Sudo password

kapilbajpai88 · 11-05-2009, 05:35 AM

Hi All,

I have recently installed RHEL-5 on my working comp at office. After the successful installation, I created few local users as well.
Now when I ma trying few applications from my local user, say oracle, I am getting permission related problems, and those are obvious. When I am doing "sudo" in such scenarios, it is asking for a sudo password.

As far as I remember, I didn't set any password during installation, apart from ROOT. Could anybody suggest me what would be the SUDO password, if it is something default set by the OS itself ? Otherwise, how can I set it properly, so that I can provide that whenever it ask me to put that ?

Thank you all in advance,
Kapil.

Wim Sturkenboom · 11-05-2009, 05:48 AM

The sudo password is the password of the current user.

I'm not familiar with RHEL, so I'm not sure if it by default sets up sudoers. You can simply test it by running sudo yourcommand as a normal user as shown below (from my slackware box)

Code:

wim@btd-techweb01:~$ sudo fdisk -l
Password: wim's normal password
wim is not in the sudoers file.  This incident will be reported.
wim@btd-techweb01:~$

If you want to use sudo, you need to use visudo as root to create/edit the sudoers file.

kapilbajpai88 · 11-05-2009, 06:37 AM

Hi Wim,

Thank you for the reply.
I tried local user's current password, then root's password, and later no password as well, but all of them failed. I got the same error message , like what u got there.

Even I am not sure about this as didn't think of this till now. Maybe we might some information on this soon.

Regards,
Kapil.

zhjim · 11-05-2009, 07:05 AM

Try the su command. It changes the user but need the password of the user itself (unless your root). So su to root and then visudo.

Cheers Zhjim

kapilbajpai88 · 11-05-2009, 07:35 AM

Hi Zhjim,

Still it is not clear that if I didn't set the sudo password, then which password to use.

I tried this /etc/sudoers file, but what parameter to edit to get the local users working. Infact what I get from that file is that we can make local users to access some root level commands through sudoers file.

Please correct me , if I got that wrong.

Regards,
kapil

r3sistance · 11-05-2009, 07:57 AM

Hi Kapil,

Sudo is a method to raise permissions to root level, however any account with such access must be declared in the /etc/sudoers file.

The most common sudo declaration is

root ALL=(ALL) ALL

This means that the root account itself is able to sudo anything (relatively pointless in some respects but doesn't effect anything security wise). If you copy and paste the line and change it as follows

user1 ALL=(ALL) ALL

This grants user1 full sudo access to the system, so that the user can do "sudo yum install mysqld" for example and will be prompted to enter the sudo password, this is a fairly insecure method of setting up sudo and should only be done to very trusted users, generally only system administrators. Sudo can be set-up to work only with certain commands or groups of commands and be also be set-up to not prompt for passwords, however if something is worth sudoing I generally believe it's worth ensure proper checks are performed.

A quick example of why the previous is dangerous are commands such as "sudo passwd root" or "sudo su -" allows users to either reset the entire root password or actually raise themselves to the root user itself.

I have found this site for a fairly basic method of how to configure /etc/sudoers.

zhjim · 11-05-2009, 05:18 PM

I like the tutorial on the link you provieded r3sitence. Just one thing I like to stress on. There are two kind of passwords setup one can use within /etc/sudo. Either use the root password or the user password that is calling sudo. I just skimmed the tut and did not really saw a section that made that clear.

@kapilbajpai88
If you did not set a password for using sudo there is none. To make it clear: You first need to setup sudo to have it recognise any kind of password (better put to even function).
So check on the tutorial r3sistance linked to to have some idea how sudo is about to work. Just have in mind to be root to use visudo like the tutorial says.

remarks to the tut:
Why interrupt the installation with >CTRL+Z>? As far as I've learned the <CTRL+Z> puts the running program into the background... Would'nt <CTRL+C> be the right option to interrupt the process?

Later Zhjim

chrism01 · 11-06-2009, 01:32 AM

Classically, there are 3 ways to get root access:

1. login as root at the cli and use root passwd
2. login as a std user, then

su -

( the '-' gives you root's env) and enter root passwd
3. login as std user, then

sudo <somecmd>

and enter user's normal passwd (no such thing as a 'sudo passwd').
Requires that you first enable sudo access via the 'visudo' cmd as the root user

HTH

MrCode · 11-06-2009, 03:03 AM

Quote:

Code:

This incident will be reported.

Sorry to be OT but this just bugs me. Some poor soul (who's NOT in an office/work-type environment where they genuinely COULD get in trouble) is gonna see that and take it way too seriously. It's like the Linux equivalent of the old Win 95/98 "Illegal Operation" error. Same with the "We trust you have had the lecture from your local system administrator" thing or whatever it says.

imagine_me2 · 11-06-2009, 04:15 AM

You will need to set the valid sudoers. For that purpose use as root,

#visudo,

using this you can safely edit /etc/sudoers file.

Now look for

"## Allows people in group wheel to run all commands"

below that add a line

"%user ALL=(ALL) ALL"

without quotes, replace user with the desired user name
save and exit.

Now login as user and use

$sudo [command] etc

Your sudo password is your login password.
There are many other settings that can be used to achieve desired control. Read through the /etc/sudoers file for details