UbuntuThis forum is for the discussion of Ubuntu Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Straight outta the box, and already I have a problem.
So far, there is only one thing I cannot do and it prevents me from doing many things. Sudo won't accept my root password. I noticed it first when I tried to view online updates. I receive this error:
Failed to run /usr/bin/update-manager as user root:
Wrong password.
I made sure the password was correct by opening a terminal and
$ su
Password:
#
Yes... it is the right password. But sudo doesn't think it is. Any suggestions?
EDIT: So I did a little searching around the forum and found out that the password I'm supposed to type in is my user password. I did that, but now the app won't run. I'm guessing it accepts my password, because it doesn't return an error message, but the update window doesn't show up.
does it run as root? it may be a matter of opinion, but imho i dont think there's really any advantage to using sudo on a single-user box. if anything, it probably only reduces your security. if i were you i would forget about sudo and just use the root account for administration.
Everything runs fine as root. I don't know many app names so I was using the shortcuts on the panel. All of the shortcuts use gksudo (which I'm assuming is the gui sudo?). All I have to do though is make a shortcut on the desktop and check its properties to find out what app it is running.
Originally posted by slackhack does it run as root? it may be a matter of opinion, but imho i dont think there's really any advantage to using sudo on a single-user box. if anything, it probably only reduces your security. if i were you i would forget about sudo and just use the root account for administration.
Because any malicious hacker would know that your username is slackhack, but they would never guess to think there'd be a user called root...
Originally posted by aysiu Because any malicious hacker would know that your username is slackhack, but they would never guess to think there'd be a user called root...
are you being sarcastic?
how does having sudo protect against a hacker knowing you have a root account?
Every cracker trying to brute-force their way into your box will know it has an account named root and will try that first. What they don't know is what the usernames of your other users are.
and? if a hacker is able to get into your box as root using a brute force attack, they are going to be able to do that whether you have sudo or not, aren't they? unless some functionality was added to sudo that i don't know about, it doesn't protect you from a brute force attack against root, does it?
The root account is not enabled in Ubuntu by default.
There is no root account.
You cannot log in as root.
If you know the sudo password and try to log in with the username root and the sudo password, you will not be able to do so.
So someone trying to "brute force" in would have to know two things--your username and your password (and not only your username, but on a multi-user computer, which one has access to sudo privileges).
In a typical root model (every other Linux distribution), there is always a user named root who can log in. Everyone knows this user exists and that root can do anything on the computer--thus only the root password is in need of figuring out.
Originally posted by aysiu The root account is not enabled in Ubuntu by default.
There is no root account.
You cannot log in as root.
If you know the sudo password and try to log in with the username root and the sudo password, you will not be able to do so.
So someone trying to "brute force" in would have to know two things--your username and your password (and not only your username, but on a multi-user computer, which one has access to sudo privileges).
In a typical root model (every other Linux distribution), there is always a user named root who can log in. Everyone knows this user exists and that root can do anything on the computer--thus only the root password is in need of figuring out.
i see, thanks for explaining that. i thought once the root password was cracked, that was it whether you have sudo or not.
a lot of services often don't allow root login (ssh, ftp, etc., or can be configured that way), so it also seemed to me that it might be easier to try cracking a box using random common user names, which i have heard people try to do. or you also see a lot of screenshots with usernames, or even someone just walking past your PC might see the username, etc. in that case, by using sudo you have added X amount of accounts with root privileges, depending on how many users are on the computer who have sudo. so theoretically that is more opportunities for root privileges to get cracked, if you see what i'm saying.
i still am not sold on the idea that username + password with sudo is automatically more secure, but i can see how it might be more of a challenge if you don't have the username. it seems kind of like "security through obscurity" though, if you think about it. i guess at the fundamental level, all security is through obscurity in that sense.
Well, every security model has pros and cons.
The http://wiki.ubuntu.com/RootSudo entry on sudo is pretty evenhanded about those pros and cons. It doesn't make it sound as if a root model is death to security, and it doesn't put sudo on a pedestal.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.