Can't sudo in unman's qubes.3isec.org Ubuntu-14.04 template

[list...@gmail.com]

Hi, I installed a Ubuntu-14.04 minimal template from qubes.3isec.org using

$ sudo dnf install qubes-template-stretch-minimal-4.0.1-201812230252.noarch.rpm

and that works 'fabelhaft' (German for 'fabulously' :), but inside the running template I'm asked for a password when I try to sudo my way into apt-get update.

Does anyone know the password for 'user'?

Thanks.

[Steve Coleman]

If you can not sudo, you can always try running your command from Dom0
as user root:

$ qvm-run -a --user root <YourTemplateNameHere> "apt-get update"

[unman]

This doesnt look right: I havent used a trusty for a while, and dont
support it as its no longer LTS.
If it's the minimal template, have you installed the
qubes-core-agent-passwordless-root package? I could build it for you if
you have problems building yourself.

unman

[list...@gmail.com]

On Tuesday, 9 July 2019 12:31:23 UTC, steve.coleman wrote:

Thanks.
I not only want to update, I also want to run all other kinds of commands as sudo. Do you think I can run any command like this inside the qube from within dom0?

[list...@gmail.com]

Thanks for replying, and me thinking that 14.04 was 'stretch'. :)

Whatever command I try to do as sudo, it responds the same:

user@stretch-minimal:~$ sudo nano
We trust blahblah
[sudo] password for user:

Entering the 'empty password' then gives:
"Sorry, try again."

Against better knowledge I also tried in dom0

[user@dom0 Desktop]$ sudo dnf install qubes-core-agent-passwordless-root
but that gave a "no package qubes-core-agent-passwordless-root available.

If the software package I was planning to run in the VM didn't specifically ask for 14.04 I'd have chosen a newer Ubuntu version of course.

It seems coleman's suggestion works as after entering his command inside my stretch-minimal VM ps aux indicates a running qrexec-agent and 'apt-get update'.

When that's finished I'll try to run another command from within dom0 that would give me root access.
Such as creating a password for user 'user' and entry into wheel.
Does that sound correct?

[Steve Coleman]

You can also run any other command as root, like "passwd user" to set
the password to a know value, or "gedit /etc/sudoers" and modify who can
sudo, add yourself to the wheel group, etc... I can't say why your
particular appvm prevents you from sudoing without testing the vm
myself, but whatever the problem is, you now have a way to get a root
shell to fix it.

hope this helps

[list...@gmail.com]

On Wednesday, 10 July 2019 17:13:42 UTC, steve.coleman wrote:

It did, thanks for your help.
The funny thing is,

[user@dom0 ~]$ qvm-run -p --user root stretch-minimal "usermod -a -G sudo user"

didn't work, even after

[user@dom0 ~]$ qvm-run -p --user root stretch-minimal "service sudo restart"

although 'user' was added to the sudo group as could be seen from

user@stretch-minimal:~$ cat /etc/group | grep sudo
sudo:x:27:user

so I had to edit the sudoers file directly, then restarted the sudo service:

[user@dom0 ~]$ qvm-run -p --user root stretch-minimal "service sudo restart"

and that worked, so I wrote a little script to more or less automate and explain the process: https://pastebin.com/UcJa0DvC

[Steve Coleman]

For what it is worth, you might just find it easier to start a root
terminal (e.g. gnome-terminal, xterm, etc) so that you can run all those
commands as root interactively at a command line. Chances are your
"stretch-minimal" may not have many choices of terminals, but then you
can always just add one to make your life a little easier. I don't know
stretch, but I would guess that the 'xterm' application is likely
already installed.

$ qvm-run -a --user root stretch-minimal xterm

'gnome-terminal' is execelent if that is already installed.

[list...@gmail.com]

Yes, there is an XTerm available in stretch-minimal.
Good suggestion to run that as root from dom0, thanks, but I'm already in de sudo group now. ;-)