudo+following shell setup inside expect, and use it to programmatically enter the password, but that's a bit of a horrible way to process passwords.

    – ilkkachu
    Dec 29 '17 at 12:21











  • @roaima: It's not so much about the security as about convenience; the system in question is macOS, but it could apply to any unix-y system really, where I would prefer to keep root access locked down to a single, probably over-secured account, because it lets me use easier to enter (not necessarily weak) passwords for other accounts, and forces me to stop and think more whenever I do anything with root access. For that reason I like that I still have to enter it under my admin account on occasions where I do use it directly, but when switching in from another account it's a pain.

    – Haravikk
    Dec 30 '17 at 11:40














  • 2





    I know of no way to solve your requirement directly. I would ask though what extra security you think this gains you over a strong(er) password for your usual account and direct access to root using sudo -s.

    – roaima
    Dec 29 '17 at 10:40






  • 2





    You could run the whole su+sudo+following shell setup inside expect, and use it to programmatically enter the password, but that's a bit of a horrible way to process passwords.

    – ilkkachu
    Dec 29 '17 at 12:21











  • @roaima: It's not so much about the security as about convenience; the system in question is macOS, but it could apply to any unix-y system really, where I would prefer to keep root access locked down to a single, probably over-secured account, because it lets me use easier to enter (not necessarily weak) passwords for other accounts, and forces me to stop and think more whenever I do anything with root access. For that reason I like that I still have to enter it under my admin account on occasions where I do use it directly, but when switching in from another account it's a pain.

    – Haravikk
    Dec 30 '17 at 11:40








2




2





I know of no way to solve your requirement directly. I would ask though what extra security you think this gains you over a strong(er) password for your usual account and direct access to root using sudo -s.

– roaima
Dec 29 '17 at 10:40





I know of no way to solve your requirement directly. I would ask though what extra security you think this gains you over a strong(er) password for your usual account and direct access to root using sudo -s.

– roaima
Dec 29 '17 at 10:40




2




2





You could run the whole su+sudo+following shell setup inside expect, and use it to programmatically enter the password, but that's a bit of a horrible way to process passwords.

– ilkkachu
Dec 29 '17 at 12:21





You could run the whole su+sudo+following shell setup inside expect, and use it to programmatically enter the password, but that's a bit of a horrible way to process passwords.

– ilkkachu
Dec 29 '17 at 12:21













@roaima: It's not so much about the security as about convenience; the system in question is macOS, but it could apply to any unix-y system really, where I would prefer to keep root access locked down to a single, probably over-secured account, because it lets me use easier to enter (not necessarily weak) passwords for other accounts, and forces me to stop and think more whenever I do anything with root access. For that reason I like that I still have to enter it under my admin account on occasions where I do use it directly, but when switching in from another account it's a pain.

– Haravikk
Dec 30 '17 at 11:40





@roaima: It's not so much about the security as about convenience; the system in question is macOS, but it could apply to any unix-y system really, where I would prefer to keep root access locked down to a single, probably over-secured account, because it lets me use easier to enter (not necessarily weak) passwords for other accounts, and forces me to stop and think more whenever I do anything with root access. For that reason I like that I still have to enter it under my admin account on occasions where I do use it directly, but when switching in from another account it's a pain.

– Haravikk
Dec 30 '17 at 11:40










1 Answer
1






active

oldest

votes


















0














Set the complex password on the root account. Configure sudo with the rootpw option to require root's password instead of the initiator's password.



Then use sudo -s from your standard account to get root access.



You get your "simple" password for daily use but the more complex one - once - for root access.






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f413631%2fswitch-user-and-elevate-to-root-as-a-single-action%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Set the complex password on the root account. Configure sudo with the rootpw option to require root's password instead of the initiator's password.



    Then use sudo -s from your standard account to get root access.



    You get your "simple" password for daily use but the more complex one - once - for root access.






    share|improve this answer




























      0














      Set the complex password on the root account. Configure sudo with the rootpw option to require root's password instead of the initiator's password.



      Then use sudo -s from your standard account to get root access.



      You get your "simple" password for daily use but the more complex one - once - for root access.






      share|improve this answer


























        0












        0








        0







        Set the complex password on the root account. Configure sudo with the rootpw option to require root's password instead of the initiator's password.



        Then use sudo -s from your standard account to get root access.



        You get your "simple" password for daily use but the more complex one - once - for root access.






        share|improve this answer













        Set the complex password on the root account. Configure sudo with the rootpw option to require root's password instead of the initiator's password.



        Then use sudo -s from your standard account to get root access.



        You get your "simple" password for daily use but the more complex one - once - for root access.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 30 '17 at 11:56









        roaimaroaima

        44.7k655121




        44.7k655121






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f413631%2fswitch-user-and-elevate-to-root-as-a-single-action%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            How to make a Squid Proxy server?

            第一次世界大戦

            Touch on Surface Book