Let Sudo Insult You When You Enter Incorrect Password

Read Time: 2 minsCategories Linux Commands 10 Comments

Sudoers is the default sudo security policy plugin in Linux; however, experienced system administrators can specify a custom security policy as well as input and output logging plugins. It is driven by the /etc/sudoers file or, alternatively by LDAP.

You can define sudoers options like the insults option or several others in the file /etc/sudoers. It is set under the Defaults entries section. Read through our last article, which explains 10 Useful Sudoers Configurations for Setting ‘sudo’ in Linux.

In this article, we will explain a sudoers configuration parameter to enable an individual or system administrator to set sudo command to insult system users who enter the wrong password.

Start by opening the file /etc/sudoers like so:

sudo visudo

Go to the Defaults section and add the following line:

Defaults   insults

This setting will make sudo print humorous or sarcastic messages every time a user enters an incorrect password.

Below is a sample of /etc/sudoers file on my system showing default entries.

Set sudo Insults Parameter
Set sudo Insults Parameter

From the screenshot above, you can see that there are many other defaults defined, such as sending mail to root each time a user enters a bad password, setting a secure path, configuring a custom sudo log file, and more.

Save the file and close it.

Run a command with sudo and enter the wrong password, then observe how insults option works:

sudo visudo
sudo Insult in Action
sudo Insult in Action

Each failed password attempt will now trigger a different sarcastic or humorous insult, selected randomly from a built-in set of messages compiled into the sudo binary.

Note: When you configure the insults parameter, it disables the badpass_message parameter which prints a specific message on the command line (the default message is “sorry, try again”) in case a user enters the wrong password.

To modify the message, add the badpass_message parameter to the /etc/sudoers file as shown below.

Defaults  badpass_message="Password is wrong, please try again"  # try to set a message of your own
Set sudo badpassword Message
Set sudo badpassword Message

Save the file and close it, then invoke sudo and see how it works, the message you set as the value of badpass_message will be printed every time you or any system user types a wrong password.

sudo visudo
Sudo badpassword Message
Sudo badpassword Message

Remember: The insults and badpass_message options are mutually exclusive; you can only use one at a time. If both are present, badpass_message will override insults.

How to Remove or Revert Changes

If you ever decide to disable the insults or badpass_message options, the process is simple, just open the /etc/sudoers file using the visudo command.

sudo visudo

Once inside, locate the line that sets Defaults insults or Defaults badpass_message, and either delete it or comment it out by adding a # at the beginning of the line.

# Defaults insults
# Defaults badpass_message="Your custom message"

After making the necessary changes, save and close the file, which will revert sudo back to its default behavior, where it simply displays the standard “Sorry, try again” message on incorrect password attempts.

Always use visudo when editing this file to avoid configuration issues that could lock you out of admin access.

That’s all, in this article we reviewed how to set sudo to print insults when users type a wrong password. Do share your thoughts via the comment section below.

💡 Want to Level Up Your Linux Skills?

Check out Pro.Tecmint.com for ad-free reading, exclusive guides, downloadable resources, and certification prep (RHCSA, RHCE, LFCS) - all with lifetime access.

Previous article:

How to Setup Two-Factor Authentication For SSH In Linux

Next article:

How to Use sed and awk to Modify Config Files in Linux
Photo of author
Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

Related Posts

10 Comments

Leave a Reply

  2. We streamline processes, we install faster CPUs and GPUs, just to make our PCs run microseconds faster. But then we engage in such juvenile stunts like displaying insults instead of a plain Bad Password message.

    Reply

  3. Yeah! It’s not useful but it’s funny. Specially if you have a PC/System with more than 1 user.

    BTW, the 5th attempt has a different comment. Does it repeat this kind of comment every 5 wrong attempts?

    How many can a user fail? Is it indefinite?
    (sorry for the newbie questions)

    Reply

    • @dreis911

      The last attempt does not show an insult. Again, yes, it repeats the comment and specifies the number of attempts. And you can configure the number of password tries using the passwd_tries parameter as below:

      Defaults passwd_tries=5(specify the number of tries you want)

      Reply

    • @Stephen

      Well, Red Hat and CentOS users will not use this parameter then. Thanks for mentioning that, we will include it the article.

      Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.