Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Sudo to root
Sudo to root
When I try to sudo from a user (non-root) to run an updateroot it does not work. If I su to root it works. Using Debian 11 kernel 5.10.0-20-686-pae
example
sudo apt-get update
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for mac20
Sorry, try again.
[sudo] password for mac:
Sorry, try again.
[sudo] password for mac:
sudo: 3 incorrect password attempts
But If I do a su root same password it works.
why does the sudo not work ?
example
sudo apt-get update
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for mac20
Sorry, try again.
[sudo] password for mac:
Sorry, try again.
[sudo] password for mac:
sudo: 3 incorrect password attempts
But If I do a su root same password it works.
why does the sudo not work ?
- sunrat
- Administrator
- Posts: 6463
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 116 times
- Been thanked: 473 times
Re: Sudo to root
sudo needs your user password, not root password.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Re: Sudo to root
Neither works. root or user. If i usee the user password I get the message " "username" is not in the sudoers file. This incident will be reported."
- kent_dorfman766
- Posts: 540
- Joined: 2022-12-16 06:34
- Location: socialist states of america
- Has thanked: 59 times
- Been thanked: 70 times
Re: Sudo to root
You have to add the user to the sudoers file:
Code: Select all
su -
<give root password>
usermod -a -G sudo <username>
Re: Sudo to root
When I do I su it works which I alreay know. But what is the meaning of the following? why can I not enter a Root or user password to authenticate the request?
sudo apt-get update
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for mac20
Sorry, try again.
[sudo] password for mac:
sudo apt-get update
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for mac20
Sorry, try again.
[sudo] password for mac:
- FreewheelinFrank
- Global Moderator
- Posts: 2107
- Joined: 2010-06-07 16:59
- Has thanked: 38 times
- Been thanked: 230 times
- kent_dorfman766
- Posts: 540
- Joined: 2022-12-16 06:34
- Location: socialist states of america
- Has thanked: 59 times
- Been thanked: 70 times
Re: Sudo to root
Becuase as you've alereayd been told, mac20 is NOT in the sudoers file. You need ot become root and add that user to soduers using a mechnism given to you above. Read what people are tellign you and dont make assumptions.compis3 wrote: ↑2023-03-26 19:44 When I do I su it works which I alreay know. But what is the meaning of the following? why can I not enter a Root or user password to authenticate the request?
sudo apt-get update
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for mac20
Sorry, try again.
[sudo] password for mac:
- sunrat
- Administrator
- Posts: 6463
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 116 times
- Been thanked: 473 times
Re: Sudo to root
I don't think that's correct. If user is not in sudoers, the message would be "user ** is not in the sudoers file...". This message looks more like incorrect password has been entered.kent_dorfman766 wrote: ↑2023-03-27 00:05Becuase as you've alereayd been told, mac20 is NOT in the sudoers file.
And why are there 2 different usernames? "mac20" and "mac"? It's hard to help if you post conflicting info.
To help diagnose, post the output of this command, run as user:
Code: Select all
groups
and run as root:
Code: Select all
cat /etc/sudoers | grep -A2 Allow
Code: Select all
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
BTW, this command is easier to remember to add user to sudo:
Code: Select all
adduser <username> sudo
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
- FreewheelinFrank
- Global Moderator
- Posts: 2107
- Joined: 2010-06-07 16:59
- Has thanked: 38 times
- Been thanked: 230 times
Re: Sudo to root
The sudo lecture (#1 Respect the privacy of others etc) only appears the first time sudo is used (successfully), so the fact that it keeps appearing suggests, yes, password is incorrect.
https://superuser.com/questions/500119/ ... ng-forever
Edit: or as wiki says, no reboot since user added.
Re: Sudo to root
sudo is not a standard a debian way of working.
when you installed the system you were asked for a root password. debian expects as a default that root actions are completed by the root user. you can login to the root user using su -.
you can then run all root related commands without the sudo prefix.
if you want to be able to run the sudo command as a normal user, you then have to edit /etc/sudoers to tell it that there are some users that can use the sudo command. the way i have set up sudo on my desktop and laptop is that it only accepts the root password. and it never remembers it.
this sets root password only and never remembers the root password.
then you can get to be very specific about how users other than root get to use sudo
the user you specify in this setup would be effectively root. if they know the root password that was setup on install.
i actually noticed on the laptop that i have not setup a user for sudo. so i just su - and do all the root things i need to do.
when you installed the system you were asked for a root password. debian expects as a default that root actions are completed by the root user. you can login to the root user using su -.
you can then run all root related commands without the sudo prefix.
if you want to be able to run the sudo command as a normal user, you then have to edit /etc/sudoers to tell it that there are some users that can use the sudo command. the way i have set up sudo on my desktop and laptop is that it only accepts the root password. and it never remembers it.
Code: Select all
Defaults rootpw
Defaults timestamp_timeout=0
then you can get to be very specific about how users other than root get to use sudo
Code: Select all
# User privilege specification
root ALL=(ALL:ALL) ALL
<user> ALL=(ALL:ALL) ALL
i actually noticed on the laptop that i have not setup a user for sudo. so i just su - and do all the root things i need to do.
Desktop: A320M-A PRO MAX, AMD Ryzen 5 3600, GALAX GeForce RTX™ 2060 Super EX (1-Click OC) - Sid, Win10, Arch Linux, Gentoo, Solus
Laptop: hp 250 G8 i3 11th Gen - Sid
Kodi: AMD Athlon 5150 APU w/Radeon HD 8400 - Sid
Laptop: hp 250 G8 i3 11th Gen - Sid
Kodi: AMD Athlon 5150 APU w/Radeon HD 8400 - Sid
- kent_dorfman766
- Posts: 540
- Joined: 2022-12-16 06:34
- Location: socialist states of america
- Has thanked: 59 times
- Been thanked: 70 times
Re: Sudo to root
yeah...30+ years of managing UNIX and Linux servers and I'm gonna dissagree on this point. sudo has been the defacto standard way to allow non-SA users to execute privileged functions when they must do so, for many years. Old SVR4 UNIX had this thing called csu (controlled super-user) but I haven't seen it since leaving Bell Labs back in the 90s.sudo is not a standard a debian way of working.
- BBQdave
- df -h | participant
- Posts: 152
- Joined: 2011-09-25 03:38
- Location: North Carolina
- Has thanked: 9 times
- Been thanked: 14 times
Re: Sudo to root
Starting out with GNU/Linux I had a root account and an user account. But I have moved to just an user account with administrative privileges.kent_dorfman766 wrote: ↑2023-03-28 04:11...30+ years of managing UNIX and Linux servers... sudo has been the defacto standard way to allow non-SA users to execute privileged functions when they must do so...
My use case is single user with desktop environment (Gnome) installing software and updating software. So as a single user of a workstation, it provides simpler function.
If I recall correctly, Debian installer strongly recommends creating root account. I leave root password blank, forcing first user to be (sudo) admin privileged. I am curious how many Debian users are like me, simple workstation with focus on gui application use, such as browsers or photo editing and so on. Would disabling root account be a better recommendation for users like me?
On quest for blue smoke and red rings!
Debian 12 Toshiba Satellite C655 | i3 2.3Ghz | Intel HD Graphics 3000 | 8GB RAM | 65GB SSD
Debian 12 Toshiba Satellite C655 | i3 2.3Ghz | Intel HD Graphics 3000 | 8GB RAM | 65GB SSD
- kent_dorfman766
- Posts: 540
- Joined: 2022-12-16 06:34
- Location: socialist states of america
- Has thanked: 59 times
- Been thanked: 70 times
Re: Sudo to root
I would NEVER endorse disabling root. Make sure root has a password, lock that password away somewhere, and whenever possible use privilege escallation like sudo to accomplish needed admin functions. I undertand rumors of privilege policy classes built into the gnome fiasco, but I don't/wont use gnome so I cannot speak to them, and generally feel that such functions are a bad idea because they overcomplicate operation for a huge subset of the user base.If I recall correctly, Debian installer strongly recommends creating root account. I leave root password blank, forcing first user to be (sudo) admin privileged. I am curious how many Debian users are like me, simple workstation with focus on gui application use, such as browsers or photo editing and so on. Would disabling root account be a better recommendation for users like me?
- oswaldkelso
- df -h | grep > 20TiB
- Posts: 1494
- Joined: 2005-07-26 23:20
- Location: UK
- Has thanked: 1 time
- Been thanked: 59 times
Re: Sudo to root
Free Software Matters
Ash init durbatulûk, ash init gimbatul,
Ash init thrakatulûk agh burzum-ishi krimpatul.
My oldest used PC: 1999 imac 333Mhz 256MB PPC abandoned by Debian
Ash init durbatulûk, ash init gimbatul,
Ash init thrakatulûk agh burzum-ishi krimpatul.
My oldest used PC: 1999 imac 333Mhz 256MB PPC abandoned by Debian
- BBQdave
- df -h | participant
- Posts: 152
- Joined: 2011-09-25 03:38
- Location: North Carolina
- Has thanked: 9 times
- Been thanked: 14 times
Re: Sudo to root
I'll research more, but I'm not sure why I would need root access for my user case. As a single user on a workstation, I accomplish everything with sudo.kent_dorfman766 wrote: ↑2023-03-28 22:17I would NEVER endorse disabling root. Make sure root has a password, lock that password away somewhere, and whenever possible use privilege escallation like sudo to accomplish needed admin functions.
On quest for blue smoke and red rings!
Debian 12 Toshiba Satellite C655 | i3 2.3Ghz | Intel HD Graphics 3000 | 8GB RAM | 65GB SSD
Debian 12 Toshiba Satellite C655 | i3 2.3Ghz | Intel HD Graphics 3000 | 8GB RAM | 65GB SSD
- kent_dorfman766
- Posts: 540
- Joined: 2022-12-16 06:34
- Location: socialist states of america
- Has thanked: 59 times
- Been thanked: 70 times
Re: Sudo to root
There are some tasks that you cannot do thru sudo. If something breaks in your system and you need to boot into single user mode the system will expect you to enter the root password to access a maintenance shell.As a single user on a workstation, I accomplish everything with sudo.
-
- Posts: 263
- Joined: 2023-03-02 05:26
- Location: USA
- Has thanked: 50 times
- Been thanked: 60 times
- Contact:
Re: Sudo to root
Usually its trivial to get a root maintenance shell without a password in default configuration (makes recovering when you forget your password easy!), sudo will not change that. root is not disabled! sudo really does switch to root, see passwd manual for the '-l' flag.kent_dorfman766 wrote: ↑2023-03-29 05:03There are some tasks that you cannot do thru sudo. If something breaks in your system and you need to boot into single user mode the system will expect you to enter the root password to access a maintenance shell.As a single user on a workstation, I accomplish everything with sudo.
If you use sudo not having a root password closes an 'attack vector', of course how many are attacking your desktop computer by trying to log in as root, not really a problem! It also just makes your user account the attack vector instead, but now they have to find out your name .
I have largely come to the conclusion that privilege management for non-remote access desktop computers is really just down to personal preference, basically all configurations are sane.
Be seeing you...
-
- df -h | participant
- Posts: 342
- Joined: 2021-08-06 12:45
- Has thanked: 34 times
- Been thanked: 31 times
Re: Sudo to root
I am not an IT/ICT specialist but have been on duty maintenance man here for about a decade now of the family members' laptops running under Linux .BBQdave wrote: ↑2023-03-29 02:46I'll research more, but I'm not sure why I would need root access for my user case. As a single user on a workstation, I accomplish everything with sudo.kent_dorfman766 wrote: ↑2023-03-28 22:17I would NEVER endorse disabling root. Make sure root has a password, lock that password away somewhere, and whenever possible use privilege escallation like sudo to accomplish needed admin functions.
Each family member has their own Linux laptop where they have full access as both superuser ( root ) and user .
Each family member also has full access to everyone's Linux laptop both as superuser ( root ) and user .
So each family member knows the name of the superuser , user and passwords of the respective laptops .
No secrets here ... and if you've got one , don't keep it on your laptop , is my advice .
Code: Select all
****@****-gl753vd:~$ sudo -s
[sudo] wachtwoord voor ****:
root@****-gl753vd:/home/****# whoami
root
root@****-gl753vd:/home/****# apt upgrade
Pakketlijsten worden ingelezen... Klaar
Boom van vereisten wordt opgebouwd... Klaar
De statusinformatie wordt gelezen... Klaar
Opwaardering wordt doorgerekend... Klaar
0 opgewaardeerd, 0 nieuw geïnstalleerd, 0 te verwijderen en 0 niet opgewaardeerd.
root@****-gl753vd:/home/****# exit
exit
****@****-gl753vd:~$ sudo apt upgrade
Pakketlijsten worden ingelezen... Klaar
Boom van vereisten wordt opgebouwd... Klaar
De statusinformatie wordt gelezen... Klaar
Opwaardering wordt doorgerekend... Klaar
0 opgewaardeerd, 0 nieuw geïnstalleerd, 0 te verwijderen en 0 niet opgewaardeerd.
****@****-gl753vd:~$
am I one of the better students in the class then ?
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software
https://cdimage.debian.org/debian-cd/cu ... so-hybrid/
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software
https://cdimage.debian.org/debian-cd/cu ... so-hybrid/
- BBQdave
- df -h | participant
- Posts: 152
- Joined: 2011-09-25 03:38
- Location: North Carolina
- Has thanked: 9 times
- Been thanked: 14 times
Re: Sudo to root
I appreciate the information all. My experience, not setting root password, I am able to administer with sudo. So far no problems.
Now of course, I just jinxed myself and something will not work with sudo
Hopefully I'm not missing a vulnerability, but I am confident in my security. So not setting root password is more of a convenience, one user account which can also administer the system.
Most of my data is shared as well, with family and friends. Photos, organizing data for school events and family events, and so on. Sensitive data, such as medical data, or credit cards is not shared.
Which could probably bring up a whole other discussion of how secure your medical data is, when you log in to your Medical Dashboard to communicate with your doctor. But I'm optimistic, and cautious
Again all, I appreciate your thoughts and experiences
Now of course, I just jinxed myself and something will not work with sudo
Hopefully I'm not missing a vulnerability, but I am confident in my security. So not setting root password is more of a convenience, one user account which can also administer the system.
Most of my data is shared as well, with family and friends. Photos, organizing data for school events and family events, and so on. Sensitive data, such as medical data, or credit cards is not shared.
Which could probably bring up a whole other discussion of how secure your medical data is, when you log in to your Medical Dashboard to communicate with your doctor. But I'm optimistic, and cautious
Again all, I appreciate your thoughts and experiences
On quest for blue smoke and red rings!
Debian 12 Toshiba Satellite C655 | i3 2.3Ghz | Intel HD Graphics 3000 | 8GB RAM | 65GB SSD
Debian 12 Toshiba Satellite C655 | i3 2.3Ghz | Intel HD Graphics 3000 | 8GB RAM | 65GB SSD