Giving a user root priveleges?
I edited /etc/sudoers file and added: userALL=(ALL) ALL But when I try to sudo as that user to root I get error: $ sudo su root We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for zu22: Sorry, try again. [sudo] password for zu22: sudo: pam_authenticate: Conversation error How can I fix this? Zach -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Giving a user root priveleges?
On Tue, Nov 17, 2009 at 02:03:26PM -0500, Zachary Uram wrote: [sudo] password for zu22: Sorry, try again. [sudo] password for zu22: sudo: pam_authenticate: Conversation error Looks like a PAM problem. If you've previously installed debsums, I'd suggest the following: debsums libpam-modules sudo This should pinpoint any damaged/corrupted files related to this issue. You can, of course, bypass the PAM authentication with: user ALL=(ALL) NOPASSWD:ALL but that would still leave you with a bad pam library or binary somewhere. If all else fails, I'd forcibly reinstall all your pam and sudo packages. -- Oh, look: rocks! -- Doctor Who, Destiny of the Daleks -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Giving a user root priveleges?
Zachary Uram wrote: snipped But when I try to sudo as that user to root I get error: $ sudo su root I think there is some confusion. I don't know of any reason to use both 'su' and 'sudo' in a command. either you would 'su' to root or you would 'sudo' to run a singular command. 'su' is to change into superuser (root) until you exit. 'sudo' is to temporarily be superuser until the command is completed. To use 'sudo' to run a command just type 'sudo command' and as long as you have the user in the 'sudo' group ('adduser user sudo' as root) that user will be able to run said command when they log back in. We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. you will get this unless you add NOPASSWD:ALL to your sudo group. you did uncomment the '%sudo' in the sudoers file, correct? -- Arrant Drivel - really, it's just trash... http://www.arrantdrivel.com/ Where the road takes me - a highwayman's perspective http://www.prestonboyington.com/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Giving a user root priveleges?
Preston Boyington wrote: I think there is some confusion. I don't know of any reason to use both 'su' and 'sudo' in a command. either you would 'su' to root or you would 'sudo' to run a singular command. 'su' is to change into superuser (root) until you exit. 'sudo' is to temporarily be superuser until the command is completed. To use 'sudo' to run a command just type 'sudo command' and as long as you have the user in the 'sudo' group ('adduser user sudo' as root) that user will be able to run said command when they log back in. Sudo only needs the user password, not root's, along with an entry in sudoers. Su needs the password of the user you're su'ing to. Some systems don't have a root password, or don't want everyone with root capabilities to know root's password (It may be used on other machines due to policy, for example.). Ubuntu is infamous for this kind of setup. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Giving a user root priveleges?
Zachary Uram net...@gmail.com writes: I edited /etc/sudoers file and added: userALL=(ALL) ALL But when I try to sudo as that user to root I get error: $ sudo su root We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for zu22: Sorry, try again. [sudo] password for zu22: sudo: pam_authenticate: Conversation error How can I fix this? You are putting in zu22 password, right? As the user, you can run sudo -l to see what kind of right it has. You must still put in the correct password, though -- John L. Fjellstad web: http://www.fjellstad.org/ Quis custodiet ipsos custodes -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Giving a user root priveleges?
On Tuesday 17 November 2009 16:06:50 PaulNM wrote: Preston Boyington wrote: I don't know of any reason to use both 'su' and 'sudo' in a command. either you would 'su' to root or you would 'sudo' to run a singular command. 'su' is to change into superuser (root) until you exit. 'sudo' is to temporarily be superuser until the command is completed. (sudo -s) OR (sudo -i) can be used to get a shell as root using sudo. (su -c $command) can be used to run a single command using su. I've seen the use-sudo-to-run-su pattern fed to some users for a way to use su even when the root account is locked/disabled. To use 'sudo' to run a command just type 'sudo command' and as long as you have the user in the 'sudo' group ('adduser user sudo' as root) that user will be able to run said command when they log back in. Sudo only needs the user password, not root's, along with an entry in sudoers. sudo can use the password of the user running sudo, or the password of the user the command is being run as, depending on the contents of /etc/sudoers (and the command being run and host it is being run on etc.). sudo gives the administrator more fined-grained control and flexibility than shared passwords (commonly used with su). Properly configured it is more secure than su. Caveat emptor: improperly configured it can eliminate all semblance of security. Ubuntu is infamous for this kind of setup. Well before Ubuntu was doing it as part of installation, I used a very similar setup on my Gentoo system. Having switched to Debian (plus openSUSE for my proprietary work VPN), I continue to use sudo and have my root account locked/disabled; I doubt su even works on the 3 of the 4 systems I administrate. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Re: Giving a user root priveleges?
I edited /etc/sudoers file and added: user ALL=(ALL) ALL But when I try to sudo as that user to root I get error: $ sudo su root [sudo] password for zu22: Sorry, try again. [sudo] password for zu22: sudo: pam_authenticate: Conversation error How can I fix this? This message usually means that you are entering the wrong password. Even though you are su'ing, the password that is requested is that of zu22. You will not have to enter root's password. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org