Guest account has sudo privileges w/o pwd, sudoers.d Warning

[antonius]

Hello community,

as beginner I installed debian 9 minimalist version w/ root pwd enabled.
I was missing non-free firmware on install "rtl_nic/rt18168d-1.fw" and sudo was also missing ofc, I read that.
The Sudo manual didn't help me out there.
Then at terminal the two provided ppa non-free sources for missing firmware would download, BUT couldn't or didn't successfully install for some reason, I don't remember the error....
After that, I changed the sources.list and updated && installed any and all untrusted non-free packages from all non-free sources.list making sudo install possible now and adding the missing firmware with lots and lots and lots of other firmware unneccesaryIy. Removed the non-free ending again and updated & installed again. First Q. to you geeks out there, how could I have added just that one firmware package from the available sources.list? then I added the guest to the sudo group.... and here is where my next problem starts as noob:
The guest account has sudo privileges w/o password and I want to have it to have to use pwd.
The sudeors.d directive is something new for me, please help me, I'm receiving a warning when editing/creating out via:
sudo visudo -f visudo -f /etc/sudoers.d/somefilename.
Then into that new file I rwote just one line
#includedir /etc/sudoers.d
and quitting visudo warns me sth translated like:

"too may same switched rows/lines in line >>>>O". ??? What's that mean? Ps: "Gleichgeschaltete Reihen" or sth like that in german.

I didn't save because I knew from threads it's touchy and If I had messed up, I would have had to resurrect it from liveboot.
So, many question, I hope you can answer me, should I just reinstall and forget about guests and sudo on debian as minmal install for a server and just use su? Or is it a HUUUGE timeout for root privis for guest?, after typing pwd once? Just to avoid it alltogether? or delete the guest account with too much sudo privileges?
Or how would you change the sudoers.d or whatever there is, to remove privis from guest as root and giving him only access with root pwd. I would use the manual for edit the lines for privileges in sudoersfile but as mentioned in my minimalist debian 9 it's non existend in etc/sudoers.d, and upon editing\creating sudoers in sudoers.d. I recieve warnings. What is your recommendation for me to do?

[steve_v]

Wow. Not sure I grok all of that, but okay...

Then at terminal the two provided ppa

Don't install anything from a "ppa" ppas are an Ubuntu thing, and Debian is not Ubuntu.
All that should be required to install non-free firmware is adding "non-free" to the appropriate line(s) in sources.list.

installed any and all untrusted non-free packages

Indiscriminately installing packages is not a particularly good idea either...

how could I have added just that one firmware package from the available sources.list?

It's probably in firmware-realtek.

then I added the guest to the sudo group

Guest user? I'm not aware that one is created by default. Why do you need such a thing on a server?

The guest account has sudo privileges w/o password and I want to have it to have to use pwd.

The default entry in /etc/sudoers for the sudo group does require a password:

Code: Select all

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

If you're sure no password is required, post yours for inspection.

I'm receiving a warning when editing/creating out via:
sudo visudo -f visudo -f /etc/sudoers.d/somefilename.
Then into that new file I rwote just one line
#includedir /etc/sudoers.d

So you're including the contents of everything in /etc/sudoers.d/ from a file in /etc/sudoers.d... that sounds like a mess to me. Why not just edit /etc/sudoers?

If I had messed up, I would have had to resurrect it from liveboot.

If you have a working root account, this is not true. You would just have to fix the file to get sudo working again.

should I just reinstall and forget about guests and sudo on debian as minmal install for a server and just use su?

This is certainly the most straightforward solution. Why do you need sudo anyway?

Or how would you change the sudoers.d or whatever there is, to remove privis from guest as root and giving him only access with root pwd.

I don't usually do this, but it's the very first hit. Besides, if you want sudo to allow any command with the root password, you might as well just use the root account.

What is your recommendation for me to do?

To put it bluntly, stop mucking about with things you don't understand - by which I mean creating files in /etc/sudoers.d. If you want to change the behaviour of sudo, try 'man sudoers' again first.

If what you really want is root privileges to install stuff, I suggest you climb back out of this rathole and just use "su", it's a lot simpler.

[sunrat]

steve_v just posted as I was writing but I'll post it anyway.
Sounds like you are heading for a broken system. Don't install stuff from external repos especially ppas. Often they may work but also may break everything. Read this - https://wiki.debian.org/DontBreakDebian
For that firmware, it probably just needs the firmware-realtek package. You said you installed all packages from non-free. You only needed one.
As for sudo, some people use it but it's not essential especially on a single user system. I don't use it as su works fine.
Before you break anything else, install inxi and post the output from

Code: Select all

inxi -R

which will show us which repositories are active. Also post your sudoers file.
There may still be hope.

[antonius]

Wow. Not sure I grok all of that, but okay...

Yes, I'm overwhelmed too... am learning tho, slowly, very slowly, extremly slowly, heck who am I kidding, I suck! I'm a noob OK.

All that should be required to install non-free firmware is adding "non-free" to the appropriate line(s) in sources.list. Indiscriminately installing packages is not a particularly good idea either...

Yeah, that's what happened when I added "non-free" in the sources.list lines, but only needed this rtl_nic/rt18168d-1.fw but opening terminal to su apt-get-repository ppa.x.non-free after editing sources.list, it failed to install it iirc. I'm clueless why.

how could I have added just that one firmware package from the available sources.list?

It's probably in firmware-realtek.

K, thanks, i'll check this out!

then I added the guest to the sudo group

Guest user? I'm not aware that one is created by default. Why do you need such a thing on a server?

Came from LMint, and it was advertised in the installation?, also recommended.

The default entry in /etc/sudoers for the sudo group does require a password:

Code: Select all

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

If you're sure no password is required, post yours for inspection.

Wasn't I clear enough steve? The file etc/sudoers is doesn't exist in my distro, but only the README in sudoers.d How did debian distro make the change or WHERE to add guest to sudo group WHEN there's no sudoers file??? This what I don't understand from you yet steve. But thanks so far!

I'm receiving a warning when editing/creating out via:
sudo visudo -f visudo -f /etc/sudoers.d/somefilename.
Then into that new file I rwote just one line
#includedir /etc/sudoers.d

So you're including the contents of everything in /etc/sudoers.d/ from a file in /etc/sudoers.d... that sounds like a mess to me. Why not just edit /etc/sudoers?

Don't we all like to run in circles virtually??? That's what I got from debian documentation, if I read it correctly, Im supposed to contactuate it or some word that I just learned with sub files comtaing privileges in code? Am I wrong?

should I just reinstall and forget about guests and sudo on debian as minmal install for a server and just use su?

This is certainly the most straightforward solution. Why do you need sudo anyway?

Therefore why need a guest recomendation in the Install to begin with? Answer: Just to let u mess with sudo afterwards.

Or how would you change the sudoers.d or whatever there is, to remove privis from guest as root and giving him only access with root pwd.

I don't usually do this, but it's the very first hit. Besides, if you want sudo to allow any command with the root password, you might as well just use the root account.

I'll try that I guess, but my problems still remain until.

What is your recommendation for me to do?

To put it bluntly, stop mucking about with things you don't understand - by which I mean creating files in /etc/sudoers.d. If you want to change the behaviour of sudo, try 'man sudoers' again first.

That sudo man is useless without a sudoers file available... As non present in my case.

If what you really want is root privileges to install stuff, I suggest you climb back out of this rathole and just use "su", it's a lot simpler.

[/quote]
I've dug out rabbitholes many, so deep, you'd need a parachute to visit me there. And to create a website to inform others about rabbit holes, also I have have to dig out virtual ratholes! Oi oi oi. No one told me that beforehand. Just mentioning that sth small like this stops me in my tracks.... But thank you steve, good conversation, but I still have the questions as above, why no sudoers file in sudoers.d and how to just mske without crashing or loosing ALL root access?

[antonius]

Also, what editor do you use to read the README in sudoers.d? When open it with vi or nano or visudo it just shows lots of LINES only content ~
~
~
~
~
and so on...
the sudoers.d is also empty i guess? It looks Just like the README when trying to edit with su root.

[antonius]

steve_v just posted as I was writing but I'll post it anyway.
Sounds like you are heading for a broken system. Don't install stuff from external repos especially ppas. Often they may work but also may break everything. Read this - https://wiki.debian.org/DontBreakDebian
For that firmware, it probably just needs the firmware-realtek package. You said you installed all packages from non-free. You only needed one.
As for sudo, some people use it but it's not essential especially on a single user system. I don't use it as su works fine.
Before you break anything else, install inxi and post the output from

Code: Select all

inxi -R

which will show us which repositories are active. Also post your sudoers file.
There may still be hope.

Hello sunrat, Thank you for your constructive comment and warning of broking my system, that's really where I messed up, because I wasn't able to choose a specific package from the available sources.list. rtl_nic/rt18168d-1.fw Seeking help the community now, as I learn. I'm not as advanced as you are so I can't ssh into my machine and copy paste the output of your command, sorry. I plan to reinstall without a guest, with root pwd enabled. Edit then edit the sources.list with su for stretch distro and somehow I need to find a way to just install the missing firmware there. I thank steve for supplying me with the debian realtek firmware packages site. God willing, I will get this thing running and keep you update about the progress. Give me some time to reinstall. I'l try your command sunrat. Thanks.

[kopper]

Came from LMint, and it was advertised in the installation?, also recommended.

So are you using Debian or are you using Linux Mint? There is huge difference. Using Mint would explain why you're talking about PPAs.

Also, what editor do you use to read the README in sudoers.d? When open it with vi or nano or visudo it just shows lots of LINES only content

You need root privileges to see the content. By default, it has some commented out information on sudoers.d. If you are root and still don't see the content when opening the file, the chances are you have replaced the file with an empty file with same name.

Yeah, that's what happened when I added "non-free" in the sources.list lines, but only needed this rtl_nic/rt18168d-1.fw but opening terminal to su apt-get-repository ppa.x.non-free after editing sources.list, it failed to install it iirc. I'm clueless why.

Your explanation is very confusing. While not your main problem, if you want an insight on your sources.list please provide us the output for:

Code: Select all

cat /etc/apt/sources.list

The file etc/sudoers is doesn't exist in my distro, but only the README

why no sudoers file in sudoers.d

Because sudoers file is not in the sudoers.d -folder. Again, you need root privileges to access the file. If you have sudo package installed and don't have the file, sounds pretty messed up to me. As root, issue following command:

Code: Select all

cat /etc/sudoers

Also, what editor do you use to read the README in sudoers.d?

You can use whatever you're the most comfortable with.

[bryanmc]

I think a fresh install is the least painful way to clean this up. It seems you tried to do some things in Debian the way you learned to do them in Mint and it's taken you the long way around the barn.

[antonius]

Came from LMint, and it was advertised in the installation?, also recommended.

So are you using Debian or are you using Linux Mint? There is huge difference. Using Mint would explain why you're talking about PPAs.

The target is debian yes. Thank you for your comment and help, I have reinstalled since then, because the commentors here who helped me so far, are right, suggesting a reinstall. But the Problem with the missing firmware-data named rtl_nic/rt18168d-1.fw persists in my fresh minimalist install of debian 9/stretch for me right now. I'm still seeking your help. I have a few ideas but need your pro guidance. Will post details about problem in next below. Tanks everyone for your attention to my problem here, I hope we'll figure this out. Details coming below... -antonius

[antonius]

Hello again everyone,
Debian 9/stretch minimalist version is installed, root enabled, no guest, and sudo isn't installed, I ingore it now.
Fine, but that firmware rtl_nic/rt1816d-1.fw is still missing. We have to fix this, I kindly ask YOU how for help?
After boot, I edited /scources.list as root as described in wiki.debian-article for update purposes,
Like:

Code: Select all

deb http://deb.debian.org/debian stretch main

etc..., 6 Lines in total.

Obv you know what this is. I think you all agree that's OK. And that it doesn't contain the missing non-free data for one needed firmware.


I apt-get updated & installed

AGAIN, I received at the end a report of warnigns W: N: (notes???) E(?): and saying that "Data from such a repository can't be authenticated and is therefore potentially dangerous to use."
I ignore this for now... for the sake of finding the firmware.
But, additionally I also # commented the upper "cdrom" Line in /sources.list. So it stops asking. NOTHING FANCY really to me even as beginner.
Now to the Problem with this: rtl_nic/rt1816d-1.fw As steve_v pointed out with a Link https://packages.debian.org/stretch/all ... k/filelist
Sadly, it doesn't contain this specific file rtl_nic/rt1816d-1.fw it's not there available!
A shot in the blue?
So here's what I typed by hand in terminal before update & instal all the non-free PPAs , which was a mistake I know...:
from search engine: rtl_nic/rt1816d-1.fw PPA didn't work out: https://launchpad.net/~chasedouglas/+ar ... x-firmware

Code: Select all

sudo add-apt-repository ppa:chasedouglas/linux-firmware
sudo apt-get update

sudo add-apt-repository ppa:chasedouglas/linux-firmware-nonfree
sudo apt-get update

There was an ERROR after processing. It doesn't work. Are there depenencies missing on my debian 9 to install it, this would be my guess?

What needs to be done here?, or transefered per USB-flashdrive, or mounted or dependancies installed to successfully install rtl_nic/rt1816d-1.fw from mentioned non-free PPAs?

Basicly I'm not stopped here because ethernet seems to work, But is this essential for a wroking server? the ethernet/internet works with the machine so far? If someone could help me with this please, or tell me if I should leave it at that? I appreaciate your help and insight. Looking forward to your comments.

[bryanmc]

Post result of

Code: Select all

inxi -F

[antonius]

Post result of

Code: Select all

inxi -F

Code: Select all

-bash: inxi: Kommando nicht gefunden.

command not found

[bryanmc]

Code: Select all

sudo apt install inxi

[antonius]

Code: Select all

sudo apt install inxi

I'm gonna to that now, sorry, the phone kept annoying me. Thank you sir.

[antonius]

Code: Select all

sudo apt install inxi

I just banged my head, because of the phone ringing all day long, but not seriously.
This was result:

Code: Select all

Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
E: Paket inxi kann nicht gefunden werden

Basicly, it says, Packages read, ready. Dependancytrees built up, package inxi can't be found.

It doesn't install...
I got the minimal version of debian you know Bryan.

[antonius]

I installed from the latest CD disk iso image, and skipped the online mirror image.
Would a netinstall give me automatically the missing driver?
Like, would it download the missing driver automatically during installation of debian?

[antonius]

I made a search on https://packages.debian.org/search?suit ... 1816d-1.fw for rtl_nic/rt1816d-1.fw with no results. So the PPA has to come from "non-free" sources... I guess I'll try to run debian 9 without this firmware. And hope the ethernet server will work. What do you think? Thank you.

[sunrat]

If you want this fixed, it would help to follow advice and give information requested.
DO NOT use PPAs, they are for Ubuntu based distros like Mint.
You say your missing firmware is rtl_nic/rt1816d-1.fw . You sure it isn't rtl8168d-1? That is included in firmware-realtek from Debian non-free repo. I'm thinking your sources are still wrong if you can't install this. As requested before, post your whole sources.list file here. One line of 6 is not helpful.
inxi is available in the main repo. https://packages.debian.org/stretch/inxi . It is a system info utility which can tell you lots about your system and hardware which can be vital to troubleshoot your issues. If you can't install this, your sources are definitely wrong, or perhaps you didn't run apt-get update to refresh your package list.
Tell us what happens if you run:

Code: Select all

su

<enter root password>

Code: Select all

apt-get update
apt-get install inxi

[Wheelerof4te]

Are you sure the installation was OK? Seems to me you have a bare-bones install without pre-configured repositories. The only way you could have gotten that is if you installed from netinstall image without successfully connecting to the Internet. Now, you have a few choices.

1. Reinstall from one of these: https://www.debian.org/CD/http-ftp/#stable
Just be sure to select your correct architecture. Later you can add non-free to the repo list fallowing instructions from https://wiki.debian.org/SourcesList

2. Try to copy the examples from mentioned wiki page to your broken install. Just use nano under root to add exact repo lines to your /etc/apt/sources.list file.
After that, making sure you have an internet ethernet cable connected, run

Code: Select all

apt-get update

as root to make sure you changed the repos. Then, if it works, try

Code: Select all

apt-get install -f

to fix your broken Debian.

[antonius]

Are you sure the installation was OK? Seems to me you have a bare-bones install without pre-configured repositories. The only way you could have gotten that is if you installed from netinstall image without successfully connecting to the Internet. Now, you have a few choices.

1. Reinstall from one of these: https://www.debian.org/CD/http-ftp/#stable
Just be sure to select your correct architecture. Later you can add non-free to the repo list fallowing instructions from https://wiki.debian.org/SourcesList

Really, adding non-free repos all over again just to get aptitude,inxi etc. Seriously?