FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 11-17-2009, 06:03 PM
Zachary Uram
 
Default Giving a user root priveleges?

I edited /etc/sudoers file and added:

user ALL=(ALL) ALL

But when I try to sudo as that user to root I get error:

$ sudo su root

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for zu22:
Sorry, try again.
[sudo] password for zu22:
sudo: pam_authenticate: Conversation error

How can I fix this?

Zach


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-17-2009, 07:43 PM
"Todd A. Jacobs"
 
Default Giving a user root priveleges?

On Tue, Nov 17, 2009 at 02:03:26PM -0500, Zachary Uram wrote:

> [sudo] password for zu22: Sorry, try again. [sudo] password for zu22:
> sudo: pam_authenticate: Conversation error

Looks like a PAM problem. If you've previously installed debsums, I'd
suggest the following:

debsums libpam-modules sudo

This should pinpoint any damaged/corrupted files related to this issue.
You can, of course, bypass the PAM authentication with:

user ALL=(ALL) NOPASSWD:ALL

but that would still leave you with a bad pam library or binary
somewhere. If all else fails, I'd forcibly reinstall all your pam
and sudo packages.

--
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-17-2009, 08:16 PM
John L Fjellstad
 
Default Giving a user root priveleges?

Zachary Uram <netrek@gmail.com> writes:

> I edited /etc/sudoers file and added:
>
> user ALL=(ALL) ALL
>
> But when I try to sudo as that user to root I get error:
>
> $ sudo su root
>
> We trust you have received the usual lecture from the local System
> Administrator. It usually boils down to these three things:
>
> #1) Respect the privacy of others.
> #2) Think before you type.
> #3) With great power comes great responsibility.
>
> [sudo] password for zu22:
> Sorry, try again.
> [sudo] password for zu22:
> sudo: pam_authenticate: Conversation error
>
> How can I fix this?

You are putting in zu22 password, right?
As the user, you can run sudo -l to see what kind of right it has. You
must still put in the correct password, though

--
John L. Fjellstad
web: http://www.fjellstad.org/ Quis custodiet ipsos custodes


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-17-2009, 08:17 PM
Preston Boyington
 
Default Giving a user root priveleges?

Zachary Uram wrote:
<snipped>

> But when I try to sudo as that user to root I get error:
>
> $ sudo su root

I think there is some confusion.

I don't know of any reason to use both 'su' and 'sudo' in a command.
either you would 'su' to root or you would 'sudo' to run a singular command.

'su' is to change into superuser (root) until you exit.
'sudo' is to temporarily be superuser until the command is completed.

To use 'sudo' to run a command just type 'sudo <command>' and as long as
you have the user in the 'sudo' group ('adduser user sudo' as root) that
user will be able to run said command when they log back in.


>
> We trust you have received the usual lecture from the local System
> Administrator. It usually boils down to these three things:
>
> #1) Respect the privacy of others.
> #2) Think before you type.
> #3) With great power comes great responsibility.
>

you will get this unless you add NOPASSWD:ALL to your sudo group.

you did uncomment the '%sudo' in the sudoers file, correct?

--

Arrant Drivel - really, it's just trash...
http://www.arrantdrivel.com/

Where the road takes me - a highwayman's perspective
http://www.prestonboyington.com/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-17-2009, 09:06 PM
PaulNM
 
Default Giving a user root priveleges?

Preston Boyington wrote:

I think there is some confusion.

I don't know of any reason to use both 'su' and 'sudo' in a command.
either you would 'su' to root or you would 'sudo' to run a singular command.

'su' is to change into superuser (root) until you exit.
'sudo' is to temporarily be superuser until the command is completed.

To use 'sudo' to run a command just type 'sudo <command>' and as long as
you have the user in the 'sudo' group ('adduser user sudo' as root) that
user will be able to run said command when they log back in.


Sudo only needs the user password, not root's, along with an entry in
sudoers. Su needs the password of the user you're su'ing to.
Some systems don't have a root password, or don't want everyone with
root capabilities to know root's password (It may be used on other
machines due to policy, for example.).


Ubuntu is infamous for this kind of setup.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-17-2009, 09:35 PM
"Boyd Stephen Smith Jr."
 
Default Giving a user root priveleges?

On Tuesday 17 November 2009 16:06:50 PaulNM wrote:
> Preston Boyington wrote:
> > I don't know of any reason to use both 'su' and 'sudo' in a command.
> > either you would 'su' to root or you would 'sudo' to run a singular
> > command.
> >
> > 'su' is to change into superuser (root) until you exit.
> > 'sudo' is to temporarily be superuser until the command is completed.

(sudo -s) OR (sudo -i) can be used to get a shell as root using sudo.
(su -c "$command") can be used to run a single command using su.

I've seen the use-sudo-to-run-su pattern fed to some users for a way to use su
even when the root account is locked/disabled.

> > To use 'sudo' to run a command just type 'sudo <command>' and as long as
> > you have the user in the 'sudo' group ('adduser user sudo' as root) that
> > user will be able to run said command when they log back in.
>
> Sudo only needs the user password, not root's, along with an entry in
> sudoers.

sudo can use the password of the user running sudo, or the password of the
user the command is being run as, depending on the contents of /etc/sudoers
(and the command being run and host it is being run on etc.).

sudo gives the administrator more fined-grained control and flexibility than
shared passwords (commonly used with su). Properly configured it is more
secure than su. Caveat emptor: improperly configured it can eliminate all
semblance of security.

> Ubuntu is infamous for this kind of setup.

Well before Ubuntu was doing it as part of installation, I used a very similar
setup on my Gentoo system. Having switched to Debian (plus openSUSE for my
proprietary work VPN), I continue to use sudo and have my root account
locked/disabled; I doubt su even works on the 3 of the 4 systems I
administrate.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
 
Old 11-17-2009, 09:47 PM
Tom H
 
Default Giving a user root priveleges?

> I edited /etc/sudoers file and added:
> user * *ALL=(ALL) ALL
>
> But when I try to sudo as that user to root I get error:
> $ sudo su root
> [sudo] password for zu22:
> Sorry, try again.
> [sudo] password for zu22:
> sudo: pam_authenticate: Conversation error
> How can I fix this?

This message usually means that you are entering the wrong password.
Even though you are su'ing, the password that is requested is that of
zu22. You will not have to enter root's password.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 09:39 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org