• We did not send an email asking for donations - please read this post.

I don't understand why debian by default needs you to add yourself to /etc/sudoers to do anything worthwhile

CrazedNerd

Well-Known Member
Joined
Mar 31, 2021
Messages
758
Reaction score
303
Credits
6,472
A couple weeks ago, i loaded Debian 11 to a VM just to mess around with it...for the first time in my life, i've had a normal home internet connection that isn't garbage in compaison!

In Ubuntu, you can by default use the "sudo" command as the user you had to create to do almost everything that "su" can, yet my sudoer file on Ubuntu does not have my username added. On Debian, the first thing you need to do is add your username to the sudoers file, or else the system (from the command line) just makes empty threats about "reporting you" to some magical administrator. Is there actually a logical reason for Debian to be set up like this? Seems rather pedantic and time wasting to me.
 


KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
7,316
Reaction score
6,314
Credits
59,278
In Debian, by design, you're just a user. That's more secure, but a bit of a hassle in a home desktop system.

You're supposed to use root. In Ubuntu, you can't even login as root without some tweaking.
 
OP
CrazedNerd

CrazedNerd

Well-Known Member
Joined
Mar 31, 2021
Messages
758
Reaction score
303
Credits
6,472
In Debian, by design, you're just a user. That's more secure, but a bit of a hassle in a home desktop system.

You're supposed to use root. In Ubuntu, you can't even login as root without some tweaking.
That's why my first task is always to create a root password when i do a fresh ubuntu install...editing configuration files without being logged in as root is a nightmare.
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,779
Reaction score
6,605
Credits
28,603
Crazy, Debian's Wiki has their reasons. They say, in part:

Some new Debian users, usually coming from Ubuntu, are shocked by problems like "sudo not working in Debian". However, this situation only happens if you have set a root password during your Debian installation.

But the full page is worth a read, it is at

https://wiki.debian.org/sudo/

Cheers and Avagudweegend

Wiz
 

NORD

Well-Known Member
Joined
Jan 4, 2019
Messages
416
Reaction score
312
Credits
2,175
I gave up trying to find the download link for Debian lol!
I will stick to UBUNTU/Mint side after seeing this thread.
 
OP
CrazedNerd

CrazedNerd

Well-Known Member
Joined
Mar 31, 2021
Messages
758
Reaction score
303
Credits
6,472
Crazy, Debian's Wiki has their reasons. They say, in part:



But the full page is worth a read, it is at

https://wiki.debian.org/sudo/

Cheers and Avagudweegend

Wiz
It just overall seems counterproductive, i didn't understand that during installation you have the option to refrain from setting a root password, or why anyone setting up an installation of an OS wouldn't want to have root access to the system they are installing.
 
OP
CrazedNerd

CrazedNerd

Well-Known Member
Joined
Mar 31, 2021
Messages
758
Reaction score
303
Credits
6,472
I gave up trying to find the download link for Debian lol!
I will stick to UBUNTU/Mint side after seeing this thread.
from my understanding, Debian users tend to want the full free-software experience (no proprietary), and while that approach is really appealing, i don't see any downside to having the possibility of proprietary drivers and such. You probably don't care, you don't shutdown a debian system with "shutdown now" as you do on Ubuntu without any software installs, you use "systemctl poweroff". Does anyone here know the systemctl version of reboot?
 

NORD

Well-Known Member
Joined
Jan 4, 2019
Messages
416
Reaction score
312
Credits
2,175
Sounds over complicated for no good reason.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
7,316
Reaction score
6,314
Credits
59,278
Does anyone here know the systemctl version of reboot?

I just tried 'systemctl reboot' in a VBox instance of Ubuntu and it rebooted the system.
 

dos2unix

Well-Known Member
Joined
May 3, 2019
Messages
1,552
Reaction score
1,170
Credits
9,863
It's same way with most distro's, SuSE-SLES, Redhat, CentOS, Oracle, AlmaLinux, to name a few.
Fedora just recently switched over to default sudoers about 2 or 3 versions ago.

Even Debian was a late adopter of sudo. Oh it's always existed on these distro's, but no one ever used
it until recently. I guess the age old argument.. is... why even have sudo?

If the purpose of a root account is to keep people from blowing up your system, then why give them the ability to blow up the system?

Now of course you can limit which commands a user can run in sudo, but some distro's like Ubuntu default to ALL=(ALL)
So you can run any command root can. All I have to do is type "sudo" in front of it.

To my old school way of thinking... if you want to run root commands.. just become root.
It's the same number of keys to type (if you count the space).

su -
sudo

Now usually you don't have to know/type the root password for root to work,
But most implementations of sudo have the user re-type their password in, so either way you have to type in a password.

Now like Ubuntu, you can set the NOPASSWD for users, and then it won't ask for a password.
But doesn't that defeat the purpose of having a protected admin/root account, if everyone can run any command they
want to without having to know a password?
 
OP
CrazedNerd

CrazedNerd

Well-Known Member
Joined
Mar 31, 2021
Messages
758
Reaction score
303
Credits
6,472
It's same way with most distro's, SuSE-SLES, Redhat, CentOS, Oracle, AlmaLinux, to name a few.
Fedora just recently switched over to default sudoers about 2 or 3 versions ago.

Even Debian was a late adopter of sudo. Oh it's always existed on these distro's, but no one ever used
it until recently. I guess the age old argument.. is... why even have sudo?

If the purpose of a root account is to keep people from blowing up your system, then why give them the ability to blow up the system?

Now of course you can limit which commands a user can run in sudo, but some distro's like Ubuntu default to ALL=(ALL)
So you can run any command root can. All I have to do is type "sudo" in front of it.

To my old school way of thinking... if you want to run root commands.. just become root.
It's the same number of keys to type (if you count the space).

su -
sudo

Now usually you don't to know/type the root password for root to work,
But most implementations of sudo have the user re-type their password in, so either way you have to type in a password.

Now like Ubuntu, you can set the NOPASSWD for users, and then it won't ask for a password.
But doesn't that defeat the purpose of having a protected admin/root account, if everyone can run any command they
want to without having to know a password?
You don't even need the "-" either, i prefer not to be root all the time mostly because the default prompt string is more aesthetically pleasing...plus, command line mistakes can be a grave threat to your data.
 

dos2unix

Well-Known Member
Joined
May 3, 2019
Messages
1,552
Reaction score
1,170
Credits
9,863
You don't even need the "-" either,

Technically true. The "-" loads the environmental variables for that user.
Usually it's just whatever is in your .bashrc or .profile

If you leave off the "-" you just get the defaults.
 

arochester

Moderator
Staff member
Gold Supporter
Joined
Apr 25, 2017
Messages
1,676
Reaction score
1,339
Credits
3,374
LOL!

If you set a Root password during the install of Debian that is exactly what you get - a Root (with a) password.

If you DON'T set a Root password during the install (If you leave it blank.) the named user/installer gets sudo rights. The person installing can use sudo.
 
OP
CrazedNerd

CrazedNerd

Well-Known Member
Joined
Mar 31, 2021
Messages
758
Reaction score
303
Credits
6,472
LOL!

If you set a Root password during the install of Debian that is exactly what you get - a Root (with a) password.

If you DON'T set a Root password during the install (If you leave it blank.) the named user/installer gets sudo rights. The person installing can use sudo.
Does that person then have a user id value of 0? I kinda like debian now!
 

JasKinasis

Well-Known Member
Joined
Apr 25, 2017
Messages
1,562
Reaction score
2,224
Credits
11,517
Does that person then have a user id value of 0? I kinda like debian now!
No, the user will get user ID 1000. Because no root password was set, they will automatically be added to the sudoers file.
The root account will effectively be disabled. But the user can act as root by using sudo.

...editing configuration files without being logged in as root is a nightmare.
Not really - sudo vim /path/to/config. Or if you’re planning on editing a lot, you could use sudo bash -i to run bash as root as a sub-shell. And then edit as many configs as you need to. And then type exit to return to the original shell, as your regular user account.
 

arochester

Moderator
Staff member
Gold Supporter
Joined
Apr 25, 2017
Messages
1,676
Reaction score
1,339
Credits
3,374
If there is no person named in the sudo list use AS ROOT

apt-get install sudo
usermod -a -G sudo <username>
Replace <username> with the username to which you want to grant sudo access.

Now logout & login to get sudo access.

If there is a person named in the sudo list then use the command: adduser
instead.
 
OP
CrazedNerd

CrazedNerd

Well-Known Member
Joined
Mar 31, 2021
Messages
758
Reaction score
303
Credits
6,472
No, the user will get user ID 1000. Because no root password was set, they will automatically be added to the sudoers file.
The root account will effectively be disabled. But the user can act as root by using sudo.


Not really - sudo vim /path/to/config. Or if you’re planning on editing a lot, you could use sudo bash -i to run bash as root as a sub-shell. And then edit as many configs as you need to. And then type exit to return to the original shell, as your regular user account.
Ive just always considered logging into su just to be easier if im trying to find, read, edit configuration files since i didn't set those permissions to begin with. Using sudo works better if it's just one task, like installing a program.
 
Last edited:

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,779
Reaction score
6,605
Credits
28,603
Also, Crazy, and for readers other than the contributors, who likely know this, and again from the Debian Wiki.

Changes​


  • The su command in buster is provided by the util-linux source package, instead of the shadow source package, and no longer alters the PATH variable by default. This means that after doing su, your PATH may not contain directories like /sbin, and many system administration commands will fail. There are several workarounds:
    • Use su - instead; this launches a login shell, which forces PATH to be courcehanged, but also changes everything else including the working directory.
    • Use sudo instead. sudo still runs commands with an altered PATH variable.
      • To get a regular root shell with the correct PATH, you may use sudo -s.
      • To get a login shell as root (equivalent to su -), you may use sudo -i.
    • Put ALWAYS_SET_PATH yes in /etc/default/su (create it) to get an approximation of the old behavior. This is documented in su(1).
    • Put the system administration directories (/sbin, /usr/sbin, /usr/local/sbin) in your regular account's PATH (see EnvironmentVariables for help with this).

Source - https://wiki.debian.org/NewInBuster

Cheers

Wiz
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Top