Security :: Sudo Non-user/non-root Password?
Feb 19, 2010
Stumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.
Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.
View 3 Replies
ADVERTISEMENT
Jan 26, 2011
We have a couple of clusters that are running Oracle. If you're familiar with Oracle you know that it basically has to be installed as root. Something I detest. anyway, when we are building out the box, we change the root pw and give it to the DBA team to do their installs and configs. When they are done, we change the root pw (and do not give it to them), and configure sudo to allow them the rights needed to manage Oracle and their databases.
Now however, we have a different situation. The DBAs need access to uninstall and reinstall components and make modifications on an ongoing basis. Since we only support OS and hardware, not app, they are requesting permanent root access. I promptly told them no, and the politics ensued. Their manager went to their director, who went to my director, and suddenly an exception is given for his good golfing buddy. So here I am, forced to turn lose DBAs on my clusters with full root access/pw. I need a way to allow specific users (or perhaps a specific user group) the ability to become root WITHOUT sharing the root pw with them.
View 3 Replies
View Related
Sep 20, 2010
I want to use root password instead of adding my user to the list of sudoers,In Arch wiki ander Root password:Users can configure sudo to ask for the root password instead of the user password by adding "rootpw" to the Defaults line in /etc/sudoers: but that did not work for me. it asks for root password.Why do I want to do that:
1. I want to do that, I like sudo more than su -c 'some_command'.
2. sudo enables bash completion, su -c does not.
3. I don't want to add my user to sudoers list.
I found many users Suggesting alternatives and lowering the important of my need for this, when I asked this question in anther please.
View 8 Replies
View Related
Jan 12, 2009
It seem like unix abit annoying every time you log in you need to password can I disable it
View 10 Replies
View Related
Aug 10, 2010
I have a problem with sshd daemon on a target linux system:The system has only one user (root) without password.The sshd_config looks like:
Code:
Port 22
Protocol 2
[code]...
View 8 Replies
View Related
Dec 18, 2010
I have tried to not allow root access and have created a wheel user.
Now I can not logged in as root.
Its okay but when am logging as wheel user and trying to access root then it says:
Code:
View 14 Replies
View Related
Jul 14, 2009
When I go to single user mode for resetting root password, It ask root pawssword for login.The message displayed on prompt is "Give root password for login.On the boot prompt, I select kernel and press 'e' and after one space type 1 for single User mode and then press 'b' for booting.It shows message entering in single user mode but ask root password. Even I tried into rescue mode, but I couldn't ser root password.In rescue mode on prompt, It shows rescue login: I typed root, But when typed 'passwd' foe resetting root pawssword,It shows message unknown user and not authetication.
View 1 Replies
View Related
Apr 9, 2010
I was trying to edit a file requiring root permissions, so I used sudo. I typed the root password and it failed. This happened three times, and the process was ended. I then logged in as root (su) and was able to navigate to the file and make changes as root. Am I missing something? How would I edit the sudoers file such that this password would work? Or is there another way to log in to the sudo group to make these changes? How do I set sudo passwords?
View 1 Replies
View Related
Dec 16, 2010
When i install or upgrade the system I want to be asked for the root password instead of just the normal password for sudo. The reason for this is that the kids and so on uses my system and know my password. They do not know my root password though. I do not want them to install or mess up my system by pure fumbling, so is this possible to do. A simple change in who runs the updater/install features...
View 9 Replies
View Related
Oct 29, 2010
I need to run a command in a terminal, but cannot get root. I can in "Add Software" to install, I know and tried all the passwords I know from the install, but no show.What can I do?I tried sudo password, then typed in the space, no letters appear, but no success.TO "sudo password" after putting is my password, my username comes up and it says I am not in sudoers file.My Laptop has only one user, I know as I tried switching for a test.
View 12 Replies
View Related
Jul 9, 2010
When I run sudo as a normal unprivileged user, it asks for my password, not the root password. That's often convenient, but it reduces the amount of information someone would have to have in order to run commands as root. So how can I make sudo ask for the root password instead of the invoking user's password? I know it'd be done with a line in /etc/sudoers, but I can never seem to properly parse the BNF grammar in the man page to figure out exactly what to write.
View 4 Replies
View Related
May 29, 2011
when I try to do admin tasks - e.g. setting my wireless connection to "available to all users" or updating a group's settings - it asks for "password for root" rather than asking for my password so it can sudo.I was forced to enable the root password, so I could do anything on my system ( sudo su; passwd; ) but I'd rather keep my root password locked and use sudo if possible.
View 4 Replies
View Related
May 9, 2011
I have a RHEL 5.5 system set up with two users in the sudoers file to run certain commands without a password prompt.I do not have "Defaults requiretty" in the sudoers file.However, for both users, when I issue: sudo -l, it prompts for a password and logs in /var/log/secure:sudo: userx: no tty present and no askpass program specified
View 2 Replies
View Related
Aug 14, 2010
I have just installed Lenny on a Thinkpad R50p. During the install I opted for no root password, using the sudo option instead (I've been used to this on Kubuntu for a long time). After installing, I added KDE 3.5 with apt-get install kde-desktop - all seems to be OK, except that I am unable to add packages or perform tasks for which a root / admin password is needed. It seems that the install-time choice of sudo (shared password) does not propagate to the KDE install, which is still expecting a root password.
how to either enable the KDE desktop to work with this shared password setup, or whether there is a better route to a KDE 3.5 desktop than just installing as I did (I am aware of Trinity KDE 3.5 but the Pearson Computing source is still not up, are those packages available for Lenny anywhere else, and are they recommended?). I can of course rerun the whole install and choose root & user passwords but if there is a smarter solution it would be less of a 'reinstall Windows' type of fix
I've had a very frustrating time the last few months trying to find a KDE4 based desktop that is stable enough and not lacking some basic functions (print manager, for goodness sake), so I have temporarily thrown in the towel and will try a Stable installation that is not changing (breaking) all the time, until KDE4 series gets past this adolescent stage of development and settles down.
I do need to get back to a system I can work on rather than keep on trying different installations!
View 10 Replies
View Related
Sep 1, 2010
I upgraded from Super Ubuntu 2008.11 to Ubuntu 10.04.1 online ( my mistake ). Now I can boot into Ubuntu 10.04 with 2 kernel options and a failsafe. However I can only boot as a user ( rejean ) and not as su or sudo. My other problem is that I don't have a gui. I would like to do a Code:sudo dpkg-reconfigure xserver-xorgbut there is no password that works.What should I do?
View 1 Replies
View Related
Nov 6, 2010
How to become a root user without using sudo?So,that i can become super user to edit configuration files in etc directory.
View 1 Replies
View Related
Jun 4, 2010
How can a user be setup to sudo (or su -) without entering a password?
View 1 Replies
View Related
Oct 24, 2010
How to recover user password and root password in fedora if u forget
View 2 Replies
View Related
Oct 26, 2010
I no longer have access to my root desktop. On a session I attempted to change the root username but i apparently assigned it a wrong directory that does not exist. When I rebooted with my new root username, i was instead recognised as a simple user (no root privileges). I tried the console to change to "old" root but root password is not accepted and there is no way to access to sudoer files. it seems that inserting a new username requires root privileges and i am back to square one. Simply logging with old root username and password after restart gives me a blank screen with nothing on it and cannot even reboot.
View 9 Replies
View Related
Mar 2, 2010
i used opensuse 11.1 ...there is option for root user to create password for root...but for ubuntu i did not find anything like that...so how can i create root password....or how can i use root
View 1 Replies
View Related
Apr 5, 2011
Consider: [URL]
In security terms, would using sudo instead of root be safer? I'd actually prefer to use this if so; I like sudo an awful lot. (It's Mark Shuttleworth's fault)
View 10 Replies
View Related
Mar 22, 2011
why when I type sudo su in a terminal there's no need to enter my password, I just go straight into root
View 5 Replies
View Related
Sep 9, 2010
In Ubuntu 10.04, I logged in as user1 and when I open a new terminal and issue any command it is asking password.user@ubun-laptop:~$ sudo ifconfig[sudo] password for user: It is asking for password only for first time.From the next command onwards it is not asking.Can some one please tell me if it is possible to issue ONLY ONE COMMAND, in which even if the password request comes, it will automatically fill the password.Just like "ps -elf | grep NetworkManager". I am expecting any combination of commands in a single line, so that password is filled automatically IF PASSWORD IS ASKED. If password is not asked, the command must be executed.
View 17 Replies
View Related
Jan 25, 2010
I have a weird question about the sudoers file. Currently, I am running "Red Hat Enterprise Linux ES release 4 (Nahant Update 8)".
I edited the sudoers file (via visudo) and added the following:
User_Alias RPTS2 = vtmtest
RPTS2 xxxxx = (jboss) /oracle/app/oracle/apps/rptsd/deploy-jboss/deploy_rpts_jboss.sh
The user (vtmtest) issues the following command
sudo /oracle/app/oracle/apps/rptsd/deploy-jboss/deploy_rpts_jboss.sh
and gets this message:
user vtmtest is not allowed to execute '/oracle/app/oracle/apps/rptsd/deploy-jboss/deploy_rpts_jboss.sh' as root on xxxxx
When I look at the log, I see the following:
Jan 25 14:17:57 xxxxx sudo: vtmtest : command not allowed ; TTY=pts/12 ; PWD=/export/home/vtmtest ; USER=root ; COMMAND=/oracle/app/oracle/apps/rptsd/deploy-jboss/deploy_rpts_jboss.sh
1. Why does sudo try to run as the root user, when I have specified in the command to run as jboss?
2. Do I need to specify anything else so that this command can run as the "jboss" user and not "root"?
View 2 Replies
View Related
Apr 23, 2010
It's been a few years since I last installed Ubuntu. I searched the forums and can't seem to find the answer. I want to be able to do a "su root" and have root access. I know Ubuntu wants you to do the sudo command, and I know you can really mess things up being root. I know I got this to work before. What do I need to do?
View 3 Replies
View Related
Feb 8, 2010
Can a sudo user do everything what a root user can do? I read sometimes expert say "You should run it as root rather than sudo user".
View 14 Replies
View Related
Jan 15, 2010
I am using mint 8 for a 2 weeks, I am noob to linux but I like Mint than any other linux distro which is great alternative to windows. I have a problem regarding password reseting.
1. My laptop automatically get logged in without asking user name and password.
2. I tried to change password for newly created user and root user using graphical way but it does not work.
2. I can perform administrator task using only OEM user which is default inbuilt user of mint.
How can make my laptop to ask password when mint get booted? How to change password for other users?
View 1 Replies
View Related
Jan 6, 2009
At the RHEL prompt, I entered the standard user's username/password combo. Linux displays a message box stating:"Your account has expired; please contact your system administrator."Next, I entered "root" in the username field and entered the root password (which expired also--keep in mind that passwords are set to expire after x days). Linux displays a message box stating:"You are required to change your password immediately (password aged)."When prompted to "Enter current UNIX password", I entered the new password (was that the right thing to do?); Linux displays a message box stating:"The change of the authentication token failed. Please try again later or contact the system administrator."I rebooted the system and got into command line mode; somehow I logged in as "root" (don't know exactly how, but needed to change the password there). At the "#" prompt, I type "passwd root"; Linux displays the message "Changing password for user root", followed by the message "passwd: Authentication information cannot be recovered.
View 4 Replies
View Related
Feb 17, 2011
I have been reading guides for a while now and so far have not found an exact solution to my problem.
I want a linux user (dave) to be able to switch to another account (patrol) without a password prompt, but dave must still be denied access to root. Patrol must also be denied root access.
In the sudoers file
Code:
User_Alias Patrol=dave,john
root ALL=(ALL) ALL
Patrol ALL=(patrol) NOPSSWD: ALL
[Code].....
View 6 Replies
View Related
Oct 14, 2010
A friend of mine has told me to set a root password and use root (f.e. switching to su in terminal and work with root rights instead).Is there any way to unset the root password? I know how to use sudo now.
View 9 Replies
View Related
