How to force sudo su to ask for a root password

Question

There are absolutely no good, straight forward answers for this. The question is simple:

How do I force linux to ask for my password when I type sudo su?

Answer 1

you can see and edit your sudo configuration file with the command sudo visudo as following :-

Allows people in group wheel to run all commands

%wheel ALL=(ALL) ALL

Allows people in group nopwd to run all commands without a password

%nopwd ALL=NOPASSWD : ALL

Your current user is probably member of a privileged group that enables him to enter sudo commands without password.In previous example you can see members of group wheel can execute any command but will ask for password but members of group nopwd wont prompet for password.

Answer 2

If I understand correctly, you may have a mis-configured /etc/sudoers file. Some user or group of users may be configured in there to be able to run "su" or even all commands without providing password.

check inside the file if it contains lines with "NOPASSWD" in them, for example with:

sudo cat /etc/sudoers |grep NOPASSWD

if inside the file you have something similar to one of below lines(the most important part would be from start of "NOPASSWD" to the right):

someuser ALL= NOPASSWD: /bin/su
ALL ALL= NOPASSWD: /bin/su
someuser ALL= NOPASSWD: ALL
%wheel  ALL=(ALL)   NOPASSWD: ALL

then probably it would be the culprit. You would have to remove that line/lines from the file (or only the "NOPASSWD:" part of it if you want the user/group to still be able to use sudo su with password), or comment them out using # at the start of line using visudo editor:

sudo visudo

Answer 3

Use -k (--reset-timestamp):

sudo -k su

Also, what you are trying to achieve, can be achieved with sudo alone, no need for redundant su:

sudo -ks

If you are looking for a login shell session:

sudo -ki