I'm running an Ubuntu 20.04 instance in Compute Engine providing SSH access through OS Login.
User has set Compute OS Admin Login role and can run commands via sudo without specifying a password. Is there any way to change this? I would like sudo ask for user password.
I have changed all
ALL=(ALL) NOPASSWD:ALL occurrences by
ALL=(ALL) ALL in
/var/google-sudoers.d/username_domain_ext files without success.
If I comment
#includedir /var/google-sudoers.d in
/etc/sudoers.d/google-oslogin users lose privileges to run sudo. That leads me to think they must be something to do with
/var/google-sudoers.d/username_domain_ext file to force sudo ask for a password.
sudo -l seems to return what I want:
username_domain_ext@hostname:~$ sudo -l Matching Defaults entries for username_domain_ext on hostname: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin User username_domain_ext may run the following commands on hostname: (ALL : ALL) ALL
Thanks in advance.