Quick Tip: Setup Ubuntu-style Sudo on other Distributions

 in

Ubuntu's sudo command is something that I miss when I'm using other distributions. For the uninitiated, when using Ubuntu, you can execute privileged commands as the root user by prefacing them with sudo. This saves having to log in as root, do your work and then log out again (or if you're like me, forget to log out and keep doing things as root). Fortunately, it's a cinch to add the functionality to other distributions such as Debian or Fedora.

Here's a funny thing (well, I found it amusing): If you attempt to execute a command using sudo on, say, stock Debian, before being prompted for your password, you are issued a stern warning:

We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.

#2) Think before you type.

#3) With great power comes great responsibility.

Once you've got over the lecture and you enter the password, you quickly learn that other distributions don't handle sudo in quite the same way as Ubuntu.

[username] is not the in the sudoers file. This incident will be reported.

Eek! The Debian Police didn't actually turn up at my house on this occasion, and although I did notice a helicopter circling above my house for a while, it might have been a coincidence.

To add Ubuntu-style functionality you need to edit the file /etc/sudoers

Obviously you can't use sudo yet, so make youtself root by typing

su

Then, use your favorite text editor to open up /etc/sudoers. For example, under Debian type

nano /etc/sudoers

Scroll down until you find the line

root ALL=(ALL) ALL

and underneath, add the line

[your username] ALL=(ALL) ALL

substituting [your username] as appropriate. Save the file and exit the editor. Once you've done this, test things out by executing a command that requires root privileges. Under Debian, I ran:

sudo apt-get update

and sure enough, the command ran with root privileges. As with Ubuntu, it caches your password for a while, so you don't have to keep re-entering it for every command.

______________________

UK based freelance writer Michael Reed writes about technology, retro computing, geek culture and gender politics.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

hahaha...hey guys..yooo....

gaous afrizal's picture

hahaha...hey guys..yooo.... Dont be angry just because sudo
Username ALL=(ALL)ALL

My simple question...
Can we use "sudo rm -rf / "on ubuntu by default? If we can, so dont angry just because that line. :D

Very disappointing...

dnl's picture

Instead of simply stating that Ubuntu automagically configures sudo, the article's opening paragraph suggests you add the functionality to other distributions such as Debian or Fedora. There's nothing to add! Also, as others have noted, bad advice is offered--especially for the noob--with the suggestion to directly edit /etc/sudoers; that is just NOT recommended. Finally, caching the password is a standard sudo functionality; nothing uniquely Ubuntu about it.

As for the lecture, well, you'll get over it...

Better to run EDITOR=nano

Anonymous's picture

Better to run EDITOR=nano visudo. Running with visudo checks the syntax of the file. If you screw it up there can be some annoying consequences.

sudo is even less secure for many things

Anonymous's picture

you do unterstand that the user with rights to run sudo for everythin is able run ANY command with root rights ... ANY!!!

sudo rm -rf /

be careful who do you give a right to use sudo.

it is always much better to allow user to run only some commands with sudo and put something like this in /ect/sudoers (with visudo):

xxxxuser ALL=/usr/bin/truecrypt

and think about using NOEXEC to prevent the allowed command to other commands with sudo rights.

little bit easier is

Anonymous's picture

if you are bored of typing your password every time when you use sudo type
[your username] ALL=(ALL) NOPASSWD: ALL

but there is another tip :)
install LMDE - the same debian, and with ubuntu and linux mint like sudo

ubuntu-style? wth?

Anonymous's picture

The only difference between Ubuntu's and some other distro's default sudo setup is that Ubuntu adds the first user created in the system to the sudo group. The second user does not get that special handling. Since Debian does make sudo part of the default installation, and since it won't silently add users to privileged groups, you don't get magic (as in Clarke's "magic").

I expect better journalism from Linux Journal. I hope I don't have to lower the bar.

...I have to second that. If

Shylo Hana's picture

...I have to second that.
If you miss sudo when you use another distribution, then perhaps you should install it/add yourself to the sudoers list.

Possibility and intention

Gani's picture

As far as Linux Mint is concerned, the second user may enjoy that special handling provided the first user added the former to the Admin group. Possibility and intention are two different things.

wth, indeed.

Michael Reed's picture

"ubuntu-style? wth?"

"The only difference between Ubuntu's and some other distro's default sudo setup is that Ubuntu adds the first user created in the system to the sudo group. "

Yup, that's the "Ubuntu style" sudo setup that I was referring to. I've explained what it is and how people can add it to other distributions if they want to.

UK based freelance writer Michael Reed writes about technology, retro computing, geek culture and gender politics.

Misleading

John Anderson's picture

This article is misleading. In case you've been living under a rock then I have news for you: Ubuntu did NOT invent sudo.

"To add Ubuntu-style functionality you need to edit the file /etc/sudoers"

Really? And just how differently does Ubuntu do it? Oh I know, Ubuntu automatically edits the /etc/sudoers file for you to give sudo access to all users assigned to the admin group

hello

Anonymous's picture

wheel

Tom H in VA's picture

I recommending using the wheel group for granting full sudo privilege.

I agree with the "visudo" vs nano comment - recommend always using visudo.

If you uncomment the wheel group line and then add the desired users to the wheel group, they will have the necessary sudo privileges.

%wheel ALL=(ALL) ALL

Think of wheel as the hub of power :-). Similar idea to the comment by Jaques but using the old standard wheel group.

Another trick is that maybe

fernandom's picture

Another trick is that maybe you need to install the sudo program in a minimalist installation. Something like "apt-get install sudo" as root, before using it.

debian has added the "sudo"

Anonymous's picture

debian has added the "sudo" user group automatically to the sudoers file, so the easiest way is adding the user to the "sudo" group.

Sudo not an security feature!

click's picture

Sudo is a good way to give your users some privileges, but standard Unix permissions/flags/user groups is a way better and have been proven for many years! Example, give your sudoers simple find access and they can spawn an root shell! If you really, really need sudo style execution use su -c and pam.

su -c

Jerry Gallagher's picture

Your argument against sudo is also an argument against su -c. find exec bash, is a problem on most *nix derivatives. Su -c is not a better way because it requires the user to have the root password. On a good linux system roots password is for break the glass emergencies only and kept in a safe. Permissions on su are changed so ordinary users can't run the command. In order to su you must, sudo su -, to get root. Sudo, also has the ability a noexec option, which does not allow a user to spawn a shell from vi or find.
~

Windows have this feature long ago

Anonymous's picture

sudo?
I thought Windows have this feature long ago under a diffferent disguise?

Having a separate account/password for the root account is sort of a security feature, not something to bypass for the seek of ease of use. Am I not correct?

If you want to do this like

Jacques's picture

If you want to do this like ubuntu you should be adding an 'admin' group and then adding a sudoers rule like,

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

The reason why one should use sudo over su is that with sudo you can continue running commands without re-entering a password, and you do not need the root password to do so. If you really want to su to root you can still do,

sudo su -

Try sudo -i.

Anonymous's picture

Try sudo -i.

The title of this article is not misleading

Paul Kater's picture

Hello Andrew,

Please read the title correctly. It says "Ubuntu-style sudo". The style in which Ubuntu does it.

Further: I have used Mandrake/Mandriva for a long time and never bothered with sudo. su -c "command" works basically the same way and with that also you don't need to log out again, as the command is run in a temporary root shell.

Have a good weekend.

Visudo

David Riley's picture

Yes, Visudo is definatly the preferred way of editing your sudoers file, as it will check the syntax of your sudo file for you before saving to prevent any painful errors.

Also, what the author said sounded alright to me. He wasn't saying sudo is an Ubuntu specific feature, he was just using Ubuntu as an examples as it's one of the few distros that pre-configures sudo for you during installation. Most other distros that I have used like Debian or Fedora require you to configure it yourself. I don't know how Ubuntu handles it with additional users as mine is a single user machine.

Better is to add the user to the admin group

Gert's picture

su ...
usermod -a -G admin [username]
logout/login

not really

Anonymous coward's picture

Making extra admin accounts is a bad idea. Everyday users, including you, do not need privileged access. Most security vulnerabilities today target third-party applications (Acrobat, Java). If you run around as root, your whole system is vulnerable if any app is compromised.

Don't add extra root accounts. Don't browse the web as root. Don't run X as root. Don't even opening a dedicated root shell unless unavoidable.

(I came to learn what "Ubuntu-style sudo" meant and left disappointed.)

An extra admin account is not

Jerry Gallagher's picture

An extra admin account is not created this way. Users are added to the admin group, or wheel group. Everyday users are not given admin access, only admin users. Specific power users are given the ability to run installs and do various clean up tasks. ie. Oracle DBA's are given permission to run the root.sh but not to edit it.

"Don't add extra root accounts. Don't browse the web as root. Don't run X as root. Don't even opening a dedicated root shell unless unavoidable."

Non of these rules are violated by "Ubuntu-style-sudo", and if these rules are violated with sudo you have accountability of who did it.

This from Linux Journal?

Matt's picture

Seriously? As one who uses sudo on Fedora all the time, this just made me think that Ubuntu defaults to giving all users sudo privileges, or something. This article shows a lack of understanding about Linux in general. Not something I expected on Linux Journal...

Clarification on sudo in Ubuntu

Bill Childers's picture

Since you come from Fedora, there's a conceptual difference between the way Fedora sets up a user in the initial install of the OS, versus the way Ubuntu does it.

Most distros, Fedora included, will prompt the person installing the OS for a root password, then prompt for an initial unprivileged username and password.

Ubuntu does it differently. The Desktop version of Ubuntu will not prompt you for a root password. The root account does not have a password in Ubuntu, and is effectively disabled. The initial user that the installer prompts for information on is created as part of the "admin" group, which is the group in Ubuntu with sudo rights. Users that are created after the install process must be explicitly added to the admin group to gain privileged status.

Bill Childers is the Virtual Editor for Linux Journal. No one really knows what that means.

Random Hash

Gani's picture

By default the root user is setup with a random hash during the install of Ubuntu. (Comment by zoopster at http://www.ubuntux.org/how-to-change-the-root-password-in-ubuntu)

So what you're saying...

sMike's picture

So what you're saying is that Ubuntu doesn't have a different "style" for sudo, it has a different "style" of setting up root/admin access?

Explanation

Michael Reed's picture

This page explains the Ubuntu setup
https://help.ubuntu.com/community/RootSudo

Perhaps I was at fault for presuming that most people were familiar with the Ubuntu way of doing things. My bad.

UK based freelance writer Michael Reed writes about technology, retro computing, geek culture and gender politics.

I agree with the above

Kosmas's picture

I agree with the above comments.

I have been using a non-Ubuntu distribution for quite some time now, and I found it a bit strange the way that Ubuntu handles sudo.

sudo was there before Ubuntu...

As Martin said, ubuntu has no

Andrew Grover's picture

As Martin said, ubuntu has no claim on sudo. The sudo command is installed on every Linux distro I've ever used. The title of this article is completely misleading, making people think Ubuntu invented sudo.

Sudo is not an Ubuntu command..

Martin Thomas's picture

The only thing that Ubuntu added is that the sudoers file is preconfigured to include the primary user, saving the whole rigmarole of becoming root, editing the file etc.

Other than that, there is no difference, style or otherwise, between sudo on Ubuntu or on any other platform (Debian, Solaris, BSD, Linux etc).

Sudo Main Objective in Ubuntu

Gani's picture

The only thing that Ubuntu added is that the sudoers file is preconfigured to include the primary user, saving the whole rigmarole of becoming root, editing the file etc.

Other than that, there is no difference, style or otherwise, between sudo on Ubuntu or on any other platform (Debian, Solaris, BSD, Linux etc).

The above comment best describes what Canonical has in mind when it designed Ubuntu during installation. In one word, USABILITY. Since Ubuntu is aimed primarily for newbies, things should be as simple as possible but no simpler (a quote from Einstein)

Using "visudo" may be better

Anonymous's picture

Using "visudo" may be better to use instead of "nano"

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState