What's the problem with sudo apt-get update command ?

If none of the more specific forums is the right place to ask
Message
Author
User avatar
cola
Posts: 287
Joined: 2009-03-09 21:28

What's the problem with sudo apt-get update command ?

#1 Post by cola »

sudo apt-get update

Code: Select all

user1@debian:~$ sudo apt-get update

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for user1: 
user1 is not in the sudoers file.  This incident will be reported.

jalu
Posts: 1397
Joined: 2008-11-19 23:26

Re: What's the problem with sudo apt-get update command ?

#2 Post by jalu »

run
su
to become root
and a following
apt-get update

after all is done run
exit
to exit root

How to set up sudo is above me (and theres nothing wrong doing it the way i described. Au contraire :-) )
good luck

gnudude
Posts: 1712
Joined: 2009-04-05 17:30
Location: gone....

Re: What's the problem with sudo apt-get update command ?

#3 Post by gnudude »

su -c 'apt-get update'

User avatar
cola
Posts: 287
Joined: 2009-03-09 21:28

Re: What's the problem with sudo apt-get update command ?

#4 Post by cola »

Why isn't the sudo command working?

jalu
Posts: 1397
Joined: 2008-11-19 23:26

Re: What's the problem with sudo apt-get update command ?

#5 Post by jalu »

The ones able to use sudo have to be allowed to do so by the administrator, called root.
this is getting done in the sudoers-file (with the command visudo, which opens the sudoers file).
The way its done in other distributions (to allow the one who is in sudoers file to do everything Root is allowed to) is a very bad idea: adding a
yourusername ALL=(ALL) ALL
to the sudoers file. Setting up sudo properly is - as said- too difficult for me.
Thats why in Debian sudo is not set up out of the box
(not cause its too difficult for me, but as its up to root to decide who is allowed to do what instead of allowing the first user to do anything).

btw: the command mentioned by gnudude allows you to run one command as root
instead of becoming root to do so (and having to exit afterwards, which one might forget)
Last edited by jalu on 2009-08-28 04:13, edited 2 times in total.

User avatar
cola
Posts: 287
Joined: 2009-03-09 21:28

Re: What's the problem with sudo apt-get update command ?

#6 Post by cola »

jalu wrote:run
su
to become root
and a following
apt-get update

after all is done run
exit
to exit root

How to set up sudo is above me (and theres nothing wrong doing it the way i described. Au contraire :-) )
good luck
Installing something becoming root!
Isn't it a problem of secutiry?

jalu
Posts: 1397
Joined: 2008-11-19 23:26

Re: What's the problem with sudo apt-get update command ?

#7 Post by jalu »

what do you think my answer will be? :D
lets wait if someone thinks different.

Ahtiga Saraz
Posts: 1015
Joined: 2009-06-15 01:19

Attempted clarification

#8 Post by Ahtiga Saraz »

For user "bill" to use the sudo command, user "root" must use visudo to edit the sudoers file to allow bill to run specified commands using sudo. For example, bill might be allowed to run "ps -ef" and see every process root would see, but bill would not be allowed to run other system commands, such as netstat, unless he is specifically allowed to do so. In addition, root can restrict bill's ability to use a certain command to running it on a specific computer on the LAN.

It's true that different security experts seem to hold conflicting views on the relative merits of "su -c command" and "sudo command". The first option involves entering root's password, while the second involves entering bill's password. So if you work in a large organization with several admins, the first could be used by the CTO (who knows the root password) and the second could be used by lesser sysadmins to execute specific commands which ordinary users would not be allowed to do.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

User avatar
cola
Posts: 287
Joined: 2009-03-09 21:28

Re: What's the problem with sudo apt-get update command ?

#9 Post by cola »

configured /etc/sudoers file.

Code: Select all

<user> ALL=(ALL) ALL

User avatar
Telemachus
Posts: 4677
Joined: 2006-12-25 15:53

Re: What's the problem with sudo apt-get update command ?

#10 Post by Telemachus »

cola wrote:configured /etc/sudoers file.

Code: Select all

<user> ALL=(ALL) ALL
Congratulations: you've discovered Ubuntu. Are you interested in becoming an astronaut, too?
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System

gnudude
Posts: 1712
Joined: 2009-04-05 17:30
Location: gone....

Re: What's the problem with sudo apt-get update command ?

#11 Post by gnudude »

I hope your girlfriend doesn't sit at your machine and play around with commands like

sudo rm -rf /bin

then you will wish you hadn't configured sudo like that. :wink:

Ahtiga Saraz
Posts: 1015
Joined: 2009-06-15 01:19

Example of an sudoers file

#12 Post by Ahtiga Saraz »

cola wrote:configured /etc/sudoers file.

Code: Select all

<user> ALL=(ALL) ALL
Whoa! cola, I don't think that's how sudo is intended to be used at all! You just disabled one of the most fundamental (if flawed) security features of a *nix operating system, the fact that an ordinary user cannot perform arbitrary (and possibly damaging) actions! Even if you are the only person who has physical access to your computer (a desktop chained to a desk inside a locked office with a 24 hour armed guard?), you should login and work as your ordinary user except when you need to perform administrative tasks on your computer, when you should su to root, or if possible, set things up so you can perform specific tasks via sudo.

I presume you figured out how to use visudo to modify the sudoers file.

A simple example: say you have a small LAN with several computers, one called "turing", and you have many people with login accounts, and two admins, Sam and Bill
# User privilege specification
root ALL=(ALL) ALL

sam ALL=/bin/ps
bill turing=/usr/bin/mbmon
Neccessarily, root is allowed to run any command on any machine on your LAN. Sam is allowed to use sudo to run "ps -ef" and see all the processes (an ordinary user should not be allowed to see sensitive system processes) on any machine in your LAN, while Bill is allowed to run mbmon to monitor the physical health of turing.

(When you have shell running on turing you should see something like

Code: Select all

Linux turing 2.6.26-2-686
If not, you may need to reconfigure the machine you want to call "turing" to make sure the OS knows its name, and then you should be able to refer to it by that name in the /etc/sudoers in other computers in your LAN. I think.)

In this example, ordinary users can run ps but won't see all the output.
Sam can run ps and see all the output on any machine, but Bill cannot. Bill can run mbmon on turing but not on the other machines in your LAN, and Sam cannot run mbmon on any machine in your LAN. When Sam calls "ps -ef" he will be prompted for his own password, so he doesn't need to know the root password (in a real multiuser system, only one person should know the root password). And when Bill calls mbmon he is prompted for his own password, so he doesn't need to know the root password either.

Most likely you are running Linux on only one computer at home, but even so sudo can be very useful as a way to lessen the chance of making a serious goof while working in a root shell, by allowing your ordinary user to run routine administrative tasks without having to give the root password.

As several others referred to above, you can easily make a typo while working in a root shell which results in root having issued a command with disastrous effects. This is one reason why people who know the root password should avoid working in a root shell as far as possible. You might have noticed that (if you use default KDE configuration under Debian Lenny, at any rate) the root shell uses a different prompt (# instead of $) and has a different color--- that's to try to make sure that you don't forget that in some shell you are working as the root user, to lessen the chance of making a bad mistake.

As I understand it, you should only allow yourself to run via sudo a small number of privileged administrative commands which you really need to run often. You certainly shouldn't make your ordinary user arbitrary power.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!

smallchange
Posts: 1740
Joined: 2009-05-04 15:56

Re: What's the problem with sudo apt-get update command ?

#13 Post by smallchange »

For anyone who is interested, this is not how Ubuntu configures sudo, sudo was around long before Ubuntu, and most of the scare tactics on this page are as bad as the scare tactics Ubuntu uses to promote their attitude toward sudo.

User avatar
Telemachus
Posts: 4677
Joined: 2006-12-25 15:53

Re: What's the problem with sudo apt-get update command ?

#14 Post by Telemachus »

smallchange wrote:For anyone who is interested, this is not how Ubuntu configures sudo, sudo was around long before Ubuntu, and most of the scare tactics on this page are as bad as the scare tactics Ubuntu uses to promote their attitude toward sudo.
I haven't used Ubuntu in quite some time, so perhaps my information is out of date. (My profile says I joined here Christmas day of 2006. I stopped using Ubuntu in October or November of that year, as I recall.)

Having said that, the last time I had access to an Ubuntu machine, this was exactly how they set up sudo.

The first user created was the default "admin" and that person was automatically entered into the /etc/sudoers file with this:

Code: Select all

<username> ALL=(ALL) ALL
Has this changed?

Edit: a quick follow-up. Apparently my information is in fact wrong. The way that it works now is that members of the admin group are enrolled into /etc/sudoers in this way:

Code: Select all

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
So, I was wrong. How much better you think this set-up is than putting the user directly into the /etc/sudoers file is up to you.

Other notes:

Here's Ubuntu's official discussion of su versus sudo: https://help.ubuntu.com/community/RootSudo
Here's the Ubuntu Forums' official policy that forbids posts that teach how to enable the root account: http://ubuntuforums.org/showthread.php?t=716201
Here's where I got the information about what's in /etc/sudoers: http://www.psychocats.net/ubuntu/fixsudo (Psychocats is a very reliable source for Ubuntu, in my experience.)
Last edited by Telemachus on 2009-08-28 14:38, edited 3 times in total.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System

gnudude
Posts: 1712
Joined: 2009-04-05 17:30
Location: gone....

Re: What's the problem with sudo apt-get update command ?

#15 Post by gnudude »

smallchange wrote:... this is not how Ubuntu configures sudo,...
It isn't?

scare tactics? simply pointing out that it may be unwise to allow any and all users to run any command they wish...

User avatar
Telemachus
Posts: 4677
Joined: 2006-12-25 15:53

Re: What's the problem with sudo apt-get update command ?

#16 Post by Telemachus »

gnudude wrote:
smallchange wrote:... this is not how Ubuntu configures sudo,...
It isn't?
Technically, he's right. See my post above for exactly how they set up sudo.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System

gnudude
Posts: 1712
Joined: 2009-04-05 17:30
Location: gone....

Re: What's the problem with sudo apt-get update command ?

#17 Post by gnudude »

how about....this is not how ubuntu configures sudo now :wink:

jalu
Posts: 1397
Joined: 2008-11-19 23:26

Re: What's the problem with sudo apt-get update command ?

#18 Post by jalu »

smallchange wrote:For anyone who is interested, this is not how Ubuntu configures sudo, sudo was around long before Ubuntu, and most of the scare tactics on this page are as bad as the scare tactics Ubuntu uses to promote their attitude toward sudo.
the scare tactics on this board include telling how the not-recommended is getting done.
I have asked on ubuntu-forum how to get rid of sudo and didnt get no answer at all.

I for one give nothing on security issues and have allready said so. If cola wants to set it up that way, its his choice.
If he had asked straight ahead how to set up sudo i would have told it straight ahead. I thought he wanted to update and not he wanted to set up sudo
(that is: i misunderstood the question).

please, smallchange, explain the new-way they do it now, as i dont get it (else i have to install it and check for myself or simply believe Telemachus, which seems reasonable)

PS: I quit kuhbuntu short after the long-term erected-elephant 8.10 was out (due to kde4). So my info on the buntu way of doing sudo-things is a bit newer than Telemachus.
Last edited by jalu on 2009-08-28 22:44, edited 1 time in total.

smallchange
Posts: 1740
Joined: 2009-05-04 15:56

Re: What's the problem with sudo apt-get update command ?

#19 Post by smallchange »

Believe Telemachus.

User avatar
Telemachus
Posts: 4677
Joined: 2006-12-25 15:53

Re: What's the problem with sudo apt-get update command ?

#20 Post by Telemachus »

smallchange wrote:Believe Telemachus.
Really? I usually recommend against it, but that's just me.
"We have not been faced with the need to satisfy someone else's requirements, and for this freedom we are grateful."
Dennis Ritchie and Ken Thompson, The UNIX Time-Sharing System

Post Reply