Guest account has sudo privileges w/o pwd, sudoers.d Warning

Help with issues regarding installation of Debian

Guest account has sudo privileges w/o pwd, sudoers.d Warning

Postby antonius » 2017-08-23 09:27

Hello community,

as beginner I installed debian 9 minimalist version w/ root pwd enabled.
I was missing non-free firmware on install "rtl_nic/rt18168d-1.fw" and sudo was also missing ofc, I read that.
The Sudo manual didn't help me out there.
Then at terminal the two provided ppa non-free sources for missing firmware would download, BUT couldn't or didn't successfully install for some reason, I don't remember the error....
After that, I changed the sources.list and updated && installed any and all untrusted non-free packages from all non-free sources.list making sudo install possible now and adding the missing firmware with lots and lots and lots of other firmware unneccesaryIy. Removed the non-free ending again and updated & installed again. First Q. to you geeks out there, how could I have added just that one firmware package from the available sources.list? then I added the guest to the sudo group.... and here is where my next problem starts as noob:
The guest account has sudo privileges w/o password and I want to have it to have to use pwd.
The sudeors.d directive is something new for me, please help me, I'm receiving a warning when editing/creating out via:
sudo visudo -f visudo -f /etc/sudoers.d/somefilename.
Then into that new file I rwote just one line
#includedir /etc/sudoers.d
and quitting visudo warns me sth translated like:

"too may same switched rows/lines in line >>>>O". ??? What's that mean? Ps: "Gleichgeschaltete Reihen" or sth like that in german.

I didn't save because I knew from threads it's touchy and If I had messed up, I would have had to resurrect it from liveboot.
So, many question, I hope you can answer me, should I just reinstall and forget about guests and sudo on debian as minmal install for a server and just use su? Or is it a HUUUGE timeout for root privis for guest?, after typing pwd once? Just to avoid it alltogether? or delete the guest account with too much sudo privileges?
Or how would you change the sudoers.d or whatever there is, to remove privis from guest as root and giving him only access with root pwd. I would use the manual for edit the lines for privileges in sudoersfile but as mentioned in my minimalist debian 9 it's non existend in etc/sudoers.d, and upon editing\creating sudoers in sudoers.d. I recieve warnings. What is your recommendation for me to do?
antonius
 
Posts: 24
Joined: 2017-08-23 08:38

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby steve_v » 2017-08-23 10:44

Wow. Not sure I grok all of that, but okay...

antonius wrote:Then at terminal the two provided ppa
Don't install anything from a "ppa" ppas are an Ubuntu thing, and Debian is not Ubuntu.
All that should be required to install non-free firmware is adding "non-free" to the appropriate line(s) in sources.list.

antonius wrote:installed any and all untrusted non-free packages
Indiscriminately installing packages is not a particularly good idea either...

antonius wrote:how could I have added just that one firmware package from the available sources.list?
It's probably in firmware-realtek.

antonius wrote:then I added the guest to the sudo group
Guest user? I'm not aware that one is created by default. Why do you need such a thing on a server?

antonius wrote:The guest account has sudo privileges w/o password and I want to have it to have to use pwd.
The default entry in /etc/sudoers for the sudo group does require a password:
Code: Select all
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

If you're sure no password is required, post yours for inspection.

antonius wrote:I'm receiving a warning when editing/creating out via:
sudo visudo -f visudo -f /etc/sudoers.d/somefilename.
Then into that new file I rwote just one line
#includedir /etc/sudoers.d
So you're including the contents of everything in /etc/sudoers.d/ from a file in /etc/sudoers.d... that sounds like a mess to me. Why not just edit /etc/sudoers?

antonius wrote:If I had messed up, I would have had to resurrect it from liveboot.
If you have a working root account, this is not true. You would just have to fix the file to get sudo working again.

antonius wrote:should I just reinstall and forget about guests and sudo on debian as minmal install for a server and just use su?
This is certainly the most straightforward solution. Why do you need sudo anyway?

antonius wrote:Or how would you change the sudoers.d or whatever there is, to remove privis from guest as root and giving him only access with root pwd.
I don't usually do this, but it's the very first hit. Besides, if you want sudo to allow any command with the root password, you might as well just use the root account.

antonius wrote:What is your recommendation for me to do?
To put it bluntly, stop mucking about with things you don't understand - by which I mean creating files in /etc/sudoers.d. If you want to change the behaviour of sudo, try 'man sudoers' again first.

If what you really want is root privileges to install stuff, I suggest you climb back out of this rathole and just use "su", it's a lot simpler.
Last edited by steve_v on 2017-08-23 10:56, edited 1 time in total.
steve_v
 
Posts: 460
Joined: 2012-10-06 05:31
Location: New Zealand

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby sunrat » 2017-08-23 10:55

steve_v just posted as I was writing but I'll post it anyway.
Sounds like you are heading for a broken system. Don't install stuff from external repos especially ppas. Often they may work but also may break everything. Read this - https://wiki.debian.org/DontBreakDebian
For that firmware, it probably just needs the firmware-realtek package. You said you installed all packages from non-free. :cry: You only needed one.
As for sudo, some people use it but it's not essential especially on a single user system. I don't use it as su works fine.
Before you break anything else, install inxi and post the output from
Code: Select all
inxi -R
which will show us which repositories are active. Also post your sudoers file.
There may still be hope. :wink:
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!
User avatar
sunrat
 
Posts: 1998
Joined: 2006-08-29 09:12
Location: Melbourne, Australia

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby antonius » 2017-08-23 11:36

steve_v wrote:Wow. Not sure I grok all of that, but okay...

Yes, I'm overwhelmed too... am learning tho, slowly, very slowly, extremly slowly, heck who am I kidding, I suck! I'm a noob OK.

steve_v wrote:All that should be required to install non-free firmware is adding "non-free" to the appropriate line(s) in sources.list. Indiscriminately installing packages is not a particularly good idea either...

Yeah, that's what happened when I added "non-free" in the sources.list lines, but only needed this rtl_nic/rt18168d-1.fw but opening terminal to su apt-get-repository ppa.x.non-free after editing sources.list, it failed to install it iirc. I'm clueless why.

steve_v wrote:
antonius wrote:how could I have added just that one firmware package from the available sources.list?
It's probably in firmware-realtek.

K, thanks, i'll check this out!

steve_v wrote:
antonius wrote:then I added the guest to the sudo group
Guest user? I'm not aware that one is created by default. Why do you need such a thing on a server?

Came from LMint, and it was advertised in the installation?, also recommended.

steve_v wrote:The default entry in /etc/sudoers for the sudo group does require a password:
Code: Select all
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

If you're sure no password is required, post yours for inspection.

Wasn't I clear enough steve? The file etc/sudoers is doesn't exist in my distro, but only the README in sudoers.d How did debian distro make the change or WHERE to add guest to sudo group WHEN there's no sudoers file??? This what I don't understand from you yet steve. But thanks so far!

steve_v wrote:
antonius wrote:I'm receiving a warning when editing/creating out via:
sudo visudo -f visudo -f /etc/sudoers.d/somefilename.
Then into that new file I rwote just one line
#includedir /etc/sudoers.d
So you're including the contents of everything in /etc/sudoers.d/ from a file in /etc/sudoers.d... that sounds like a mess to me. Why not just edit /etc/sudoers?

Don't we all like to run in circles virtually??? That's what I got from debian documentation, if I read it correctly, Im supposed to contactuate it or some word that I just learned with sub files comtaing privileges in code? Am I wrong?

steve_v wrote:
antonius wrote:should I just reinstall and forget about guests and sudo on debian as minmal install for a server and just use su?
This is certainly the most straightforward solution. Why do you need sudo anyway?

Therefore why need a guest recomendation in the Install to begin with? Answer: Just to let u mess with sudo afterwards.

steve_v wrote:
antonius wrote:Or how would you change the sudoers.d or whatever there is, to remove privis from guest as root and giving him only access with root pwd.
I don't usually do this, but it's the very first hit. Besides, if you want sudo to allow any command with the root password, you might as well just use the root account.

I'll try that I guess, but my problems still remain until.

steve_v wrote:
antonius wrote:What is your recommendation for me to do?
To put it bluntly, stop mucking about with things you don't understand - by which I mean creating files in /etc/sudoers.d. If you want to change the behaviour of sudo, try 'man sudoers' again first.

That sudo man is useless without a sudoers file available... As non present in my case.

steve_v wrote:If what you really want is root privileges to install stuff, I suggest you climb back out of this rathole and just use "su", it's a lot simpler.
[/quote]
I've dug out rabbitholes many, so deep, you'd need a parachute to visit me there. And to create a website to inform others about rabbit holes, also I have have to dig out virtual ratholes! Oi oi oi. :o No one told me that beforehand. Just mentioning that sth small like this stops me in my tracks.... But thank you steve, good conversation, but I still have the questions as above, why no sudoers file in sudoers.d and how to just mske without crashing or loosing ALL root access?
antonius
 
Posts: 24
Joined: 2017-08-23 08:38

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby antonius » 2017-08-23 11:47

Also, what editor do you use to read the README in sudoers.d? When open it with vi or nano or visudo it just shows lots of LINES only content ~
~
~
~
~
and so on...
the sudoers.d is also empty i guess? It looks Just like the README when trying to edit with su root.
antonius
 
Posts: 24
Joined: 2017-08-23 08:38

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby antonius » 2017-08-23 12:12

sunrat wrote:steve_v just posted as I was writing but I'll post it anyway.
Sounds like you are heading for a broken system. Don't install stuff from external repos especially ppas. Often they may work but also may break everything. Read this - https://wiki.debian.org/DontBreakDebian
For that firmware, it probably just needs the firmware-realtek package. You said you installed all packages from non-free. :cry: You only needed one.
As for sudo, some people use it but it's not essential especially on a single user system. I don't use it as su works fine.
Before you break anything else, install inxi and post the output from
Code: Select all
inxi -R
which will show us which repositories are active. Also post your sudoers file.
There may still be hope. :wink:


Hello sunrat, Thank you for your constructive comment and warning of broking my system, that's really where I messed up, because I wasn't able to choose a specific package from the available sources.list. rtl_nic/rt18168d-1.fw Seeking help the community now, as I learn. I'm not as advanced as you are so I can't ssh into my machine and copy paste the output of your command, sorry. I plan to reinstall without a guest, with root pwd enabled. Edit then edit the sources.list with su for stretch distro and somehow I need to find a way to just install the missing firmware there. I thank steve for supplying me with the debian realtek firmware packages site. God willing, I will get this thing running and keep you update about the progress. Give me some time to reinstall. I'l try your command sunrat. Thanks.
antonius
 
Posts: 24
Joined: 2017-08-23 08:38

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby kopper » 2017-08-23 12:15

Came from LMint, and it was advertised in the installation?, also recommended.

So are you using Debian or are you using Linux Mint? There is huge difference. Using Mint would explain why you're talking about PPAs.

Also, what editor do you use to read the README in sudoers.d? When open it with vi or nano or visudo it just shows lots of LINES only content

You need root privileges to see the content. By default, it has some commented out information on sudoers.d. If you are root and still don't see the content when opening the file, the chances are you have replaced the file with an empty file with same name.

Yeah, that's what happened when I added "non-free" in the sources.list lines, but only needed this rtl_nic/rt18168d-1.fw but opening terminal to su apt-get-repository ppa.x.non-free after editing sources.list, it failed to install it iirc. I'm clueless why.

Your explanation is very confusing. While not your main problem, if you want an insight on your sources.list please provide us the output for:
Code: Select all
cat /etc/apt/sources.list


The file etc/sudoers is doesn't exist in my distro, but only the README

why no sudoers file in sudoers.d

Because sudoers file is not in the sudoers.d -folder. Again, you need root privileges to access the file. If you have sudo package installed and don't have the file, sounds pretty messed up to me. As root, issue following command:
Code: Select all
cat /etc/sudoers


Also, what editor do you use to read the README in sudoers.d?

You can use whatever you're the most comfortable with.
Debian 9.1 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
kopper
 
Posts: 59
Joined: 2016-09-30 14:30

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby bryanmc » 2017-08-23 13:49

I think a fresh install is the least painful way to clean this up. It seems you tried to do some things in Debian the way you learned to do them in Mint and it's taken you the long way around the barn.
bryanmc
 
Posts: 56
Joined: 2016-11-18 12:21

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby antonius » 2017-08-23 13:57

kopper wrote:
Came from LMint, and it was advertised in the installation?, also recommended.

So are you using Debian or are you using Linux Mint? There is huge difference. Using Mint would explain why you're talking about PPAs.

The target is debian yes. Thank you for your comment and help, I have reinstalled since then, because the commentors here who helped me so far, are right, suggesting a reinstall. But the Problem with the missing firmware-data named rtl_nic/rt18168d-1.fw persists in my fresh minimalist install of debian 9/stretch for me right now. I'm still seeking your help. I have a few ideas but need your pro guidance. Will post details about problem in next below. Tanks everyone for your attention to my problem here, I hope we'll figure this out. Details coming below... -antonius
antonius
 
Posts: 24
Joined: 2017-08-23 08:38

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby antonius » 2017-08-23 14:44

Hello again everyone,
Debian 9/stretch minimalist version is installed, root enabled, no guest, and sudo isn't installed, I ingore it now.
Fine, but that firmware rtl_nic/rt1816d-1.fw is still missing. We have to fix this, I kindly ask YOU how for help?
After boot, I edited /scources.list as root as described in wiki.debian-article for update purposes,
Like:
Code: Select all
deb http://deb.debian.org/debian stretch main

etc..., 6 Lines in total.

Obv you know what this is. I think you all agree that's OK. And that it doesn't contain the missing non-free data for one needed firmware.


I apt-get updated & installed

AGAIN, I received at the end a report of warnigns W: N: (notes???) E(?): and saying that "Data from such a repository can't be authenticated and is therefore potentially dangerous to use."
I ignore this for now... for the sake of finding the firmware.
But, additionally I also # commented the upper "cdrom" Line in /sources.list. So it stops asking. NOTHING FANCY really to me even as beginner.
Now to the Problem with this: rtl_nic/rt1816d-1.fw As steve_v pointed out with a Link https://packages.debian.org/stretch/all/firmware-realtek/filelist
Sadly, it doesn't contain this specific file rtl_nic/rt1816d-1.fw it's not there available!
A shot in the blue?
So here's what I typed by hand in terminal before update & instal all the non-free PPAs :evil: , which was a mistake I know...:
from search engine: rtl_nic/rt1816d-1.fw PPA didn't work out: https://launchpad.net/~chasedouglas/+ar ... x-firmware
Code: Select all
sudo add-apt-repository ppa:chasedouglas/linux-firmware
sudo apt-get update

sudo add-apt-repository ppa:chasedouglas/linux-firmware-nonfree
sudo apt-get update


There was an ERROR after processing. It doesn't work. Are there depenencies missing on my debian 9 to install it, this would be my guess?

What needs to be done here?, or transefered per USB-flashdrive, or mounted or dependancies installed to successfully install rtl_nic/rt1816d-1.fw from mentioned non-free PPAs?

Basicly I'm not stopped here because ethernet seems to work, But is this essential for a wroking server? the ethernet/internet works with the machine so far? If someone could help me with this please, or tell me if I should leave it at that? I appreaciate your help and insight. Looking forward to your comments.
Last edited by antonius on 2017-08-23 15:05, edited 1 time in total.
antonius
 
Posts: 24
Joined: 2017-08-23 08:38

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby bryanmc » 2017-08-23 15:01

Post result of
Code: Select all
inxi -F
bryanmc
 
Posts: 56
Joined: 2016-11-18 12:21

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby antonius » 2017-08-23 15:08

bryanmc wrote:Post result of
Code: Select all
inxi -F

Code: Select all
-bash: inxi: Kommando nicht gefunden.

command not found
antonius
 
Posts: 24
Joined: 2017-08-23 08:38

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby bryanmc » 2017-08-23 15:15

Code: Select all
sudo apt install inxi
bryanmc
 
Posts: 56
Joined: 2016-11-18 12:21

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby antonius » 2017-08-23 15:21

bryanmc wrote:
Code: Select all
sudo apt install inxi

I'm gonna to that now, sorry, the phone kept annoying me. Thank you sir.
antonius
 
Posts: 24
Joined: 2017-08-23 08:38

Re: Guest account has sudo privileges w/o pwd, sudoers.d War

Postby antonius » 2017-08-23 15:28

bryanmc wrote:
Code: Select all
sudo apt install inxi

I just banged my head, because of the phone ringing all day long, but not seriously.
This was result:
Code: Select all
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
E: Paket inxi kann nicht gefunden werden


Basicly, it says, Packages read, ready. Dependancytrees built up, package inxi can't be found.

It doesn't install...
I got the minimal version of debian you know Bryan.
antonius
 
Posts: 24
Joined: 2017-08-23 08:38

Next

Return to Installation

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable