Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Sudo to root

If none of the specific sub-forums seem right for your thread, ask here.
Message
Author
compis3
Posts: 141
Joined: 2022-08-28 20:57
Has thanked: 2 times

Sudo to root

#1 Post by compis3 »

When I try to sudo from a user (non-root) to run an updateroot it does not work. If I su to root it works. Using Debian 11 kernel 5.10.0-20-686-pae

example
sudo apt-get update

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for mac20
Sorry, try again.
[sudo] password for mac:
Sorry, try again.
[sudo] password for mac:
sudo: 3 incorrect password attempts

But If I do a su root same password it works.

why does the sudo not work ?

User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: Sudo to root

#2 Post by sunrat »

sudo needs your user password, not root password.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

compis3
Posts: 141
Joined: 2022-08-28 20:57
Has thanked: 2 times

Re: Sudo to root

#3 Post by compis3 »

Neither works. root or user. If i usee the user password I get the message " "username" is not in the sudoers file. This incident will be reported."

User avatar
kent_dorfman766
Posts: 535
Joined: 2022-12-16 06:34
Location: socialist states of america
Has thanked: 57 times
Been thanked: 70 times

Re: Sudo to root

#4 Post by kent_dorfman766 »

then su root and then visudo

peer
Posts: 443
Joined: 2017-03-26 10:14
Has thanked: 8 times
Been thanked: 20 times

Re: Sudo to root

#5 Post by peer »

compis3 wrote: 2023-03-26 05:45 Neither works. root or user. If i usee the user password I get the message " "username" is not in the sudoers file. This incident will be reported."
You have to add the user to the sudoers file:

Code: Select all

su -
<give root password>
usermod -a -G sudo <username>

compis3
Posts: 141
Joined: 2022-08-28 20:57
Has thanked: 2 times

Re: Sudo to root

#6 Post by compis3 »

When I do I su it works which I alreay know. But what is the meaning of the following? why can I not enter a Root or user password to authenticate the request?


sudo apt-get update
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for mac20
Sorry, try again.
[sudo] password for mac:

User avatar
FreewheelinFrank
Global Moderator
Global Moderator
Posts: 2082
Joined: 2010-06-07 16:59
Has thanked: 38 times
Been thanked: 225 times

Re: Sudo to root

#7 Post by FreewheelinFrank »

compis3 wrote: 2023-03-26 19:44 When I do I su it works which I alreay know. But what is the meaning of the following? why can I not enter a Root or user password to authenticate the request?
https://wiki.debian.org/sudo/

User avatar
kent_dorfman766
Posts: 535
Joined: 2022-12-16 06:34
Location: socialist states of america
Has thanked: 57 times
Been thanked: 70 times

Re: Sudo to root

#8 Post by kent_dorfman766 »

compis3 wrote: 2023-03-26 19:44 When I do I su it works which I alreay know. But what is the meaning of the following? why can I not enter a Root or user password to authenticate the request?


sudo apt-get update
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for mac20
Sorry, try again.
[sudo] password for mac:
Becuase as you've alereayd been told, mac20 is NOT in the sudoers file. You need ot become root and add that user to soduers using a mechnism given to you above. Read what people are tellign you and dont make assumptions.

User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: Sudo to root

#9 Post by sunrat »

kent_dorfman766 wrote: 2023-03-27 00:05
compis3 wrote: 2023-03-26 19:44...
[sudo] password for mac20
Sorry, try again.
[sudo] password for mac:
Becuase as you've alereayd been told, mac20 is NOT in the sudoers file.
I don't think that's correct. If user is not in sudoers, the message would be "user ** is not in the sudoers file...". This message looks more like incorrect password has been entered.
And why are there 2 different usernames? "mac20" and "mac"? It's hard to help if you post conflicting info.

To help diagnose, post the output of this command, run as user:

Code: Select all

groups
"sudo" should be one of the listed groups.
and run as root:

Code: Select all

cat /etc/sudoers | grep -A2 Allow
The sudo group entry should look like this in sudoers file:

Code: Select all

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
so as soon as user is added to sudo group, they have permissions after doing a full logout and login again, or reboot.

BTW, this command is easier to remember to add user to sudo:

Code: Select all

adduser <username> sudo
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

User avatar
FreewheelinFrank
Global Moderator
Global Moderator
Posts: 2082
Joined: 2010-06-07 16:59
Has thanked: 38 times
Been thanked: 225 times

Re: Sudo to root

#10 Post by FreewheelinFrank »

sunrat wrote: 2023-03-27 02:53 This message looks more like incorrect password has been entered.
The sudo lecture (#1 Respect the privacy of others etc) only appears the first time sudo is used (successfully), so the fact that it keeps appearing suggests, yes, password is incorrect.

https://superuser.com/questions/500119/ ... ng-forever

Edit: or as wiki says, no reboot since user added.

milomak
Posts: 2158
Joined: 2009-06-09 22:20
Been thanked: 1 time

Re: Sudo to root

#11 Post by milomak »

sudo is not a standard a debian way of working.

when you installed the system you were asked for a root password. debian expects as a default that root actions are completed by the root user. you can login to the root user using su -.

you can then run all root related commands without the sudo prefix.

if you want to be able to run the sudo command as a normal user, you then have to edit /etc/sudoers to tell it that there are some users that can use the sudo command. the way i have set up sudo on my desktop and laptop is that it only accepts the root password. and it never remembers it.

Code: Select all

Defaults        rootpw
Defaults        timestamp_timeout=0
this sets root password only and never remembers the root password.

then you can get to be very specific about how users other than root get to use sudo

Code: Select all

# User privilege specification
root    ALL=(ALL:ALL) ALL
<user> ALL=(ALL:ALL) ALL
the user you specify in this setup would be effectively root. if they know the root password that was setup on install.

i actually noticed on the laptop that i have not setup a user for sudo. so i just su - and do all the root things i need to do.
Desktop: A320M-A PRO MAX, AMD Ryzen 5 3600, GALAX GeForce RTX™ 2060 Super EX (1-Click OC) - Sid, Win10, Arch Linux, Gentoo, Solus
Laptop: hp 250 G8 i3 11th Gen - Sid
Kodi: AMD Athlon 5150 APU w/Radeon HD 8400 - Sid

User avatar
kent_dorfman766
Posts: 535
Joined: 2022-12-16 06:34
Location: socialist states of america
Has thanked: 57 times
Been thanked: 70 times

Re: Sudo to root

#12 Post by kent_dorfman766 »

sudo is not a standard a debian way of working.
yeah...30+ years of managing UNIX and Linux servers and I'm gonna dissagree on this point. sudo has been the defacto standard way to allow non-SA users to execute privileged functions when they must do so, for many years. Old SVR4 UNIX had this thing called csu (controlled super-user) but I haven't seen it since leaving Bell Labs back in the 90s.

User avatar
BBQdave
df -h | participant
df -h | participant
Posts: 152
Joined: 2011-09-25 03:38
Location: North Carolina
Has thanked: 9 times
Been thanked: 14 times

Re: Sudo to root

#13 Post by BBQdave »

kent_dorfman766 wrote: 2023-03-28 04:11...30+ years of managing UNIX and Linux servers... sudo has been the defacto standard way to allow non-SA users to execute privileged functions when they must do so...
Starting out with GNU/Linux I had a root account and an user account. But I have moved to just an user account with administrative privileges.

My use case is single user with desktop environment (Gnome) installing software and updating software. So as a single user of a workstation, it provides simpler function.

If I recall correctly, Debian installer strongly recommends creating root account. I leave root password blank, forcing first user to be (sudo) admin privileged. I am curious how many Debian users are like me, simple workstation with focus on gui application use, such as browsers or photo editing and so on. Would disabling root account be a better recommendation for users like me?
On quest for blue smoke and red rings!
Debian 12 Toshiba Satellite C655 | i3 2.3Ghz | Intel HD Graphics 3000 | 8GB RAM | 65GB SSD

User avatar
kent_dorfman766
Posts: 535
Joined: 2022-12-16 06:34
Location: socialist states of america
Has thanked: 57 times
Been thanked: 70 times

Re: Sudo to root

#14 Post by kent_dorfman766 »

If I recall correctly, Debian installer strongly recommends creating root account. I leave root password blank, forcing first user to be (sudo) admin privileged. I am curious how many Debian users are like me, simple workstation with focus on gui application use, such as browsers or photo editing and so on. Would disabling root account be a better recommendation for users like me?
I would NEVER endorse disabling root. Make sure root has a password, lock that password away somewhere, and whenever possible use privilege escallation like sudo to accomplish needed admin functions. I undertand rumors of privilege policy classes built into the gnome fiasco, but I don't/wont use gnome so I cannot speak to them, and generally feel that such functions are a bad idea because they overcomplicate operation for a huge subset of the user base.

User avatar
oswaldkelso
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1490
Joined: 2005-07-26 23:20
Location: UK
Has thanked: 1 time
Been thanked: 58 times

Re: Sudo to root

#15 Post by oswaldkelso »

I've never used sudo If I want such features I use doas

https://packages.debian.org/bullseye/doas
Free Software Matters
Ash init durbatulûk, ash init gimbatul,
Ash init thrakatulûk agh burzum-ishi krimpatul.
My oldest used PC: 1999 imac 333Mhz 256MB PPC abandoned by Debian

User avatar
BBQdave
df -h | participant
df -h | participant
Posts: 152
Joined: 2011-09-25 03:38
Location: North Carolina
Has thanked: 9 times
Been thanked: 14 times

Re: Sudo to root

#16 Post by BBQdave »

kent_dorfman766 wrote: 2023-03-28 22:17I would NEVER endorse disabling root. Make sure root has a password, lock that password away somewhere, and whenever possible use privilege escallation like sudo to accomplish needed admin functions.
I'll research more, but I'm not sure why I would need root access for my user case. As a single user on a workstation, I accomplish everything with sudo.
On quest for blue smoke and red rings!
Debian 12 Toshiba Satellite C655 | i3 2.3Ghz | Intel HD Graphics 3000 | 8GB RAM | 65GB SSD

User avatar
kent_dorfman766
Posts: 535
Joined: 2022-12-16 06:34
Location: socialist states of america
Has thanked: 57 times
Been thanked: 70 times

Re: Sudo to root

#17 Post by kent_dorfman766 »

As a single user on a workstation, I accomplish everything with sudo.
There are some tasks that you cannot do thru sudo. If something breaks in your system and you need to boot into single user mode the system will expect you to enter the root password to access a maintenance shell.

CynicalDebian
Posts: 263
Joined: 2023-03-02 05:26
Location: USA
Has thanked: 50 times
Been thanked: 60 times
Contact:

Re: Sudo to root

#18 Post by CynicalDebian »

kent_dorfman766 wrote: 2023-03-29 05:03
As a single user on a workstation, I accomplish everything with sudo.
There are some tasks that you cannot do thru sudo. If something breaks in your system and you need to boot into single user mode the system will expect you to enter the root password to access a maintenance shell.
Usually its trivial to get a root maintenance shell without a password in default configuration (makes recovering when you forget your password easy!), sudo will not change that. root is not disabled! sudo really does switch to root, see passwd manual for the '-l' flag.

If you use sudo not having a root password closes an 'attack vector', of course how many are attacking your desktop computer by trying to log in as root, not really a problem! It also just makes your user account the attack vector instead, but now they have to find out your name :P.

I have largely come to the conclusion that privilege management for non-remote access desktop computers is really just down to personal preference, basically all configurations are sane.
Be seeing you...

Fossy
df -h | participant
df -h | participant
Posts: 338
Joined: 2021-08-06 12:45
Has thanked: 34 times
Been thanked: 31 times

Re: Sudo to root

#19 Post by Fossy »

BBQdave wrote: 2023-03-29 02:46
kent_dorfman766 wrote: 2023-03-28 22:17I would NEVER endorse disabling root. Make sure root has a password, lock that password away somewhere, and whenever possible use privilege escallation like sudo to accomplish needed admin functions.
I'll research more, but I'm not sure why I would need root access for my user case. As a single user on a workstation, I accomplish everything with sudo.
I am not an IT/ICT specialist but have been on duty maintenance man here for about a decade now of the family members' laptops running under Linux .
Each family member has their own Linux laptop where they have full access as both superuser ( root ) and user .
Each family member also has full access to everyone's Linux laptop both as superuser ( root ) and user .
So each family member knows the name of the superuser , user and passwords of the respective laptops .
No secrets here ... and if you've got one , don't keep it on your laptop , is my advice .

Code: Select all

****@****-gl753vd:~$ sudo -s
[sudo] wachtwoord voor ****: 
root@****-gl753vd:/home/****# whoami
root
root@****-gl753vd:/home/****# apt upgrade
Pakketlijsten worden ingelezen... Klaar
Boom van vereisten wordt opgebouwd... Klaar
De statusinformatie wordt gelezen... Klaar 
Opwaardering wordt doorgerekend... Klaar
0 opgewaardeerd, 0 nieuw geïnstalleerd, 0 te verwijderen en 0 niet opgewaardeerd.
root@****-gl753vd:/home/****# exit
exit

****@****-gl753vd:~$ sudo apt upgrade
Pakketlijsten worden ingelezen... Klaar
Boom van vereisten wordt opgebouwd... Klaar
De statusinformatie wordt gelezen... Klaar 
Opwaardering wordt doorgerekend... Klaar
0 opgewaardeerd, 0 nieuw geïnstalleerd, 0 te verwijderen en 0 niet opgewaardeerd.
****@****-gl753vd:~$ 
That being said , during this period , have never had to call on "root" to keep these laptops up to date , let alone troubleshoot problems .

am I one of the better students in the class then ?
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software

https://cdimage.debian.org/debian-cd/cu ... so-hybrid/

User avatar
BBQdave
df -h | participant
df -h | participant
Posts: 152
Joined: 2011-09-25 03:38
Location: North Carolina
Has thanked: 9 times
Been thanked: 14 times

Re: Sudo to root

#20 Post by BBQdave »

I appreciate the information all. My experience, not setting root password, I am able to administer with sudo. So far no problems.
Now of course, I just jinxed myself and something will not work with sudo :D

Hopefully I'm not missing a vulnerability, but I am confident in my security. So not setting root password is more of a convenience, one user account which can also administer the system.

Most of my data is shared as well, with family and friends. Photos, organizing data for school events and family events, and so on. Sensitive data, such as medical data, or credit cards is not shared.

Which could probably bring up a whole other discussion of how secure your medical data is, when you log in to your Medical Dashboard to communicate with your doctor. But I'm optimistic, and cautious :)

Again all, I appreciate your thoughts and experiences :)
On quest for blue smoke and red rings!
Debian 12 Toshiba Satellite C655 | i3 2.3Ghz | Intel HD Graphics 3000 | 8GB RAM | 65GB SSD

Post Reply