sudo insults

How do you setup the sudo command so that it will insult the user if they enter the wrong password? I know it sounds kind of random, but I found that it was an option while looking up something else. I tried adding “Defaults insults” using visudo, and commenting out “Defaults targetpw” and “ALL ALL=(ALL) ALL”, and adding my username as “blank888 ALL=(ALL) ALL” but I still can’t get it to work right. Anyone have any ideas?

On Mon, 13 Jun 2011 17:36:02 +0000, blank888 wrote:

> How do you setup the sudo command so that it will insult the user if
> they enter the wrong password? I know it sounds kind of random, but I
> found that it was an option while looking up something else. I tried
> adding “Defaults insults” using visudo, and commenting out “Defaults
> targetpw” and “ALL ALL=(ALL) ALL”, and adding my username as “blank888
> ALL=(ALL) ALL” but I still can’t get it to work right. Anyone have any
> ideas?

Have a look at the man page for sudoers - that explains the setting and
how to use it (and also seems to indicate that it’s on by default)

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

Yea, I see that but for some reason I still get the message about pam authentication failure, instead of an insult.

On Mon, 13 Jun 2011 18:36:07 +0000, blank888 wrote:

> Yea, I see that but for some reason I still get the message about pam
> authentication failure, instead of an insult.

What’s the specific error you get?

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Add the line: Defaults insults to the sudoers file, seems that the
visudo manpage are wrong


VampirD

Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk32XBsACgkQJQ+0ABWtaVm6bQCePBm3CfMWAytnQjT5IOdQg/F8
JjwAoLubMNQYIsjXX8yTI3HulQzOCNM5
=dUqJ
-----END PGP SIGNATURE-----

I get
sudo: pam_authenticate: User not known to the underlying authentication module

I’m running LDAP client on this machine, but the local accounts still work. Is LDAP messing it up somehow?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Add the line: Defaults insults to the sudoers file, seems that the
visudo manpage are wrong


VampirD

Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - Enigmail: A simple interface for OpenPGP email security

iEYEARECAAYFAk32XBsACgkQJQ+0ABWtaVm6bQCePBm3CfMWAytnQjT5IOdQg/F8
JjwAoLubMNQYIsjXX8yTI3HulQzOCNM5
=dUqJ
-----END PGP SIGNATURE-----
It appears that VampirD is correct. If you enter the command:

sudo -L

The output seems to indicate insults is enabled, but it is not. If I then run the command:

sudo visudo

To edit the sudoers and add the line (use Insert Key) that says:

Defaults insults

Then do :W and a :Q, the Insults are ready to fly. Give it a try…

Thank You,

I’ve already added the line “Defaults insults” using visudo and it still isn’t working.

So, the insults did not work at first for me. Then I made the following change, careful to use sudo visudo as recommended:

# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
Defaults always_set_home
Defaults env_reset
Defaults insults
# Change env_reset to !env_reset in previous line to keep all environment variables

Here are the insults that I have got.

james@linux-6m6e:~> sudo dir
root's password:
You do that again and see what happens...
root's password:
You gotta go owwwww!
root's password:

So, not sure what is wrong in your case…

Thank You,

I just figured it out. I have those same defaults but it still didn’t work. I had to disable the LDAP client and then it started working.