Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Giving a user root priveleges?

366 views
Skip to first unread message

Zachary Uram

unread,
Nov 17, 2009, 2:30:03 PM11/17/09
to
I edited /etc/sudoers file and added:

user ALL=(ALL) ALL

But when I try to sudo as that user to root I get error:

$ sudo su root

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for zu22:
Sorry, try again.
[sudo] password for zu22:
sudo: pam_authenticate: Conversation error

How can I fix this?

Zach


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Todd A. Jacobs

unread,
Nov 17, 2009, 4:10:02 PM11/17/09
to
On Tue, Nov 17, 2009 at 02:03:26PM -0500, Zachary Uram wrote:

> [sudo] password for zu22: Sorry, try again. [sudo] password for zu22:
> sudo: pam_authenticate: Conversation error

Looks like a PAM problem. If you've previously installed debsums, I'd
suggest the following:

debsums libpam-modules sudo

This should pinpoint any damaged/corrupted files related to this issue.
You can, of course, bypass the PAM authentication with:

user ALL=(ALL) NOPASSWD:ALL

but that would still leave you with a bad pam library or binary
somewhere. If all else fails, I'd forcibly reinstall all your pam
and sudo packages.

--
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"

Preston Boyington

unread,
Nov 17, 2009, 4:20:02 PM11/17/09
to
Zachary Uram wrote:
<snipped>

> But when I try to sudo as that user to root I get error:
>
> $ sudo su root

I think there is some confusion.

I don't know of any reason to use both 'su' and 'sudo' in a command.
either you would 'su' to root or you would 'sudo' to run a singular command.

'su' is to change into superuser (root) until you exit.
'sudo' is to temporarily be superuser until the command is completed.

To use 'sudo' to run a command just type 'sudo <command>' and as long as
you have the user in the 'sudo' group ('adduser user sudo' as root) that
user will be able to run said command when they log back in.


>
> We trust you have received the usual lecture from the local System
> Administrator. It usually boils down to these three things:
>
> #1) Respect the privacy of others.
> #2) Think before you type.
> #3) With great power comes great responsibility.
>

you will get this unless you add NOPASSWD:ALL to your sudo group.

you did uncomment the '%sudo' in the sudoers file, correct?

--

Arrant Drivel - really, it's just trash...
http://www.arrantdrivel.com/

Where the road takes me - a highwayman's perspective
http://www.prestonboyington.com/

PaulNM

unread,
Nov 17, 2009, 5:10:02 PM11/17/09
to
Preston Boyington wrote:
> I think there is some confusion.
>
> I don't know of any reason to use both 'su' and 'sudo' in a command.
> either you would 'su' to root or you would 'sudo' to run a singular command.
>
> 'su' is to change into superuser (root) until you exit.
> 'sudo' is to temporarily be superuser until the command is completed.
>
> To use 'sudo' to run a command just type 'sudo <command>' and as long as
> you have the user in the 'sudo' group ('adduser user sudo' as root) that
> user will be able to run said command when they log back in.
>
>
Sudo only needs the user password, not root's, along with an entry in
sudoers. Su needs the password of the user you're su'ing to.
Some systems don't have a root password, or don't want everyone with
root capabilities to know root's password (It may be used on other
machines due to policy, for example.).

Ubuntu is infamous for this kind of setup.

John L Fjellstad

unread,
Nov 17, 2009, 5:10:02 PM11/17/09
to
Zachary Uram <net...@gmail.com> writes:

> I edited /etc/sudoers file and added:
>
> user ALL=(ALL) ALL
>
> But when I try to sudo as that user to root I get error:
>
> $ sudo su root
>
> We trust you have received the usual lecture from the local System
> Administrator. It usually boils down to these three things:
>
> #1) Respect the privacy of others.
> #2) Think before you type.
> #3) With great power comes great responsibility.
>
> [sudo] password for zu22:
> Sorry, try again.
> [sudo] password for zu22:
> sudo: pam_authenticate: Conversation error
>
> How can I fix this?

You are putting in zu22 password, right?
As the user, you can run sudo -l to see what kind of right it has. You
must still put in the correct password, though

--
John L. Fjellstad
web: http://www.fjellstad.org/ Quis custodiet ipsos custodes

Boyd Stephen Smith Jr.

unread,
Nov 17, 2009, 5:40:02 PM11/17/09
to
On Tuesday 17 November 2009 16:06:50 PaulNM wrote:

> Preston Boyington wrote:
> > I don't know of any reason to use both 'su' and 'sudo' in a command.
> > either you would 'su' to root or you would 'sudo' to run a singular
> > command.
> >
> > 'su' is to change into superuser (root) until you exit.
> > 'sudo' is to temporarily be superuser until the command is completed.

(sudo -s) OR (sudo -i) can be used to get a shell as root using sudo.
(su -c "$command") can be used to run a single command using su.

I've seen the use-sudo-to-run-su pattern fed to some users for a way to use su
even when the root account is locked/disabled.

> > To use 'sudo' to run a command just type 'sudo <command>' and as long as
> > you have the user in the 'sudo' group ('adduser user sudo' as root) that
> > user will be able to run said command when they log back in.
>
> Sudo only needs the user password, not root's, along with an entry in
> sudoers.

sudo can use the password of the user running sudo, or the password of the
user the command is being run as, depending on the contents of /etc/sudoers
(and the command being run and host it is being run on etc.).

sudo gives the administrator more fined-grained control and flexibility than
shared passwords (commonly used with su). Properly configured it is more
secure than su. Caveat emptor: improperly configured it can eliminate all
semblance of security.

> Ubuntu is infamous for this kind of setup.

Well before Ubuntu was doing it as part of installation, I used a very similar
setup on my Gentoo system. Having switched to Debian (plus openSUSE for my
proprietary work VPN), I continue to use sudo and have my root account
locked/disabled; I doubt su even works on the 3 of the 4 systems I
administrate.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/

signature.asc

Tom H

unread,
Nov 17, 2009, 5:50:01 PM11/17/09
to
> I edited /etc/sudoers file and added:
> user    ALL=(ALL) ALL
>
> But when I try to sudo as that user to root I get error:
> $ sudo su root
> [sudo] password for zu22:
> Sorry, try again.
> [sudo] password for zu22:
> sudo: pam_authenticate: Conversation error
> How can I fix this?

This message usually means that you are entering the wrong password.
Even though you are su'ing, the password that is requested is that of
zu22. You will not have to enter root's password.

0 new messages