How to authorize an user non root

B

BSDAppentic3

Guest


I'm trying to install a desktop environment in one account that isn't root. But I can't. It says that the user doesn't appear in the "sudoers" file. Give me a moment and I'll give you the specific output.
 

ILUXA

Aspiring Daemon

Reaction score: 573
Messages: 744

It is possible to use su to execute commands as root,
for example % su root -c 'pkg ins package'
then enter root password, or edit sudoers file and add your user, or give access to the wheel group:
execute % su root -c visudo, then uncomment
Code:
%wheel ALL=(ALL) ALL
Save changes and add your user to the wheel group:
execute % su root -c 'pw groupmod wheel -m [I]yourusername[/I]' and relogin.
Voila, now you're able to use sudo with your user :).
 
OP
S

Sensucht94

Guest


really, give security/doas a try; it's just better for desktop usage. Lightweight, clean, versatile, easy to use. If you still want sudo, do what ILUXA said, making sure your user has 'wheel' as primar login group (same command as for the video group, but replace the capital -G with a small -g)
 
OP
G

giahung1997

Guest


Issue the command as root:

ee /usr/etc/sudoers

it should be on this directory or simply /etc/sudoers I don't remember, I'm not on a BSD system now.

Find the line root ALL=(ALL) ALL and add in the newline these thing:

(your user name) ALL=(ALL) ALL then save, relogin to your account and issue sudo(8) you should see the famous message.

Don't use vi/vim since it's evil for new user. Comment out to allow the user of wheel group or sudo group to use sudo doesn't work. I don't know why.
 
Last edited by a moderator:

Trihexagonal

Son of Beastie

Reaction score: 2,055
Messages: 2,622

What is the advantage of using anything but su to issue commands as root?

I always make myself a member of the wheel and operator groups but have never used anything but su. I know I'm root and what I'm doing as root. When I'm done I log out to my user account.

I do know I was advised against it when talking about Solaris, but I don't see the advantage of security/sudo and have never even installed it.
 

bazooka07

New Member

Reaction score: 1
Messages: 3

Yes, use visudo and uncomment line about wheel group.
And add your user into the wheel group. Don't forget to logout / login
 

ILUXA

Aspiring Daemon

Reaction score: 573
Messages: 744

What is the advantage of using anything but su to issue commands as root?

Personally I use sudo mostly because I want to use single zsh shell history file,
if you'll use su, then you login as root and you should use tcsh with another history,
but I like zsh more and I want to see all my actions when I execute % history (fc -l 1 in zsh).
 

Trihexagonal

Son of Beastie

Reaction score: 2,055
Messages: 2,622

Some things need to be done as root though. Not just the issuing of commands but working with files.

If I become root in the terminal then I can mount a USB stick, open a file manager from it and work with files. I've always just worked in that environment as needed then logged out.
 

ILUXA

Aspiring Daemon

Reaction score: 573
Messages: 744

Better configure device permissions with devfs, configure autofs,
and you'll be able to work with files on your flash drive as a regular user,
furthermore, your usb stick will be automounted when you'll connect it.
It is good idea to avoid root usage when it is possible to do the same things, but,
as a regular user.
 

Wozzeck.Live

Member

Reaction score: 129
Messages: 78

You don't have to share root's password. With su(1) you have to enter root's password, with sudo(8) you enter your password.

Hum... personally I set sudo to ask for root password... and I never communicate the root password
I know this is the default behaviour of sudo, but I find a little strange and very useless to ask for a password the user in any case knows (his own password)... to grant him root's rights.

So per default, I set sudo to ask for root password, and I never communicate this password except for administrators. That's for saying I forbide any "administrative" actions to not authorized people.

If I want to authorize some specific actions for a class of users I prefer to set a special "no password" permission on an application basis in the sudoers file. We can also in some case plays with SUID

Sudo is very useful in corporation where there are a lot of users (so not included in the wheel group), to authorize specific actions.
In a graphic remote desktop context as VNC, an administrator can unlock remotely some action taking control of the user's desktop because he knows the password.

But for most individuals like us who are also the administrators/creators of the machine... yes sudo is not very useful because WE usually log with a wheel account.

But anyway, for the majority of us who install a real desktop, Sudo is generally a mandatory dependency.

Trihexagonal doesn't use a desktop at all
He uses a standalone windows manager as fluxbox... this is the reason why the sudo package is not required in his context.

But the situation of Trihexgonal is a special case, not a general case.
For most of us , a standalone windows manager IS ABSOLUTELY NOT A DESKTOP

A real desktop is an environement bringing a mininum of comfort and functionnalities as Gnome, KDE.... In such context, sudo is generally a required package.
 

Trihexagonal

Son of Beastie

Reaction score: 2,055
Messages: 2,622

I specifically don't want my USB sticks to automount in case I want to use dd. As a user, you can look at the files on a mounted USB stick, and use graphics/gimp to access an image, but not make file changes or transfers.

Hum... personally I set sudo to ask for root password... and I never communicate the root password
I know this is the default behaviour of sudo, but I find that a little strange and very useless to ask for a password the user in any case knows (his own password)... to grant him root's rights

That's what I think and gave those poor TrueOS people grief about. Having to enter your own user password to become root doesn't make any sense to me. I set it up and am the only one with physical access.


But the situation of Trihexgonal is a special case, not a general case.
For most of us , a standalone windows manager IS ABSOLUTELY NOT A DESKTOP

A real desktop is an environement bringing a mininum of comfort and functionnalities as Gnome, KDE.... In such context, sudo is generally a required package.

Oh, I wouldn't go that far. :p

I tried Gnome and XFCE on Solaris, and while I liked the looks of Gnome2, I like things just the way they are now on my boxen.

It's a configuration that maximizes my workspace and work style that I've refined over time and I always install the same limited number of programs. They are fully functional custom desktops with no added baggage.

Not some pre-rolled DE with programs somebody else thinks I need or want.
 
OP
G

giahung1997

Guest


Never edit this file directly, use visudo(8) to edit it.

(And it's the wrong file, it's /usr/local/etc/sudoers on FreeBSD)
Thanks for the correct path. Uhm, since I don't know how to use vi, even when reading its manpage while editing I still can't. I have no way other than using ee.
 
OP
S

Sensucht94

Guest


BTW, It respects it only if you logged in as root, but if you try to run % sudo visudo,
sudo will ignore it, to make visudo respect $EDITOR when using sudo, one should use -E flag with sudo,
so % sudo -E visudo should be used, then visudo will use your $EDITOR.

or set the $EDITOR variable either in /etc/csh.cshrc, or in /root/tcshrc if root's shell is default tcsh,
or in /etc/profile if root's shell has been set to a Bourne-compliant one, or even use doas with keepenv
 

ILUXA

Aspiring Daemon

Reaction score: 573
Messages: 744

or set the $EDITOR variable either in /etc/csh.cshrc, or in /root/tcshrc if root's shell is default tcsh,
or in /etc/profile if root's shell has been set to a Bourne-compliant one
It won't help with sudo, it'll work only when you'll use su,
while "keepenv" with doas should work ok, also it is possible
to add
Code:
Defaults	env_keep += "EDITOR"
to sudoers file.
 
OP
B

BSDAppentic3

Guest


First of all, thank you all for your responses. I appreciate it.
Second it's that, since I literally, ruined my previous installation, I haven't the same confidence with this OS. That's why, I'm now prefer to install VirtualBox (in my case) and run a VM of FBSD.
Just in case I destroy the system.
So I'll try to get the latest version of this, create a VM, and then run whatever you have provide to me.
Just in case something goes wrong. I'm really new to this and trust me that I don't want to install the whole OS just because something it's malfunctioning.
 

rigoletto@

Daemon
Developer

Reaction score: 1,236
Messages: 2,282

You almost never need to reinstall the system unless you do something really nasty with Kernel or Base, like recursively changing permissions or owner/groups of files in there.

For anything else done in /usr/local stuff (aka from packages and/or ports) you can always easily RESET the things if you need to go so far.

Just take care to backup any configuration file you want from /usr/local/etc first.

If the problem is related with configuration files from Base, mergemaster(8) can be used to reset them. :eek:;)
 
OP
B

BSDAppentic3

Guest


You almost never need to reinstall the system unless you do something really nasty with Kernel or Base, like recursively changing permissions or owner/groups of files in there.

For anything else done in /usr/local stuff (aka from packages and/or ports) you can always easily RESET the things if you need to go so far.

Just take care to backup any configuration file you want from /usr/local/etc first.

If the problem is related with configuration files from Base, mergemaster(8) can be used to reset them. :eek:;)

That could be a possibility.
 
OP
B

BSDAppentic3

Guest


lebarondemerde or who's gonna see this, I have a question, seeing all this of the SO.
What if I download: "manifest", "base-dbg", "base","doc","kernel-dbg","kernel","ports","src", and finally "tests". Then I "unify" (sorry, I don't even know if you can understand what I mean, if this is possible, or if it already exists) all these in a unique file, so doing that, I'm getting the whole system?
It's something that suddenly came to my mind.
That would not be a whole system?
 
Top