[SOLVED] why do some distros not automatically add a new user to sudoers?
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
why do some distros not automatically add a new user to sudoers?
For the last seven-and-a-half years, I have used a Debian-based distro that bothers to automatically add my user account to sudoers on installation; so I have never had to mess with the sudoers file. (Well, it obviously must have added me to sudoers, because I can sudo.) I couldn't easily edit sudoers anyway, because I don't know how to use vi (you know--you're supposed to enter visudo, per that error message that warns you you're not in sudoers; and the actual sudoers file advises against editing it directly).
I'm trying out another Debian-based distro, and have found that the installation did not add me to sudoers and I have to do it myself, or it won't let me sudo. That is a problem because I don't know how to edit sudoers or use vi. I have dealt with this before in the past on certain distros, and I never figured out why they would do it--not automatically put a new user in sudoers. Linux expects a user to sudo, but the user can't sudo if he's not in sudoers. I'm befuddled.
Ehh...well, for the moment I guess I'll solve this by copying over the sudoers file from my other installed distro. I don't have a better idea in the short term.
Well, I did just learn usermod. but my question wasn't how to edit sudoers, it was why I have to add myself to sudoers in the first place.
Last edited by newbiesforever; 07-23-2022 at 11:18 AM.
For the last seven-and-a-half years, I have used a Debian-based distro that bothers to automatically add my user account to sudoers on installation; so I have never had to mess with the sudoers file. (Well, it obviously must have added me to sudoers, because I can sudo.) I couldn't easily edit sudoers anyway, because I don't know how to use vi (you know--you're supposed to enter visudo, per that error message that warns you you're not in sudoers; and the actual sudoers file advises against editing it directly).
I'm trying out another Debian-based distro, and have found that the installation did not add me to sudoers and I have to do it myself, or it won't let me sudo. That is a problem because I don't know how to edit sudoers or use vi. I have dealt with this before in the past on certain distros, and I never figured out why they would do it--not automatically put a new user in sudoers. Linux expects a user to sudo, but the user can't sudo if he's not in sudoers. I'm befuddled.
Ehh...well, for the moment I guess I'll solve this by copying over the sudoers file from my other installed distro. I don't have a better idea in the short term.
1. I presume you set a root password, and can su to root. You can run visudo as root.
2. There should only be ONE user automatically added to the sudo group (sudoers, wheel, staff, it varies between distributions). Additional users SHOULD be more restricted until you decide you trust them with the trigger for your reload-the-computer bomb.
3. Set your EDITOR or SUDO_EDITOR environment variables to point to the editor of your choice and sudo will load that instead of vi.
It is made by design. Some "distro" think it is a good idea, other think it is not that good. Ask the maintainers about their opinions.
From the other hand you can set the variable EDITOR to your favorite text editor (like nano) and visudo will use that - instead of vi.
1. I presume you set a root password, and can su to root. You can run visudo as root.
2. There should only be ONE user automatically added to the sudo group (sudoers, wheel, staff, it varies between distributions). Additional users SHOULD be more restricted until you decide you trust them with the trigger for your reload-the-computer bomb.
3. Set your EDITOR or SUDO_EDITOR environment variables to point to the editor of your choice and sudo will load that instead of vi.
Staff? Sudoers? I also wonder why installers don't bother to find out whether the system is expected to be single-user and offer appropriate options. Because on my installations, there always is only one user: me. I am both the user and the administrator, and I'm not going to have these additional users.
The distro I had been using, MX, is the only one I have personally used whose designers appear to have considered this--that their distro might be installed as a single-user system. Which explains why I'm not used to dealing with this issue.
Distribution: Mainly Devuan, antiX, & Void, with Tiny Core, Fatdog, & BSD thrown in.
Posts: 5,509
Rep:
Most general distros allow you to be a sudo user when you install them - some even let you run as root, dangerous online.
Originally, the only person to have power over an installation was root, everyone else was just a user - it's not such a bad thing, as it makes you more aware that what you are doing could have consequences.
Staff? Sudoers? I also wonder why installers don't bother to find out whether the system is expected to be single-user and offer appropriate options. Because on my installations, there always is only one user: me. I am both the user and the administrator, and I'm not going to have these additional users.
The distro I had been using, MX, is the only one I have personally used whose designers appear to have considered this--that their distro might be installed as a single-user system. Which explains why I'm not used to dealing with this issue.
Okay. You did not make that clear at the start, and it would be silly for the distro maintainers to ASSUME that was the case as a default.
As for why there would be differences: A small reason is that different installer software programs do things differently. Even the curses or text version may do it differently than the GUI install. But that is a small thing.
The BIGGER reason is because different distro maintainers have a different focus on security and safety of their distribution. Some who come from a hard core sysadmin or security background are more likely to err on the conservative side rather than build a system vulnerable to disasters they know how to avoid. Some developers who have had systems compromised due to insufficient security in default settings will also then avoid creating a problem. The assumption is that if you are advanced enough to need higher access, and you own the system, you should know how to GET that access, and if you do not they will at least not load the gun you are using to shoot at your foot!
And, seriously, if you know what you are doing this is the 90 second inconvenience that you need fix only one time per install. How important is that to the maintainer?
Average user has no need to access administrative functions and, indeed, should not be allowed to. For example, I have friend who runs a medium-sized thin-client network in the enterprise. If all the persons who had access to the system, from secretaries to executives to maintenance workers, were automatically granted administrative rights, the system would go to Hades in a handbasket in a half-second.
The distros that automatically add (usually) the installing user to sudoers seem to think that users are --er--incapable of remembering both a root and a user password. Their excuse, I reckon, is "simplicity." But I have found that simplicity and security are often independent variables.
Remember that sudo (substitute user do) was not created to be a proxy for root, though, thanks to Ubuntu's creepy sudo fetish, it seems to have become on in the eyes of many. Rather, it was created to give users who needed it in the course of their duties access to specific and limited administrative functions, such as, for example, webmasters who might need to restart a website from time to time, but who have no business installing updates. Indeed, having separate root and user levels is one of the features that has historically made *nix OSes more secure than certain other operating system.
Not that I have strong feelings on this matter or anything like that.
Last edited by frankbell; 07-23-2022 at 08:24 PM.
Reason: Clarity
The distros that automatically add (usually) the installing user to sudoers seem to think that users are --er--incapable of remembering both a root and a user password. Their excuse, I reckon, is "simplicity." But I have found that simplicity and security are often independent variables.
i think that they (the makers of some distros) think that an inexperienced user should use sudo instead of logging in as root. actually, i'd agree with them. there is too much danger for the inexperienced at a root shell prompt. @frankbell: you and i could handle working at a root prompt. most users could, back in the day when Linux (and BSD) first came out for those PeeCee machines. today, must users cannot safely be at a root prompt.
they should learn how their shell lets them edit a command. then they should learn to be even safer by typing in their command without "sudo " and add that in last after they made it past a fat-finger command error.
and they should learn a text file editor of their choice.
before i retired, i actually hired sysadmins for a few jobs. during the interview, i put them at a root shell on a machine (a real dedicated one, laptops would be the thing these days) i was also on in a window on my desktop. i carried out a command on it that caused most user things to break or stop working. i told the candidate that i just played like i was a dumb user on root and broke the system. "i'm timing you ... fix it". i didn't tell them what i broke as discovering why things did not work was the real test. this breakage was easy to do in a finger slip. i merely made / non-executable (i actually did such a slip myself a couple decades ago). i only hired those who figured it out (most did).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.