Getty Images/iStockphoto

Use sudo insults to add spice to incorrect password attempts

The life of an admin doesn't have to be dry. When a user enters a wrong password, for example, why not respond with a message that says, 'You're fired!' With sudo insults, you can.

I've used Windows, macOS and Linux for decades, and among the three, I've always felt Linux has the best sense of humor. Whether you're adding utilities like sl (a steam locomotive for your terminal), cowsay (an ASCII cow that displays a given phrase) or fortune (a fortune cookie app), Linux has plenty of fun options to break up the workday. Use your distro's package manager to add these to your system.

One of my favorites is sudo insults. This is a slight modification to sudo that causes it to respond a little more humorously to incorrect password entries. It's April Fools' Day season, so it's the perfect time to show you this little trick.

Note: Follow the article to the end for a bit about modifying sudo responses.

A quick review of sudo

It's bad form to log on to a Linux system as the root user. Most of the time, it's not necessary to sign on with such high privileges. In fact, many distros today disable root and enforce privilege elevation instead.

Signing on as root allows you to do nearly anything on the system, including taking destructive action, either by mistake or out of malice. Various processes and parts of the OS run with root privileges, too.

To accomplish administrative tasks by privilege elevation, sign on as a regular, nonprivileged user, and run specific tasks as if you were root -- the "super user." Use sudo -- "superuser do" -- to accomplish this.

Screenshot of sudo useradd command
Figure 1. A failed attempt to run the useradd command without sudo before a successful attempt with it

Sudo is an effective and flexible way of managing systems access. Configure sudo by assigning privileges in the /etc/sudoers file. An administrator can assign specific commands or command groups to individual users or groups. Privilege delegation can be quite granular.

How to elevate privileges using sudo

Place sudo before a command when you need to elevate your privileges. That lets the system know it should check /etc/sudoers to see if the task has been delegated to you.

When you run sudo, the utility presents the message in Figure 2 to remind you of the importance and responsibility associated with admin privileges.

Screenshot of the sudo privilege escalation warning
Figure 2. The sudo lecture on responsibility

Next, sudo prompts you for your password to reverify your identity. Enter the correct password, and the task runs, if it has been delegated in /etc/sudoers.

But what if you enter the wrong password?

Normally, sudo provides a basic message indicating the wrong password. That's where this article comes in. Let's make those messages a little more entertaining.

The default message for a failed password on Ubuntu Core 22 is: "Sorry, try again." Your chosen distribution probably has something similar, though the wording could vary. Overall, it's a harmless message. Let's change that.

Screenshot of the default password error message in sudo
Figure 3. The default message, which we're going to switch to something spicier

How to modify sudo to insult your friends

The sudo insults process is as simple as adding one line to the /etc/sudoers file.

Always edit /etc/sudoers using the visudo command rather than opening it directly in a text editor. The visudo approach does a syntax check before applying changes to the file, which helps prevent typos that might lock you out of the system.

Open /etc/sudoers with visudo:

$ sudo visudo

The visudo utility uses the system's default text editor, likely Nano or Vim.

Browse the configuration file, and find the section containing Defaults entries. It probably has several entries containing values such as env_reset, mail_badpass and more.

Create a new entry for Defaults insults.

Screenshot of the defaults section of /etc/sudoers
Figure 4. The Defaults section of /etc/sudoers with various values configured -- this structure and entries could vary by distribution

Save and exit the file. Use the command :wq in Vim; in Nano, use the shortcut Ctrl+X, and press Y.

Test the settings before inflicting them on fellow Linux users. At the command prompt, enter a command requiring sudo and deliberately enter the wrong password.

Screenshot of mistyped password responses in sudo
Figure 5. Adding a little humor to mistyped passwords

I won't spoil the fun by listing the default insults. Spend some time playing with sudo and incorrect passwords, and you'll see.

How to modify the default message

If you just want a little sport but don't want to add insults or if they are not compiled into sudo on your system, consider modifying the default "Sorry, try again."

Do this by adding a line to /etc/sudoers with the badpass_message parameter. Here's an example:

Defaults badpass_message="Nope!"
Screenshot of a modification to the bad password default message in sudo
Figure 6. Modifying the badpass_messsage to change the default response to incorrect passwords

Be aware that the insults setting overrides this message. You need to comment out the Defaults insults line in /etc/sudoers for the custom bad password message to appear.

The result looks like Figure 7.

Screenshot of the updated bad password response in sudo
Figure 7. The updated bad password response

How to decrease the timeout for a little extra

It's normal for administrators to increase the sudo timeout so that users are not prompted as frequently for their password. Don't forget to shorten this timeout value as part of your prank, causing sudo to challenge users more often and thus increase the chances of an incorrect password.

Use visudo to edit the /etc/sudoers file, and make the following modification:

Defaults timestamp_timeout=0
Screenshot of modifying the timeout default value in sudo
Figure 8. Modifying the timeout default value

The timeout value is measured in minutes. Set it to 0 to prompt the user for their password every time they use sudo. Set it to 2 for the system to retain their sudo credentials for two minutes.

How to configure lecture always

The lecture section reminds users of the importance of not abusing sudo privileges. For a little entertainment, force this lecture on users every time they run sudo. Edit the /etc/sudoers file to add the line lecture="always" to the Defaults section.

Screenshot of configuring sudo to always show the password lecture screen
Figure 9. Configuring sudo to always show the lecture screen

Check it out

Give sudo insults a try this year. It's simple, reversible and fun. Adding your own insults might be beyond the scope of the prank, but it's certainly possible.

The life of an admin can be a little dry sometimes. Spicing things up is a reminder to have fun every once in a while.

Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial and CompTIA Blogs.

Dig Deeper on Security operations and management

Enterprise Desktop
Cloud Computing