I don't understand why debian by default needs you to add yourself to /etc/sudoers to do anything worthwhile

[CrazedNerd]

A couple weeks ago, i loaded Debian 11 to a VM just to mess around with it...for the first time in my life, i've had a normal home internet connection that isn't garbage in compaison!

In Ubuntu, you can by default use the "sudo" command as the user you had to create to do almost everything that "su" can, yet my sudoer file on Ubuntu does not have my username added. On Debian, the first thing you need to do is add your username to the sudoers file, or else the system (from the command line) just makes empty threats about "reporting you" to some magical administrator. Is there actually a logical reason for Debian to be set up like this? Seems rather pedantic and time wasting to me.

 

[KGIII]

In Debian, by design, you're just a user. That's more secure, but a bit of a hassle in a home desktop system.

You're supposed to use root. In Ubuntu, you can't even login as root without some tweaking.

 

[CrazedNerd]

In Debian, by design, you're just a user. That's more secure, but a bit of a hassle in a home desktop system.

You're supposed to use root. In Ubuntu, you can't even login as root without some tweaking.

That's why my first task is always to create a root password when i do a fresh ubuntu install...editing configuration files without being logged in as root is a nightmare.

 

[wizardfromoz]

Crazy, Debian's Wiki has their reasons. They say, in part:

Some new Debian users, usually coming from Ubuntu, are shocked by problems like "sudo not working in Debian". However, this situation only happens if you have set a root password during your Debian installation.

But the full page is worth a read, it is at

https://wiki.debian.org/sudo/

Cheers and Avagudweegend

Wiz

 

[NORD]

I gave up trying to find the download link for Debian lol!
I will stick to UBUNTU/Mint side after seeing this thread.

 

[CrazedNerd]

Crazy, Debian's Wiki has their reasons. They say, in part:



But the full page is worth a read, it is at

https://wiki.debian.org/sudo/

Cheers and Avagudweegend

Wiz

It just overall seems counterproductive, i didn't understand that during installation you have the option to refrain from setting a root password, or why anyone setting up an installation of an OS wouldn't want to have root access to the system they are installing.

 

[CrazedNerd]

I gave up trying to find the download link for Debian lol!
I will stick to UBUNTU/Mint side after seeing this thread.

from my understanding, Debian users tend to want the full free-software experience (no proprietary), and while that approach is really appealing, i don't see any downside to having the possibility of proprietary drivers and such. You probably don't care, you don't shutdown a debian system with "shutdown now" as you do on Ubuntu without any software installs, you use "systemctl poweroff". Does anyone here know the systemctl version of reboot?

 

[NORD]

Sounds over complicated for no good reason.

 

[KGIII]

Does anyone here know the systemctl version of reboot?

I just tried 'systemctl reboot' in a VBox instance of Ubuntu and it rebooted the system.

 

[dos2unix]

It's same way with most distro's, SuSE-SLES, Redhat, CentOS, Oracle, AlmaLinux, to name a few.
Fedora just recently switched over to default sudoers about 2 or 3 versions ago.

Even Debian was a late adopter of sudo. Oh it's always existed on these distro's, but no one ever used
it until recently. I guess the age old argument.. is... why even have sudo?

If the purpose of a root account is to keep people from blowing up your system, then why give them the ability to blow up the system?

Now of course you can limit which commands a user can run in sudo, but some distro's like Ubuntu default to ALL=(ALL)
So you can run any command root can. All I have to do is type "sudo" in front of it.

To my old school way of thinking... if you want to run root commands.. just become root.
It's the same number of keys to type (if you count the space).

su -
sudo

Now usually you don't have to know/type the root password for root to work,
But most implementations of sudo have the user re-type their password in, so either way you have to type in a password.

Now like Ubuntu, you can set the NOPASSWD for users, and then it won't ask for a password.
But doesn't that defeat the purpose of having a protected admin/root account, if everyone can run any command they
want to without having to know a password?

 

[CrazedNerd]

It's same way with most distro's, SuSE-SLES, Redhat, CentOS, Oracle, AlmaLinux, to name a few.
Fedora just recently switched over to default sudoers about 2 or 3 versions ago.

Even Debian was a late adopter of sudo. Oh it's always existed on these distro's, but no one ever used
it until recently. I guess the age old argument.. is... why even have sudo?

If the purpose of a root account is to keep people from blowing up your system, then why give them the ability to blow up the system?

Now of course you can limit which commands a user can run in sudo, but some distro's like Ubuntu default to ALL=(ALL)
So you can run any command root can. All I have to do is type "sudo" in front of it.

To my old school way of thinking... if you want to run root commands.. just become root.
It's the same number of keys to type (if you count the space).

su -
sudo

Now usually you don't to know/type the root password for root to work,
But most implementations of sudo have the user re-type their password in, so either way you have to type in a password.

Now like Ubuntu, you can set the NOPASSWD for users, and then it won't ask for a password.
But doesn't that defeat the purpose of having a protected admin/root account, if everyone can run any command they
want to without having to know a password?

You don't even need the "-" either, i prefer not to be root all the time mostly because the default prompt string is more aesthetically pleasing...plus, command line mistakes can be a grave threat to your data.

 

[dos2unix]

You don't even need the "-" either,

Technically true. The "-" loads the environmental variables for that user.
Usually it's just whatever is in your .bashrc or .profile

If you leave off the "-" you just get the defaults.

 

[arochester]

LOL!

If you set a Root password during the install of Debian that is exactly what you get - a Root (with a) password.

If you DON'T set a Root password during the install (If you leave it blank.) the named user/installer gets sudo rights. The person installing can use sudo.

 

[CrazedNerd]

LOL!

If you set a Root password during the install of Debian that is exactly what you get - a Root (with a) password.

If you DON'T set a Root password during the install (If you leave it blank.) the named user/installer gets sudo rights. The person installing can use sudo.

Does that person then have a user id value of 0? I kinda like debian now!

 

[JasKinasis]

Does that person then have a user id value of 0? I kinda like debian now!

No, the user will get user ID 1000. Because no root password was set, they will automatically be added to the sudoers file.
The root account will effectively be disabled. But the user can act as root by using sudo.

...editing configuration files without being logged in as root is a nightmare.

Not really - sudo vim /path/to/config. Or if you’re planning on editing a lot, you could use sudo bash -i to run bash as root as a sub-shell. And then edit as many configs as you need to. And then type exit to return to the original shell, as your regular user account.

 

[arochester]

If there is no person named in the sudo list use AS ROOT

apt-get install sudo
usermod -a -G sudo <username>
Replace <username> with the username to which you want to grant sudo access.

Now logout & login to get sudo access.

If there is a person named in the sudo list then use the command: adduser
instead.

 

[CrazedNerd]

No, the user will get user ID 1000. Because no root password was set, they will automatically be added to the sudoers file.
The root account will effectively be disabled. But the user can act as root by using sudo.


Not really - sudo vim /path/to/config. Or if you’re planning on editing a lot, you could use sudo bash -i to run bash as root as a sub-shell. And then edit as many configs as you need to. And then type exit to return to the original shell, as your regular user account.

Ive just always considered logging into su just to be easier if im trying to find, read, edit configuration files since i didn't set those permissions to begin with. Using sudo works better if it's just one task, like installing a program.

 

[wizardfromoz]

Also, Crazy, and for readers other than the contributors, who likely know this, and again from the Debian Wiki.

Changes​

• The su command in buster is provided by the util-linux source package, instead of the shadow source package, and no longer alters the PATH variable by default. This means that after doing su, your PATH may not contain directories like /sbin, and many system administration commands will fail. There are several workarounds:
  • Use su - instead; this launches a login shell, which forces PATH to be courcehanged, but also changes everything else including the working directory.
  • Use sudo instead. sudo still runs commands with an altered PATH variable.
    • To get a regular root shell with the correct PATH, you may use sudo -s.
    • To get a login shell as root (equivalent to su -), you may use sudo -i.
  • Put ALWAYS_SET_PATH yes in /etc/default/su (create it) to get an approximation of the old behavior. This is documented in su(1).
  • Put the system administration directories (/sbin, /usr/sbin, /usr/local/sbin) in your regular account's PATH (see EnvironmentVariables for help with this).

Source - https://wiki.debian.org/NewInBuster

Cheers

Wiz

 

[Lord Boltar]

su root

then

sudo adduser username

where username is your login name
then

usermod -aG sudo username

reboot or logout then login - done