sudo su question

**tanics** · 03-29-2010

Hello friends
I am new to linux. I use ubuntu 9.04. Recently I have entered the command "sudo su " in terminal, then as usual the root prompt has appeared. As I am just checking it - I exit the terminal as soon as the root prompt has appeared.
Later running rkhunter gives me a warning that the sudo file has changed.
Possible reason -
1) using " sudo su" for the first time has changed default settings.
2) Recently update manager has updated the "sudo". Could this be the reason of the warning?
3)Someone has hacked into my machine and change sudo to gain root control.

Kindly help me.

**psic** · 03-29-2010

If these possible reasons were given by rkhunter, then it's almost certainly the first one - you said that you ran sudo su for the first time. I usually leave these settings as they were meant to be - that is, in Ubuntu, I use 'sudo' not 'sudo su', and elsewhere, I use 'su' (in Gentoo Linux, to be specific). But as far as I know, doing 'sudo su' in Ubuntu changes the sudoers file and adds a root user (note that I'm saying this off the top of my head - take it with a grain of salt

). Anyhow, I wouldn't worry too much about it.

Oh, and I hope your mother warned you to never, ever, ever, no-not-even-then run things as root in Linux

(I've heard rumors that if you login as root on a Linux box, the SWAT team invades your house!)

**ptkobe** · 03-30-2010

I think sudo su don't change anything. It just logs as root without asking for password.

There was a ubuntu update of sudo one or two weeks ago, so I bet on door number 2.

Luis

**devils casper** · 03-30-2010

2) Recently update manager has updated the "sudo". Could this be the reason of the warning?

I agree with ptkobe. A recent update in sudo is reason of warning.
rkhunter raise false alarms a lot of times and one be careful while checking its logs.

**tanics** · 03-30-2010

@psic
Thank you for all the suggestions. Rkhunter has not come with any of the reasons I mentioned, rather I perceived those as possible reasons to the said problem.
Rkhunter provides me with only following warning-
"[19:52:06] /usr/bin/sudo [ Warning ]
[19:52:06] Warning: The file properties have changed:"
Somewhere I have read that entering "sudo su" command and some other commands is required to create/add root account - though I have only entered sudo su. Can you suggest some procedure to return to ubuntu default settings?

@ptkobe and @devils casper
Recently "dpkg" have been updated and I get the similar warning from rkhunter
"[13:20:43] /usr/bin/dpkg [ Warning ]
[13:20:43] Warning: The file properties have changed:"

Both of you seems right to me. Thank you very much.

**ptkobe** · 03-30-2010

Originally Posted by tanics

Somewhere I have read that entering "sudo su" command and some other commands is required to create/add root account - though I have only entered sudo su. Can you suggest some procedure to return to ubuntu default settings?

Besides psic advices, sudo su is perfectly ok to run, and changes nothing.
So I don't think there is a "ubuntu default settings" in this context.
There should be a way to make rkhunter to accept the updated files (sudo, dpkg, ...) as good and stop logging warnings, if that's what you are thinking of.

Regards
PS: You already have a root account. But you can use sudo <command> to run command as root instead of having to log as root. If you really want to log as root, you may have to set a password for root... or use sudo su

Thread Tools

Display

sudo su question

Posting Permissions