I accidentally installed this system with root password login and I would rather use sudo.
Google suggested that the correct method was to disable the root account and set privileged users as Wheels. When I tried to follow the method described in the documentation; i.e.;
EDITOR=kate kdesu visudo
I responded to the login box and no editor appeared. Something is clearly missing from my setup. Any ideas what is wrong?
Thank you in advance for your help.
Ya, the environment variable is not going to do anything with a GUI app.
First off, are you sure you’re not already set up correctly for sudo?
When I do a sudo, I have to put in the root password, not my own.
That is how it is intended, if I understand you well. Do you want to use sudo with your own password instead ?
You can create a file in /etc/sudoers.d to overrule that behaviour. My file is called knurpht the content is
knurpht ALL=(ALL:ALL) ALL
replace knurpht with your username and it should work ( maybe logout/login or even reboot needed )
Depending on how you did the installation of Tumbleweed, not setting a root password isn’t an option with the legacy YaST-based installer; if you used the new Agama installer, that does provide an option to skip setting a root password.
Tumbleweed defaults to using the targetpw setting, which uses the target user’s password rather than the current user’s password. This is set in the sudoers file. Note that if you remove targetpw from the defaults, you also need to disable the line:
ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
Otherwise any user on the system can run commands as root using their own password.
You can disable the root password by setting the root user login shell to /sbin/nologin.
You can also just remove root’s password using passwd -d root (as root), but if the system is configured to allow null passwords (done using the pam-config command), that would leave the root account accessible. IMO, changing the shell to /sbin/nologin is more reliable (of course, if someone has access to the system to change pam-config as well, then all bets are off either way).
Then knurpht’s suggestion for adding a file to /etc/sudoers.d will let you use your own user password to run commands using sudo, and root will be disabled.
You can add your user to the Wheel group:
usermod -aG wheel <your-username>
And then use visudo
Yes, I would like to use sudo with my own password and have it act with root privileges.
I tried creating a file, jcwheel in /etc/sudoers.d and it fails.
ocalhost:/usr/sbin # cd /etc/sudoers.d
localhost:/etc/sudoers.d # ls
jcwheel
localhost:/etc/sudoers.d # cat jcwheel
jc ALL=(ALL:ALL) ALL
localhost:/etc/sudoers.d #
It doesn’t work.
I finally got it to work by disabling targetpw and root privileges with visudo. I then added an entry in /etc/sudoers.d as described by kmurpht.
Thank you all for your help!
It does not change which password is requested.
This will effectively make it impossible to enter single user (or emergency) mode at the very least as well as breaking anything that attempts to run commands via user login shell (su which is so vehemently recommended over sudo on this forum).
Which is why there is such thing as locking user (passwd --lock)
An easy way to do what you want is to install one of these two packages:
S | Name | Summary | Type
---+-----------------------------+----------------------------------------------------+--------
| sudo-policy-sudo-auth-self | Users in the sudo group can authenticate as admin | package
| sudo-policy-wheel-auth-self | Users in the wheel group can authenticate as admin | package
Then you will not have to do any manual changes.
As far as I know these packages will take care of both sudo and polkit.
Your user should obviously be a member of the sudo or wheel group, depending on which package you install.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.