Bug#420810: Bug: Installation-reports: initial user not automatically placed in sudoers
On Tue, Apr 24, 2007 at 01:58:35PM -0700, David Warman wrote:
> >>Performed a mostly default install of the current stable as of
> >>yesterday on a PIII with a single HD, which I specified should all be
> >>used and should be reformatted. I then discovered that my login user
> >>could not use 'sudo'.
> >Known and expected; sudo access is only enabled for the initial
> >user account if a root password is not set.
> root password was set during installer dialogs. I had imbibed the
> idea that all root operations should be performed by the main user(s)
> using sudo rather than logging in as root, and that all users
> including root have passwords, as the safer way of working, therefore
> expected to be a sudoer unconditionally.
Ah. The current wisdom is that if you're going to use sudo for everything,
it's more secure to not allow direct root logins at all; so the installer
uses whether or not a root password is set to toggle enabling of sudo.
> >>Also could not login as root to fix the problem on the main login
> >>screen.
> >By "main login screen", are you referring to the graphical login
> >manager
> >(gdm)?
> yes
Ok; so that's a deliberate decision (on the part of the gdm maintainer or
the GNOME maintainers, I don't remember which part enforces this), rather
than a bug.
> >>Also, after executing 'su -' to become root, could not use any X-
> >>windows
> >>apps,
> >With what error? Why did you use 'su -' instead of just 'su'?
> the - is supposed to establish root's environment. maybe that has
> lapsed lately. was true in AT&T in the 80's.
No, it's still true; the question is why you wanted to reset your env with
'-', and as you've noticed, that definitely does interfere with running X
apps from the resulting shell.
> But it does still work, and is why there was no DISPLAY environment
> setting. The normal user's one was not propagated by using '-'.
Yep.
> >>so had to use nano to edit / etc/sudoers.
> >>Not something a naive user would be able to handle.
> >Why would a "naive user" type "su -" instead of just "su"?
> a naive user would not even know about su. So they probably should
> not be using Linux then.
Heh, ok...
> seems to be a usage difference from way back (my expectations) and
> current usage.
> remember Gilda?
No?
Anyway, keeping this bug report open for the moment -- the open question
seems to be whether the option to enable sudo support should be made more
overt in a default install.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: