Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Sudo to root

If none of the specific sub-forums seem right for your thread, ask here.
Message
Author
CwF
Global Moderator
Global Moderator
Posts: 2636
Joined: 2018-06-20 15:16
Location: Colorado
Has thanked: 41 times
Been thanked: 192 times

Re: Sudo to root

#21 Post by CwF »

oswaldkelso wrote: 2023-03-28 23:30 I've never used sudo If I want such features I use doas

https://packages.debian.org/bullseye/doas
Thanks for the reminder.
Looking forward:
https://packages.debian.org/search?suit ... s=opendoas

Code: Select all

$  apt policy sudo
sudo:
  Installed: (none)
  Candidate: 1.9.12p2-1
  Version table:
     1.9.12p2-1 500
        500 https://deb.debian.org/debian bookworm/main amd64 Packages

compis3
Posts: 141
Joined: 2022-08-28 20:57
Has thanked: 2 times

Re: Sudo to root

#22 Post by compis3 »

Looking at the infomration it appears having a single user account with the ability to sudo is all that is required. the user functions normally and if high priviledge is required sudo to root will get the job done.

That makes having root with a password another account with privilege. Can that account be disabled if active ?

CynicalDebian
Posts: 263
Joined: 2023-03-02 05:26
Location: USA
Has thanked: 50 times
Been thanked: 60 times
Contact:

Re: Sudo to root

#23 Post by CynicalDebian »

compis3 wrote: 2023-04-01 19:50 Looking at the infomration it appears having a single user account with the ability to sudo is all that is required. the user functions normally and if high priviledge is required sudo to root will get the job done.

That makes having root with a password another account with privilege. Can that account be disabled if active ?
Yes from passwd(1)
-l, --lock
Lock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it
adds a ´!´ at the beginning of the password).

Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To
disable the account, administrators should use usermod --expiredate 1 (this set the account's expire date to Jan 2, 1970).

Users with a locked password are not allowed to change their password.
Do not use the usermod trick to disable root! Do not disable root, it is necessary for your system to function.

Code: Select all

#passwd --lock root
is sufficient.
Be seeing you...

User avatar
wizard10000
Global Moderator
Global Moderator
Posts: 557
Joined: 2019-04-16 23:15
Location: southeastern us
Has thanked: 76 times
Been thanked: 85 times

Re: Sudo to root

#24 Post by wizard10000 »

BBQdave wrote: 2023-03-28 14:17...I am curious how many Debian users are like me, simple workstation with focus on gui application use, such as browsers or photo editing and so on. Would disabling root account be a better recommendation for users like me?
I skip the root password during install and set it after first reboot. Think I've mentioned this before; unlike Ubuntu. Debian's grub recovery console will prompt you for a root password before it'll allow you to do anything.
we see things not as they are, but as we are.
-- anais nin

Post Reply