Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
HOWTO: sudo
HOWTO: sudo
SUDO
Sudo is one of the first things i install and configure, it saves me a lot of time and speeds the way i work. I use Sarge on an old box, PII 266 with 128 MB RAM.
# apt-get install sudo
# visudo
this will create the /etc/sudoers file, once there, add the following
line at the bottom:
luigi ALL = NOPASSWD : ALL
replace luigi with your username, save/exit in your editor, then test
it:
$ sudo apt-get update
voilà!
Sudo is one of the first things i install and configure, it saves me a lot of time and speeds the way i work. I use Sarge on an old box, PII 266 with 128 MB RAM.
# apt-get install sudo
# visudo
this will create the /etc/sudoers file, once there, add the following
line at the bottom:
luigi ALL = NOPASSWD : ALL
replace luigi with your username, save/exit in your editor, then test
it:
$ sudo apt-get update
voilà!
Last edited by Lou on 2006-06-17 02:19, edited 2 times in total.
Devuan Jessie - IceWM - vimperator - no DM
KISS - Keep It Simple, Stupid
KISS - Keep It Simple, Stupid
I just configured sudo on my fresh unstable install.
In /etc/sudoers, I used
You can also tweak the Defaults. I, perhaps being paranoid, use
Ubuntu uses
If you're using GNOME, you'll also need to change /apps/gksu/sudo-mode key to true using the GConf editor. That way all the GNOME administration stuff will accept your user password instead of the root password.
After sudo is configured, can I disable the root account as instructed in the Ubuntu Wiki, or does Debian need it for something? Currently I just set a very long password for root.
In /etc/sudoers, I used
Code: Select all
osmo ALL=(ALL) ALL
Code: Select all
Defaults tty_tickets,timestamp_timeout=5
Code: Select all
Defaults !lecture,tty_tickets,!fqdn
Code: Select all
$ gconftool-2 -t bool -s /apps/gksu/sudo-mode 1
"After sudo is configured, can I disable the root account as instructed in the Ubuntu Wiki, or does Debian need it for something? Currently I just set a very long password for root."
I don't use Ubuntu, maybe you should ask for the reason in the Ubuntu forum. IOW, i don't know.
I don't do it because when i use deborphan i need to do it as root. As you can see in my posting i don't have to enter my password, but i also installed bastille to 'harden' my system and firehol as my firewall, just to make sure.
"Only the paranoid survives".
Cheers,
I don't use Ubuntu, maybe you should ask for the reason in the Ubuntu forum. IOW, i don't know.
I don't do it because when i use deborphan i need to do it as root. As you can see in my posting i don't have to enter my password, but i also installed bastille to 'harden' my system and firehol as my firewall, just to make sure.
"Only the paranoid survives".
Cheers,
Re: Howto sudo
This is dangerous! NOPASSWD means *anyone* who goes up to your system can execute *anything* as root. Don't use it!Lou wrote: luigi ALL = NOPASSWD : ALL
I believe Ubuntu usesAnonymous wrote:So instead of "user ALL=NOPASSWD" what should I enter in the sudoers file for the sudo command to work exactly like in Ubuntu?
In Ubuntu the root password is kept for about 15 mins but I don't care for this in Debian, even if I have to enter it every time I use sudo.
Code: Select all
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults
Defaults !lecture,tty_tickets,!fqdn
# User privilege specification
root ALL=(ALL) ALL
john ALL=(ALL) ALL
If not specified with the "timestamp_timeout" option on the "Defaults" line, the timeout is 15 minutes.
sudo password
Hey,
I don't know if anyone else is having this issue, this is a problem I have for both debian and Ubuntu and I have posted it in both forums. I have it set to
%wheel ALL=(ALL) ALL
I have tried everything in the man file that I can think of to require a password. My problem is that sudo NEVER requires a password unsless you don't have sudo priviliges(then it says you're not in the sudoers file like it should). I have resorted to using su instead, but sudo is handy for single commands. I have tried overriding the defaults and requiring authentication, I have even tried putting the old PASSWD flag in and it doesn't work.
My FreeBSD system and my Fedora Core system do not have this issue.
I don't know if anyone else is having this issue, this is a problem I have for both debian and Ubuntu and I have posted it in both forums. I have it set to
%wheel ALL=(ALL) ALL
I have tried everything in the man file that I can think of to require a password. My problem is that sudo NEVER requires a password unsless you don't have sudo priviliges(then it says you're not in the sudoers file like it should). I have resorted to using su instead, but sudo is handy for single commands. I have tried overriding the defaults and requiring authentication, I have even tried putting the old PASSWD flag in and it doesn't work.
My FreeBSD system and my Fedora Core system do not have this issue.
--saphire
"The difference between me and a madman is that I am not mad." --Slavadore Dali
"The difference between me and a madman is that I am not mad." --Slavadore Dali
Re: sudo password
Hmm - on Ubuntu I can see this happening but I haven't noticed it on Debian. Is the NOPASSWD option set at all?saphire wrote:Hey,
I don't know if anyone else is having this issue, this is a problem I have for both debian and Ubuntu and I have posted it in both forums. I have it set to
%wheel ALL=(ALL) ALL
I have tried everything in the man file that I can think of to require a password. My problem is that sudo NEVER requires a password unsless you don't have sudo priviliges(then it says you're not in the sudoers file like it should). I have resorted to using su instead, but sudo is handy for single commands. I have tried overriding the defaults and requiring authentication, I have even tried putting the old PASSWD flag in and it doesn't work.
My FreeBSD system and my Fedora Core system do not have this issue.
osmo, thanks for the tip on making gksu (and gnome in general) use sudo by default. Like I had before, was very confusing.
The Debian Documentation website contains the FAQ, Installation Manual and the Release Notes for Etch. They're helpful if you want to learn more about debian!
Re: sudo password
Reading the man (5) page for sudoers:ajdlinux wrote:Hmm - on Ubuntu I can see this happening but I haven't noticed it on Debian. Is the NOPASSWD option set at all?saphire wrote:My problem is that sudo NEVER requires a password unsless you don't have sudo priviliges(then it says you're not in the sudoers file like it should).
Did you happen to put yourself in the 'sudo' group? If you want to turn this off, either take yourself out of the sudo group and explicitly reference your username in the sudoers file, or on the 'Defaults' line append a new exempt_group entry, e.g.:man (5) sudoers wrote:exempt_group
Users in this group are exempt from password and PATH requirements. On Debian systems, this is set to the group ’sudo’ by default.
Code: Select all
Defaults !lecture,tty_tickets,!fqdn,exempt_group=""
Mr Flibble's very cross.
when you su, you change your user, you launch a new shell as the new user you're su:ing to (typically root, just launched with su, but you can su lusername to change into a different user too)
with sudo, you run a single command as superuser
with sudo, you run a single command as superuser
Eagles may soar, but weasels don't get sucked into jet engines...
security?
I don't understand. I thought sudo was intended to allow regular users to do certain things with root privileges, like when I want to start up my wireless connection. If you set it up to grant root privileges for any command, how is that any different from just logging in as root, with the associated security problems?
Cheers,
Tyler
Cheers,
Tyler
Lenny & fluxbox
Thinkpad R60
Thinkpad R60
Re: security?
I think the difference is, when you get attacked form the outside, they will get root privileges easily, because you are logged in as root.Tyler wrote:I don't understand. I thought sudo was intended to allow regular users to do certain things with root privileges, like when I want to start up my wireless connection. If you set it up to grant root privileges for any command, how is that any different from just logging in as root, with the associated security problems?
Cheers,
Tyler
But if you were a normal user, you had to use sudo first. And then the attackers would have one job more to do before actually killing your system.
(I think they would try to crack the sudo password, but as I have read, it is very hard, so you are secured even without a sudo password, unless the attacker is smart enough to execute sudo without a password )
Unless you are arunning a server, attacks are very rare.
Re: security?
not really, its not that hard to write a program that runs another program with its input/output logged.thamarok wrote:I think they would try to crack the sudo password, but as I have read, it is very hard
once they do that they just need to edit your bash profile and then wait a bit.
Misuse of sudo
I would agree with ajdlinux. Setting your sudoers file to:
is dangerous, but not perhaps from attacks from outside, but from stupid user actions.
The sudo command was designed to allow SOME actions to be taken by SOME users, not for allowing the normal user to do ALL of the same things as root, all of the time. The point here is in the *nix world, we run with two users. The simple act of using the sudo, or the su command in a terminal or at the cli, makes us think "I am now root, or acting as root", and helps us to be careful.
Making your user as powerful as root leads to the situation Windows is in right now because the normal user there is root. Bottom line is, it's your system, you want to toast it, go right ahead.
Code: Select all
luigi ALL = NOPASSWD : ALL
The sudo command was designed to allow SOME actions to be taken by SOME users, not for allowing the normal user to do ALL of the same things as root, all of the time. The point here is in the *nix world, we run with two users. The simple act of using the sudo, or the su command in a terminal or at the cli, makes us think "I am now root, or acting as root", and helps us to be careful.
Making your user as powerful as root leads to the situation Windows is in right now because the normal user there is root. Bottom line is, it's your system, you want to toast it, go right ahead.