Enhancing sudo security: a script for password feedback

As a seasoned programmer, I've often encountered the need to balance security with user experience. Today, I'd like to share a script that addresses a common frustration among Linux users: the lack of visual feedback when entering a sudo password.

What does this script do? This bash script modifies the sudo configuration to display asterisks (*) when a user types their password for sudo commands. It's a small change that significantly improves user experience without compromising security.

Šis įrašas aprašo bash skriptą, kuris modifikuoja sudo konfigūraciją, kad rodytu žvaigždutes įvedant slaptažodį. Skriptas sukuria atsarginę kopiją, saugiai atlieka pakeitimus ir patikrina jų teisingumą. Jis pagerina vartotojo patirtį, bet šiek tiek sumažina saugumą, nes atskleidžia slaptažodžio ilgį. Skriptas naudingas tiek patyrusiems sistemos administratoriams, tiek pradedantiesiems Linux vartotojams. Jis parodo, kaip maži pakeitimai gali reikšmingai pagerinti vartotojo sąsają, ir demonstruoja Linux sistemų lankstumą bei shell programavimo galią.

How does it work? The script performs several key actions:

1. It requests sudo privileges if not run as root.
2. Creates a backup of the sudoers file.
3. Checks for an existing Defaults line in the sudoers file.
4. Adds or modifies the line to include the 'pwfeedback' option.
5. Verifies the changes to ensure system integrity.

How to use it: Simply run the script in your terminal. It will prompt for your sudo password if needed. After execution, you'll need to log out and back in (or reboot) for changes to take effect.

Advantages:

1. Improves user experience by providing visual feedback.
2. Implements changes safely with backups and verification.
3. Works across different Linux distributions.

Potential drawbacks:

1. Slightly reduces security by revealing password length.
2. Requires a system restart to take effect.

Possible improvements:

1. Add support for reverting changes automatically.
2. Implement logging for audit purposes.
3. Add options for customizing the feedback character.

#!/bin/bash

# File name: sudo_stars
# Author vaidotak
# Date: 2024-07-14
# Description:
# URL:

# Function to gain sudo privileges
# Funkcija sudo teisėms gauti
gain_sudo_privileges() {
    if [ "$EUID" -ne 0 ]; then
        echo "This script requires administrator privileges."
        echo "Šiam skriptui reikia administratoriaus teisių."
        if sudo -v; then
            echo "Sudo privileges obtained."
            echo "Sudo teisės gautos."
        else
            echo "Failed to obtain sudo privileges. Script is terminating."
            echo "Nepavyko gauti sudo teisių. Skriptas baigia darbą."
            exit 1
        fi
    fi
}

# Call the function to gain sudo privileges
# Kviečiame funkciją sudo teisėms gauti
gain_sudo_privileges

# Create a backup
# Sukuriame atsarginę kopiją
sudo cp /etc/sudoers /etc/sudoers.bak
echo "Backup of /etc/sudoers created: /etc/sudoers.bak"
echo "Sukurta atsarginė /etc/sudoers kopija: /etc/sudoers.bak"

# Check if Defaults line already exists
# Patikriname, ar jau egzistuoja Defaults eilutė
if sudo grep -q "^Defaults" /etc/sudoers; then
    # If the line exists and doesn't have pwfeedback, add it
    # Jei eilutė egzistuoja ir neturi pwfeedback, pridedame jį
    if ! sudo grep -q "pwfeedback" /etc/sudoers; then
        sudo sed -i '/^Defaults/ s/$/, pwfeedback/' /etc/sudoers
    else
        echo "pwfeedback already exists in the sudoers file. No changes needed."
        echo "pwfeedback jau egzistuoja sudoers faile. Pakeitimai nereikalingi."
    fi
else
    # If Defaults line doesn't exist, add a new one
    # Jei Defaults eilutės nėra, pridedame naują
    echo "Defaults env_reset,pwfeedback" | sudo EDITOR='tee -a' visudo
fi

# Check if the sudoers file is correct
# Patikriname, ar sudoers failas yra teisingas
if sudo visudo -c; then
    echo "sudoers file successfully updated and verified."
    echo "sudoers failas sėkmingai atnaujintas ir patikrintas."
else
    echo "Error updating sudoers file. Restoring backup."
    echo "Klaida atnaujinant sudoers failą. Grąžinama atsarginė kopija."
    sudo mv /etc/sudoers.bak /etc/sudoers
    exit 1
fi

echo "Configuration successfully updated. Asterisks will now be shown when entering sudo password."
echo "Konfigūracija sėkmingai atnaujinta. Dabar įvedant sudo slaptažodį bus rodomos žvaigždutės."
echo "You need to log out and log back in or reboot for changes to take effect."
echo "Pakeitimams įsigalioti reikia atsijungti ir prisijungti iš naujo arba perkrauti sistemą."
echo "If problems occur, you can restore the original file using the command:"
echo "Jei kiltų problemų, galite grąžinti originalų failą naudodami komandą:"
echo "sudo mv /etc/sudoers.bak /etc/sudoers"

Remember, while this script enhances usability, it's crucial to maintain strong passwords and follow best security practices.

This script demonstrates how small changes can significantly impact user experience. It's a testament to the flexibility of Linux systems and the power of shell scripting. Whether you're a seasoned sysadmin or a curious beginner, I hope this script proves useful in your Linux journey.