How to set a separate passwords for sudo and system login on fedora

how do i set up separate passwords for sudo and system login on fedora . is it possible to set up two step authentication for sudo password. what is the procedure

Set up a root password:

sudo passwd root

Then reconfigure sudoers:

echo Defaults rootpw | sudo tee /etc/sudoers.d/99-local > /dev/null

Or use su instead.

The root is disabled. I will try the above commands obce

thank you. i was able to set a separate password for sudo . how do i disable root now

maybe setting separate password for systeem login and sudo required enabling root and if i disable it it mmight not work.
maybe i would prefer two step authentication for sudo if possible

The above setup uses sudo with the root password, which requires to unlock the root account.

If you want to keep the root account locked, consider using a different approach, e.g. create a privileged user and remove admin privileges from your own account:

# Create privileged user
sudo useradd -G wheel admin
sudo passwd admin

# Remove own privileges
sudo gpasswd -d ${USER} wheel

# Configure sudoers
sudo tee /etc/sudoers.d/99-local << EOF > /dev/null
%wheel ALL=(ALL) NOPASSWD: ALL
EOF

# Lock root
sudo passwd -l root

# Apply changes
sudo loginctl terminate-user ${USER}
1 Like

thank u

1 Like

When I install Fedora, I choose to allow the first user created to have administrative privilege and I choose NOT to enable a root user.

That first user can transition into root vi “sudo -i” or “sudo -s”. When the need to be root ends, simply Control-D to revert back to unprivileged user status.

“sudo -i” Starts a new login shell as a specified username. This resets the environment to that of the target user, including the shell, home directory, and environment variables.

“sudo -s” Starts a non-login shell as a specified username.