Loading
Quick Tip: Setup Ubuntu-style Sudo on other Distributions
Ubuntu's sudo command is something that I miss when I'm using other distributions. For the uninitiated, when using Ubuntu, you can execute privileged commands as the root user by prefacing them with sudo. This saves having to log in as root, do your work and then log out again (or if you're like me, forget to log out and keep doing things as root). Fortunately, it's a cinch to add the functionality to other distributions such as Debian or Fedora.
Here's a funny thing (well, I found it amusing): If you attempt to execute a command using sudo on, say, stock Debian, before being prompted for your password, you are issued a stern warning:
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Once you've got over the lecture and you enter the password, you quickly learn that other distributions don't handle sudo in quite the same way as Ubuntu.
[username] is not the in the sudoers file. This incident will be reported.
Eek! The Debian Police didn't actually turn up at my house on this occasion, and although I did notice a helicopter circling above my house for a while, it might have been a coincidence.
To add Ubuntu-style functionality you need to edit the file /etc/sudoers
Obviously you can't use sudo yet, so make youtself root by typing
su
Then, use your favorite text editor to open up /etc/sudoers. For example, under Debian type
nano /etc/sudoers
Scroll down until you find the line
root ALL=(ALL) ALL
and underneath, add the line
[your username] ALL=(ALL) ALL
substituting [your username] as appropriate. Save the file and exit the editor. Once you've done this, test things out by executing a command that requires root privileges. Under Debian, I ran:
sudo apt-get update
and sure enough, the command ran with root privileges. As with Ubuntu, it caches your password for a while, so you don't have to keep re-entering it for every command.
______________________
UK based freelance writer Michael Reed writes about technology, retro computing, geek culture and gender politics.
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Designing Electronics with Linux
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Dynamic DNS—an Object Lesson in Problem Solving
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Build a Skype Server for Your Home Phone System
- Validate an E-Mail Address with PHP, the Right Way
- Why Python?
- A Topic for Discussion - Open Source Feature-Richness?
- Tech Tip: Really Simple HTTP Server with Python
- Great
2 hours 41 min ago - Reply to comment | Linux Journal
2 hours 49 min ago - Understanding the Linux Kernel
5 hours 3 min ago - General
7 hours 33 min ago - Kernel Problem
17 hours 36 min ago - BASH script to log IPs on public web server
22 hours 3 min ago - DynDNS
1 day 1 hour ago - Reply to comment | Linux Journal
1 day 2 hours ago - All the articles you talked
1 day 4 hours ago - All the articles you talked
1 day 4 hours ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Developer Poll
Comments
hahaha...hey guys..yooo....
hahaha...hey guys..yooo.... Dont be angry just because sudo
Username ALL=(ALL)ALL
My simple question...
Can we use "sudo rm -rf / "on ubuntu by default? If we can, so dont angry just because that line. :D
Very disappointing...
Instead of simply stating that Ubuntu automagically configures sudo, the article's opening paragraph suggests you add the functionality to other distributions such as Debian or Fedora. There's nothing to add! Also, as others have noted, bad advice is offered--especially for the noob--with the suggestion to directly edit /etc/sudoers; that is just NOT recommended. Finally, caching the password is a standard sudo functionality; nothing uniquely Ubuntu about it.
As for the lecture, well, you'll get over it...
Better to run EDITOR=nano
Better to run EDITOR=nano visudo. Running with visudo checks the syntax of the file. If you screw it up there can be some annoying consequences.
sudo is even less secure for many things
you do unterstand that the user with rights to run sudo for everythin is able run ANY command with root rights ... ANY!!!
sudo rm -rf /
be careful who do you give a right to use sudo.
it is always much better to allow user to run only some commands with sudo and put something like this in /ect/sudoers (with visudo):
xxxxuser ALL=/usr/bin/truecrypt
and think about using NOEXEC to prevent the allowed command to other commands with sudo rights.
little bit easier is
if you are bored of typing your password every time when you use sudo type
[your username] ALL=(ALL) NOPASSWD: ALL
but there is another tip :)
install LMDE - the same debian, and with ubuntu and linux mint like sudo
ubuntu-style? wth?
The only difference between Ubuntu's and some other distro's default sudo setup is that Ubuntu adds the first user created in the system to the sudo group. The second user does not get that special handling. Since Debian does make sudo part of the default installation, and since it won't silently add users to privileged groups, you don't get magic (as in Clarke's "magic").
I expect better journalism from Linux Journal. I hope I don't have to lower the bar.
...I have to second that. If
...I have to second that.
If you miss sudo when you use another distribution, then perhaps you should install it/add yourself to the sudoers list.
Possibility and intention
As far as Linux Mint is concerned, the second user may enjoy that special handling provided the first user added the former to the Admin group. Possibility and intention are two different things.
wth, indeed.
"ubuntu-style? wth?"
"The only difference between Ubuntu's and some other distro's default sudo setup is that Ubuntu adds the first user created in the system to the sudo group. "
Yup, that's the "Ubuntu style" sudo setup that I was referring to. I've explained what it is and how people can add it to other distributions if they want to.
UK based freelance writer Michael Reed writes about technology, retro computing, geek culture and gender politics.
Misleading
This article is misleading. In case you've been living under a rock then I have news for you: Ubuntu did NOT invent sudo.
"To add Ubuntu-style functionality you need to edit the file /etc/sudoers"
Really? And just how differently does Ubuntu do it? Oh I know, Ubuntu automatically edits the /etc/sudoers file for you to give sudo access to all users assigned to the admin group
hello
====== http://tinyurl.com/27mv2g9 ====
====== http://tinyurl.com/27mv2g9 ====
====== http://tinyurl.com/27mv2g9 ====
wheel
I recommending using the wheel group for granting full sudo privilege.
I agree with the "visudo" vs nano comment - recommend always using visudo.
If you uncomment the wheel group line and then add the desired users to the wheel group, they will have the necessary sudo privileges.
%wheel ALL=(ALL) ALL
Think of wheel as the hub of power :-). Similar idea to the comment by Jaques but using the old standard wheel group.
Another trick is that maybe
Another trick is that maybe you need to install the sudo program in a minimalist installation. Something like "apt-get install sudo" as root, before using it.
debian has added the "sudo"
debian has added the "sudo" user group automatically to the sudoers file, so the easiest way is adding the user to the "sudo" group.
Sudo not an security feature!
Sudo is a good way to give your users some privileges, but standard Unix permissions/flags/user groups is a way better and have been proven for many years! Example, give your sudoers simple find access and they can spawn an root shell! If you really, really need sudo style execution use su -c and pam.
su -c
Your argument against sudo is also an argument against su -c. find exec bash, is a problem on most *nix derivatives. Su -c is not a better way because it requires the user to have the root password. On a good linux system roots password is for break the glass emergencies only and kept in a safe. Permissions on su are changed so ordinary users can't run the command. In order to su you must, sudo su -, to get root. Sudo, also has the ability a noexec option, which does not allow a user to spawn a shell from vi or find.
~
Windows have this feature long ago
sudo?
I thought Windows have this feature long ago under a diffferent disguise?
Having a separate account/password for the root account is sort of a security feature, not something to bypass for the seek of ease of use. Am I not correct?
If you want to do this like
If you want to do this like ubuntu you should be adding an 'admin' group and then adding a sudoers rule like,
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
The reason why one should use sudo over su is that with sudo you can continue running commands without re-entering a password, and you do not need the root password to do so. If you really want to su to root you can still do,
sudo su -
Try sudo -i.
Try sudo -i.
The title of this article is not misleading
Hello Andrew,
Please read the title correctly. It says "Ubuntu-style sudo". The style in which Ubuntu does it.
Further: I have used Mandrake/Mandriva for a long time and never bothered with sudo. su -c "command" works basically the same way and with that also you don't need to log out again, as the command is run in a temporary root shell.
Have a good weekend.
Visudo
Yes, Visudo is definatly the preferred way of editing your sudoers file, as it will check the syntax of your sudo file for you before saving to prevent any painful errors.
Also, what the author said sounded alright to me. He wasn't saying sudo is an Ubuntu specific feature, he was just using Ubuntu as an examples as it's one of the few distros that pre-configures sudo for you during installation. Most other distros that I have used like Debian or Fedora require you to configure it yourself. I don't know how Ubuntu handles it with additional users as mine is a single user machine.
Better is to add the user to the admin group
su ...
usermod -a -G admin [username]
logout/login
not really
Making extra admin accounts is a bad idea. Everyday users, including you, do not need privileged access. Most security vulnerabilities today target third-party applications (Acrobat, Java). If you run around as root, your whole system is vulnerable if any app is compromised.
Don't add extra root accounts. Don't browse the web as root. Don't run X as root. Don't even opening a dedicated root shell unless unavoidable.
(I came to learn what "Ubuntu-style sudo" meant and left disappointed.)
An extra admin account is not
An extra admin account is not created this way. Users are added to the admin group, or wheel group. Everyday users are not given admin access, only admin users. Specific power users are given the ability to run installs and do various clean up tasks. ie. Oracle DBA's are given permission to run the root.sh but not to edit it.
"Don't add extra root accounts. Don't browse the web as root. Don't run X as root. Don't even opening a dedicated root shell unless unavoidable."
Non of these rules are violated by "Ubuntu-style-sudo", and if these rules are violated with sudo you have accountability of who did it.
This from Linux Journal?
Seriously? As one who uses sudo on Fedora all the time, this just made me think that Ubuntu defaults to giving all users sudo privileges, or something. This article shows a lack of understanding about Linux in general. Not something I expected on Linux Journal...
Clarification on sudo in Ubuntu
Since you come from Fedora, there's a conceptual difference between the way Fedora sets up a user in the initial install of the OS, versus the way Ubuntu does it.
Most distros, Fedora included, will prompt the person installing the OS for a root password, then prompt for an initial unprivileged username and password.
Ubuntu does it differently. The Desktop version of Ubuntu will not prompt you for a root password. The root account does not have a password in Ubuntu, and is effectively disabled. The initial user that the installer prompts for information on is created as part of the "admin" group, which is the group in Ubuntu with sudo rights. Users that are created after the install process must be explicitly added to the admin group to gain privileged status.
Bill Childers is the Virtual Editor for Linux Journal. No one really knows what that means.
Random Hash
By default the root user is setup with a random hash during the install of Ubuntu. (Comment by zoopster at http://www.ubuntux.org/how-to-change-the-root-password-in-ubuntu)
So what you're saying...
So what you're saying is that Ubuntu doesn't have a different "style" for sudo, it has a different "style" of setting up root/admin access?
Explanation
This page explains the Ubuntu setup
https://help.ubuntu.com/community/RootSudo
Perhaps I was at fault for presuming that most people were familiar with the Ubuntu way of doing things. My bad.
UK based freelance writer Michael Reed writes about technology, retro computing, geek culture and gender politics.
I agree with the above
I agree with the above comments.
I have been using a non-Ubuntu distribution for quite some time now, and I found it a bit strange the way that Ubuntu handles sudo.
sudo was there before Ubuntu...
As Martin said, ubuntu has no
As Martin said, ubuntu has no claim on sudo. The sudo command is installed on every Linux distro I've ever used. The title of this article is completely misleading, making people think Ubuntu invented sudo.
Sudo is not an Ubuntu command..
The only thing that Ubuntu added is that the sudoers file is preconfigured to include the primary user, saving the whole rigmarole of becoming root, editing the file etc.
Other than that, there is no difference, style or otherwise, between sudo on Ubuntu or on any other platform (Debian, Solaris, BSD, Linux etc).
Sudo Main Objective in Ubuntu
The only thing that Ubuntu added is that the sudoers file is preconfigured to include the primary user, saving the whole rigmarole of becoming root, editing the file etc.
Other than that, there is no difference, style or otherwise, between sudo on Ubuntu or on any other platform (Debian, Solaris, BSD, Linux etc).
The above comment best describes what Canonical has in mind when it designed Ubuntu during installation. In one word, USABILITY. Since Ubuntu is aimed primarily for newbies, things should be as simple as possible but no simpler (a quote from Einstein)
Using "visudo" may be better
Using "visudo" may be better to use instead of "nano"