Results 1 to 10 of 10
I have used sudo a lot, but only when it was pre-installed and working when I started. I have been looking around in forums and on sites and in how-to's, ...
- 07-15-2009 #1Just Joined!
- Join Date
- Jul 2009
- Posts
- 24
Trouble understanding sudo ...
I have used sudo a lot, but only when it was pre-installed and working when I started. I have been looking around in forums and on sites and in how-to's, and don't understand this:
How do you configure it (using visudo) so that only the root password is used for sudo, but you are a regular user? So you use $sudo something
but have to enter the root password and run it as root. I read some about it, but don't see this explained unless I'm missing something.
The only thing I've ever changed in sudoers is timestamp_timeout.
- 07-15-2009 #2Super Moderator
- Join Date
- Jun 2006
- Location
- Chandigarh, India
- Posts
- 24,316
You have to add User_ID in /etc/sudoers file to give it sudo access.
Have you checked this sticky?It is amazing what you can accomplish if you do not care who gets the credit.
New Users: Read This First
- 07-15-2009 #3Just Joined!
- Join Date
- Jul 2009
- Posts
- 24
I didn't read it before, but I know what's in it. I mean, when you add your user ID to sudoers, like:
user ALL = (ALL) ALL
you use your user password.
How do you make it so that when you use sudo as user, you have to enter the root password to use sudo? So when you run it as root, you have to enter the root password instead of your own?
sudo program
> enter password: root password <- user password will not work.
- 07-15-2009 #4Linux Newbie
- Join Date
- Mar 2009
- Posts
- 228
I fail to understand what you're trying to do here. If you have the root password, why not just log into root and run whatever you want. The whole idea behind sudo it to allow non-root users to run only certain commands as root. If they have the root password it defeats the whole purpose of sudo.
- 07-15-2009 #5Just Joined!
- Join Date
- Jul 2009
- Posts
- 24
I have used it this way before. Fedora is like this, from the time you install it. It's automatically configured this way. So is OpenSUSE. The only distribution I've tried that isn't this way automatically is Ubuntu. You can't use the root account by default. Also Gentoo, but that's different - since it's do-it-yourself. And even Gentoo, other than sudo, is setup for root/user account. I'm trying to set sudo up so that it's like Fedora, OpenSUSE, etc. I've been looking around and haven't found an explanation of how to do it this way.
- 07-15-2009 #6Linux Engineer
- Join Date
- Jun 2006
- Location
- Arlington, VA, USA
- Posts
- 1,377
You can use the rootpw option in /etc/sudoers. Place it on the Defaults line and it will accept root's password instead of your user's. From the sudoers man page:
Of course, if you're using Ubuntu, the root account isn't enabled by default so you'll have to enable it first.rootpw If set, sudo will prompt for the root password instead of the password of the invoking user. This flag is off by default.
- 07-15-2009 #7Just Joined!
- Join Date
- Jul 2009
- Posts
- 24
Thank you VERY MUCH!!
- 07-15-2009 #8Linux Guru
- Join Date
- Nov 2004
- Posts
- 6,110
As Thrillhouse has said it's a configurable option but the default and recommended way is to let users use their own password to avoid distributing the password. Even if you're on a one person machine, I'd still recommend leaving it configured that way as it is good practice.
In spite of Fedora and openSUSE choosing the root password method, I'd still argue that it's a bad idea. You benefit from the logging but you still distribute your root password which means any user in the sudoers file can simply bypass the entire setup and log on as root without any kind of tracking in place.
Also, bear in mind that sudo isn't just to grant blanket root access, it can be configured with granularity. If you have a brother that needs to be able to install software but you don't want him to be able to make changes in other people's directories, you could specify that with sudo but you couldn't even begin to consider this scenario with blanket root access.
- 07-23-2009 #9Just Joined!
- Join Date
- Jul 2009
- Posts
- 24
I don't understand why that would be if you're the only user ... The only place I have the password is in my brain, and if you use your user password for everything, you have only one password ... I just don't understand. I also wanted to post that openSUSE uses Defaults targetpw, and show you what is in this section of the default sudoers file:
See? WARNING!Code:Defaults targetpw # ask for the password of the target user i.e. root ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
I would re-write this as me ALL=(ALL) ALL with the targetpw.
I realize this is so everyone that has access doesn't use their password and run everything, but I don't understand why you think it's a bad idea. I understand what you're saying about distributing the password. I'm thinking about all of this from the perspective of a single user.Last edited by chigurh; 07-24-2009 at 12:06 AM. Reason: changed it in important ways to make what i'm saying more understandable
- 07-24-2009 #10Just Joined!
- Join Date
- Jul 2009
- Posts
- 24
I am using openSUSE now, which I wouldn't say is the best distribution there is, but I like it a lot and I'm going to split my hard disk between openSUSE and Gentoo. They're my personal choices for several reasons.
I also started Linux From Scratch, but decided to wait.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts