Raspberry Pi OS 6.2 Disables Passwordless Sudo by Default for Security
Passwordless Sudo Disabled by Default in New Raspberry Pi OS Installations
The latest release of Raspberry Pi OS, version 6.2, based on the Trixie variant, introduces several changes aimed at enhancing security features.
One notable modification includes disabling passwordless sudo by default on new installations. This decision was made to reduce the risk associated with granting unauthorized users elevated privileges.
In Linux-based systems, there are two primary types of user accounts: administrators and regular users. While administrators have unrestricted access to sensitive areas of the file system, regular users often require administrative permissions to carry out specific tasks.
The sudo utility serves as a bridge between these two categories, allowing users to execute commands with elevated privileges without needing to log in as an administrator.
Security Risks Associated with Passwordless Sudo
However, the configuration of passwordless sudo, which enables users to bypass the authentication requirement for sudo commands, poses a significant security risk if exploited.
Attackers could potentially leverage this feature to compromise the system without being detected.
Simon Long, a senior principal software engineer at Raspberry Pi, acknowledged that balancing security measures with usability can be challenging.
He emphasized that the decision to disable passwordless sudo by default aims to strike a delicate balance between enhancing security and minimizing inconveniences for legitimate users.
Changes Introduced in Raspberry Pi OS 6.2
Upon installation of the new Raspberry Pi OS 6.2, users are prompted to enter their current user password to authenticate administrative actions.
This applies not only to terminal commands but also to certain actions within the desktop interface.
If the provided password is accurate, the requested action is executed, whereas an incorrect password results in denial of access.
Reverting to Previous Configuration
Interestingly, users can opt to revert to the previous passwordless sudo configuration via the Control Center’s System tab.
By toggling off “Admin Password,” users can enable passwordless sudo once again, allowing them to execute sudo commands without entering a password in both the terminal and desktop interface.
It is worth noting that this change does not impact existing installations of Raspberry Pi OS, where passwordless sudo remains enabled unless specifically disabled by the user.