What's the problem with sudo apt-get update command ?

[cola]

sudo apt-get update

Code: Select all

user1@debian:~$ sudo apt-get update

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for user1: 
user1 is not in the sudoers file.  This incident will be reported.

[jalu]

run
su
to become root
and a following
apt-get update

after all is done run
exit
to exit root

How to set up sudo is above me (and theres nothing wrong doing it the way i described. Au contraire )
good luck

[gnudude]

su -c 'apt-get update'

[cola]

Why isn't the sudo command working?

[jalu]

The ones able to use sudo have to be allowed to do so by the administrator, called root.
this is getting done in the sudoers-file (with the command visudo, which opens the sudoers file).
The way its done in other distributions (to allow the one who is in sudoers file to do everything Root is allowed to) is a very bad idea: adding a
yourusername ALL=(ALL) ALL
to the sudoers file. Setting up sudo properly is - as said- too difficult for me.
Thats why in Debian sudo is not set up out of the box
(not cause its too difficult for me, but as its up to root to decide who is allowed to do what instead of allowing the first user to do anything).

btw: the command mentioned by gnudude allows you to run one command as root
instead of becoming root to do so (and having to exit afterwards, which one might forget)

[cola]

run
su
to become root
and a following
apt-get update

after all is done run
exit
to exit root

How to set up sudo is above me (and theres nothing wrong doing it the way i described. Au contraire )
good luck

Installing something becoming root!
Isn't it a problem of secutiry?

[jalu]

what do you think my answer will be?
lets wait if someone thinks different.

[Ahtiga Saraz]

For user "bill" to use the sudo command, user "root" must use visudo to edit the sudoers file to allow bill to run specified commands using sudo. For example, bill might be allowed to run "ps -ef" and see every process root would see, but bill would not be allowed to run other system commands, such as netstat, unless he is specifically allowed to do so. In addition, root can restrict bill's ability to use a certain command to running it on a specific computer on the LAN.

It's true that different security experts seem to hold conflicting views on the relative merits of "su -c command" and "sudo command". The first option involves entering root's password, while the second involves entering bill's password. So if you work in a large organization with several admins, the first could be used by the CTO (who knows the root password) and the second could be used by lesser sysadmins to execute specific commands which ordinary users would not be allowed to do.

[cola]

configured /etc/sudoers file.

Code: Select all

<user> ALL=(ALL) ALL

[Telemachus]

configured /etc/sudoers file.

Code: Select all

<user> ALL=(ALL) ALL

Congratulations: you've discovered Ubuntu. Are you interested in becoming an astronaut, too?

[gnudude]

I hope your girlfriend doesn't sit at your machine and play around with commands like

sudo rm -rf /bin

then you will wish you hadn't configured sudo like that.

[Ahtiga Saraz]

configured /etc/sudoers file.

Code: Select all

<user> ALL=(ALL) ALL

Whoa! cola, I don't think that's how sudo is intended to be used at all! You just disabled one of the most fundamental (if flawed) security features of a *nix operating system, the fact that an ordinary user cannot perform arbitrary (and possibly damaging) actions! Even if you are the only person who has physical access to your computer (a desktop chained to a desk inside a locked office with a 24 hour armed guard?), you should login and work as your ordinary user except when you need to perform administrative tasks on your computer, when you should su to root, or if possible, set things up so you can perform specific tasks via sudo.

I presume you figured out how to use visudo to modify the sudoers file.

A simple example: say you have a small LAN with several computers, one called "turing", and you have many people with login accounts, and two admins, Sam and Bill

# User privilege specification
root ALL=(ALL) ALL

sam ALL=/bin/ps
bill turing=/usr/bin/mbmon

Neccessarily, root is allowed to run any command on any machine on your LAN. Sam is allowed to use sudo to run "ps -ef" and see all the processes (an ordinary user should not be allowed to see sensitive system processes) on any machine in your LAN, while Bill is allowed to run mbmon to monitor the physical health of turing.

(When you have shell running on turing you should see something like

Code: Select all

Linux turing 2.6.26-2-686

If not, you may need to reconfigure the machine you want to call "turing" to make sure the OS knows its name, and then you should be able to refer to it by that name in the /etc/sudoers in other computers in your LAN. I think.)

In this example, ordinary users can run ps but won't see all the output.
Sam can run ps and see all the output on any machine, but Bill cannot. Bill can run mbmon on turing but not on the other machines in your LAN, and Sam cannot run mbmon on any machine in your LAN. When Sam calls "ps -ef" he will be prompted for his own password, so he doesn't need to know the root password (in a real multiuser system, only one person should know the root password). And when Bill calls mbmon he is prompted for his own password, so he doesn't need to know the root password either.

Most likely you are running Linux on only one computer at home, but even so sudo can be very useful as a way to lessen the chance of making a serious goof while working in a root shell, by allowing your ordinary user to run routine administrative tasks without having to give the root password.

As several others referred to above, you can easily make a typo while working in a root shell which results in root having issued a command with disastrous effects. This is one reason why people who know the root password should avoid working in a root shell as far as possible. You might have noticed that (if you use default KDE configuration under Debian Lenny, at any rate) the root shell uses a different prompt (# instead of $) and has a different color--- that's to try to make sure that you don't forget that in some shell you are working as the root user, to lessen the chance of making a bad mistake.

As I understand it, you should only allow yourself to run via sudo a small number of privileged administrative commands which you really need to run often. You certainly shouldn't make your ordinary user arbitrary power.

[smallchange]

For anyone who is interested, this is not how Ubuntu configures sudo, sudo was around long before Ubuntu, and most of the scare tactics on this page are as bad as the scare tactics Ubuntu uses to promote their attitude toward sudo.

[Telemachus]

For anyone who is interested, this is not how Ubuntu configures sudo, sudo was around long before Ubuntu, and most of the scare tactics on this page are as bad as the scare tactics Ubuntu uses to promote their attitude toward sudo.

I haven't used Ubuntu in quite some time, so perhaps my information is out of date. (My profile says I joined here Christmas day of 2006. I stopped using Ubuntu in October or November of that year, as I recall.)

Having said that, the last time I had access to an Ubuntu machine, this was exactly how they set up sudo.

The first user created was the default "admin" and that person was automatically entered into the /etc/sudoers file with this:

Code: Select all

<username> ALL=(ALL) ALL

Has this changed?

Edit: a quick follow-up. Apparently my information is in fact wrong. The way that it works now is that members of the admin group are enrolled into /etc/sudoers in this way:

Code: Select all

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

So, I was wrong. How much better you think this set-up is than putting the user directly into the /etc/sudoers file is up to you.

Other notes:

Here's Ubuntu's official discussion of su versus sudo: https://help.ubuntu.com/community/RootSudo
Here's the Ubuntu Forums' official policy that forbids posts that teach how to enable the root account: http://ubuntuforums.org/showthread.php?t=716201
Here's where I got the information about what's in /etc/sudoers: http://www.psychocats.net/ubuntu/fixsudo (Psychocats is a very reliable source for Ubuntu, in my experience.)

[gnudude]

... this is not how Ubuntu configures sudo,...

It isn't?

scare tactics? simply pointing out that it may be unwise to allow any and all users to run any command they wish...

[Telemachus]

... this is not how Ubuntu configures sudo,...

It isn't?

Technically, he's right. See my post above for exactly how they set up sudo.

[gnudude]

how about....this is not how ubuntu configures sudo now

[jalu]

For anyone who is interested, this is not how Ubuntu configures sudo, sudo was around long before Ubuntu, and most of the scare tactics on this page are as bad as the scare tactics Ubuntu uses to promote their attitude toward sudo.

the scare tactics on this board include telling how the not-recommended is getting done.
I have asked on ubuntu-forum how to get rid of sudo and didnt get no answer at all.

I for one give nothing on security issues and have allready said so. If cola wants to set it up that way, its his choice.
If he had asked straight ahead how to set up sudo i would have told it straight ahead. I thought he wanted to update and not he wanted to set up sudo
(that is: i misunderstood the question).

please, smallchange, explain the new-way they do it now, as i dont get it (else i have to install it and check for myself or simply believe Telemachus, which seems reasonable)

PS: I quit kuhbuntu short after the long-term erected-elephant 8.10 was out (due to kde4). So my info on the buntu way of doing sudo-things is a bit newer than Telemachus.

[smallchange]

Believe Telemachus.

[Telemachus]

Believe Telemachus.

Really? I usually recommend against it, but that's just me.