"sudo" commands is not requiring a password on Ubuntu 16.04

Question

I have a Ubuntu 16.04 Amazon EC2 instance.

The only user in the instance is ubuntu

I have successfully SSH in my new instance and works fine.

I can run sudo commands like so:

sudo apt-get update

However I am concerned at the fact that sudo does not ask for any passwords.

I figured this is because there is no password for my default ubuntu account.

So I typed in the following command:

$ passwd
(current) UNIX password:

I left the 2nd field blank and click Enter and it gave me the following message:

passwd: Authentication token manipulation error
passwd: password unchanged

I then decided to do:

$ sudo passwd

This allowed me to change my password, but whenever I do any sudo commands, it does not seem to work.

How can I set it so sudo requires a password?

Also what did sudo passwd do exactly and how can I undo it?

Answer 1

To answer my own question...

The default ubuntu user password is locked. Therefore to change it you need to do the following:

$ sudo passwd ubuntu

To undo changing the root password and re-lock it (as it was before) do the following:

$ sudo passwd root -l

To make sure sudo asks for your password each time you use sudo on the ubuntu default user, run the following command (NOTE: You need to have a password set for ubuntu or you may get locked out of sudo):

$ sudo visudo -f /etc/sudoers.d/90-cloud-init-users

And comment out the line with ubuntu like so:

# ubuntu ALL=(ALL) NOPASSWD:ALL

or change to:

ubuntu ALL=(ALL) ALL

The following helped:

https://serverfault.com/questions/615034/disable-nopasswd-sudo-access-for-ubuntu-user-on-an-ec2-instance/684504#684504