[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#420810: Bug: Installation-reports: initial user not automatically placed in sudoers

On Tue, Apr 24, 2007 at 01:58:35PM -0700, David Warman wrote:
> >>Performed a mostly default install of the current stable as of
> >>yesterday on a PIII with a single HD, which I specified should all be
> >>used and should be reformatted. I then discovered that my login user
> >>could not use 'sudo'.

> >Known and expected; sudo access is only enabled for the initial  
> >user account if a root password is not set.
> root password was set during installer dialogs. I had imbibed the  
> idea that all root operations should be performed by the main user(s)  
> using sudo rather than logging in as root, and that all users  
> including root have passwords, as the safer way of working, therefore  
> expected to be a sudoer unconditionally.

Ah.  The current wisdom is that if you're going to use sudo for everything,
it's more secure to not allow direct root logins at all; so the installer
uses whether or not a root password is set to toggle enabling of sudo.

> >>Also could not login as root to fix the problem on the main login  
> >>screen.

> >By "main login screen", are you referring to the graphical login  
> >manager
> >(gdm)?
> yes

Ok; so that's a deliberate decision (on the part of the gdm maintainer or
the GNOME maintainers, I don't remember which part enforces this), rather
than a bug.

> >>Also, after executing 'su -' to become root, could not use any X- 
> >>windows
> >>apps,

> >With what error?  Why did you use 'su -' instead of just 'su'?
> the - is supposed to establish root's environment. maybe that has  
> lapsed lately. was true in AT&T in the 80's.

No, it's still true; the question is why you wanted to reset your env with
'-', and as you've noticed, that definitely does interfere with running X
apps from the resulting shell.

> But it does still work, and is why there was no DISPLAY environment  
> setting. The normal user's one was not propagated by using '-'.

Yep.

> >>so had to use nano to edit / etc/sudoers.

> >>Not something a naive user would be able to handle.

> >Why would a "naive user" type "su -" instead of just "su"?
> a naive user would not even know about su. So they probably should  
> not be using Linux then.

Heh, ok...

> seems to be a usage difference from way back (my expectations) and  
> current usage.

> remember Gilda?

No?

Anyway, keeping this bug report open for the moment -- the open question
seems to be whether the option to enable sudo support should be made more
overt in a default install.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/
Reply to: