[Solved] Sudo: use admin password instead of user password?

Similar Messages

• [SOLVED] How to get sudo and kdesu to honor my user password?

  Hi folks,
  Well, I must be missing something. I think I've tried everything listed here https://bbs.archlinux.org/viewtopic.php?id=143487 and in the referenced links, but I still have the problem of my system rejecting my password for some uses of sudo and kdesu but not others.  I've included my /etc/sudoers file below.
  My problem may be due to screwing around with users:  I started out using bruce (1000), then switched to bbraley (1001), then deleted bruce in kusers, then changed bbraley to 1000. When that created more problems without solving the original one, I switched back to 1001.  I've played with adding and removing my user from groups, including creating a sudo group, making sure I am a member of wheel group, etc. 
  What seemed to be everyone's magic fix,
  pacman -S pambase
  didn't work when I tried it successfully with my bbraley password, then later, when that began failing, using the root password. pambase reinstalls, but there is no resulting change in the behavior of sudo.
  Side question: Most of my experience is with kubuntu in which I never created a root user and never had any trouble having my user password work with sudo or kdesu. Is there a reason Archwiki beginners guide suggests assigning a separate root account and password?
  Can anyone help?
  Here's the output of
  groups
  root adm disk wheel log locate network video audio optical storage scanner power users nm-openconnect systemd-network bbraley sudo sddm
  Here's the output of
  cat /etc/group |grep `id -un`
  root:x:0:bbraley
  adm:x:4:root,daemon,bbraley
  disk:x:6:root,bbraley
  wheel:x:10:root,bbraley
  log:x:19:root,bbraley
  locate:x:21:bbraley
  network:x:90:bbraley
  video:x:91:bbraley
  audio:x:92:bbraley
  optical:x:93:bbraley
  storage:x:95:bbraley
  scanner:x:96:bbraley
  power:x:98:bbraley
  users:x:100:bbraley
  systemd-network:x:193:bbraley
  nm-openconnect:x:104:bbraley
  sddm:x:619:bbraley
  bbraley:x:500:
  sudo:*:501:bbraley
  Here's what
  ls -l /etc/sudoer
  yields:
  -r--r----- 1 root root 2948 Mar 22 07:25 /etc/sudoers
  And here's my sudoers file:
  ## Defaults specification
  ## You may wish to keep some of the following environment variables
  ## when running commands via sudo.
  ## Locale settings
  # Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
  ## Run X applications through sudo; HOME is used to find the
  ## .Xauthority file. Note that other programs use HOME to find
  ## configuration files and this may lead to privilege escalation!
  # Defaults env_keep += "HOME"
  ## X11 resource path settings
  # Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
  ## Desktop path settings
  # Defaults env_keep += "QTDIR KDEDIR"
  ## Allow sudo-run commands to inherit the callers' ConsoleKit session
  # Defaults env_keep += "XDG_SESSION_COOKIE"
  ## Uncomment to enable special input methods. Care should be taken as
  ## this may allow users to subvert the command being run via sudo.
  # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
  ## Uncomment to enable logging of a command's output, except for
  ## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
  # Defaults log_output
  # Defaults!/usr/bin/sudoreplay !log_output
  # Defaults!/usr/local/bin/sudoreplay !log_output
  # Defaults!REBOOT !log_output
  ## Runas alias specification
  ## User privilege specification
  root ALL=(ALL) ALL
  ## Uncomment to allow members of group wheel to execute any command
  ##%wheel ALL=(ALL) ALL
  ## Same thing without a password
  %wheel ALL=(ALL) NOPASSWD: ALL
  ## Uncomment to allow members of group sudo to execute any command
  %sudo ALL=(ALL) ALL
  bbraley ALL=(ALL) ALL
  ## Uncomment to allow any user to run sudo if they know the password
  ## of the user they are running the command as (root by default).
  Defaults targetpw # Ask for the password of the target user
  ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
  ## Read drop-in files from /etc/sudoers.d
  ## (the '#' here does not indicate a comment)
  #includedir /etc/sudoers.d
  Last edited by Bruce1956 (2015-03-28 05:16:03)

  Trilby wrote:I've never used the targetpw setting, but I wouldn't be surprised if that was the problem.  With that setting, if you want to run something as root (the default use of sudo) then you'd need the root password, not the user password.  Comment out that setting, and the next line.
  I had never used it, either, but I misread some reference and thought it might help. Since you say it causes the behaviour I'm trying to eliminate, I will get rid of it, as suggested. However, the behavior preceded my addition of this line in the file, so I don't think this will correct the problem. Edit: Removing it kept the root password from being universally required (I can now edit /etc/sudoers using my user password) and returned it to requiring it sometimes (I still need the root password to use kdesu).
  As for some other distro not having a root account, that is simply impossible.  There was a root account.  If you didn't have the password for it, then that installation was severely crippled.
  Sorry, you're right. I should have said that kubuntu does not expect users to assign a password to the root account and instead expects primary users to access that account's privileges via su, sudo, or kdesu only.
  https://help.ubuntu.com/community/RootSudo
  By default, the root account password is locked in Ubuntu. This means that you cannot login as root directly or use the su command to become the root user. However, since the root account physically exists it is still possible to run programs with root-level privileges. This is where sudo comes in - it allows authorized users (normally "Administrative" users; for further information please refer to AddUsersHowto) to run certain programs as root without having to know the root password.
  Thanks for responding to my request for help. Any other ideas?
  Edit:  Here's what I keep getting that only accepts the root password, not my user password
  http://s15.postimg.org/4z0o86oln/Runasroot_KDEsu.png
  -- mod edit: read the Forum Etiquette and only post thumbnails http://wiki.archlinux.org/index.php/For … s_and_Code [jwr] --
  Last edited by Bruce1956 (2015-03-23 04:41:06)

• Created Master Password, now neither User password or Master Password work

  Hi the
  I've suspected somene to remotely hack into my Macbook because recently it would open finder windows for nothing. Then some of my Gmail mails disappeared so I decided to change password.
  I headed to security and saw the "create Master Password" option so I entered my User password and created a Master Password.
  Then when trying to change the user password to allow system preference change, the "old" user password didn't but the Master Password didn't either. I tried to then change this Master Password, but it's not working either. It's like my two password suddenly vanished when trying to secure my Mac!
  Why? And how can I retrieve or change my passwords again?

  Update: I did the boot screen manipulation to change the administrator as indicated here https://www.youtube.com/watch?v=Qwc7__sceWA
  AND IT STILL DOESN'T ******* WORK.
  This has to be the less secure thing I've seen on a Macbook. ***

• Decimal Notation in SMARTFORMS to use plant default instead of user

  Hi All,
  Currently, the form is printed sometimes using user decimal notation and sometimes using plant.
  For new plant, the default is still 123.456,00.
  However, the user one is 123,456.00.
  At times, when the user tried to print invoices and etc, it will come out as 123,456.00 but at times, it comes out as 123.456,00.
  The form output should be using either plant or user.
  Where is the settings which can be changed?
  Thanks in advance for all your help.

  Hi,
  The decimal notations depend on the country settings specified in the system.
  Hence, you can override the settings by using program lines in smartforms in which you can write as below.
  SET COUNTRY 'US'. ( example taken as US ).
  So, whichever country decimal notation you want in the display you can set it like above.
  Regards,
  Ram

• Can I use "~" in Automator instead of user's home folder?

  I want to create an Automator action that I send to someone that can put a file in their iTunes Folder. If I create it on my computer however, Automator uses the actual file path to MY iTunes Library.
  Is there a way to use the "~/Music/iTunes/" to have Automator use a relative link to THEIR home folder?
  Can't figure this one out. Thanks

  Use ~username/Music/iTunes
  Be aware that you will have to change the permissions on ~username's Music and iTunes folders to allow you read and write access. All users be default have read only access to other users' iTunes folder and no access at all to the Music folder.

• [SOLVED] Deadbeef: Use alsa:PCM instead of software mixer

  Hello,
  Does anyone know how to get Deadbeef to use PCM alsa mixer instead of it's internal audio software mixer?
  Last edited by diffycat (2014-09-01 16:43:18)

  emeres wrote: Have you ever seen such a setup?
  No. That's why I'm asking.
  emeres wrote:Creating a script that would watch deadbeef volume and change PCM or whatever you specify using amixer. The problem is getting deadbeefs volume. Now-playing switch does not seems to provide that.
  I can get volume level with mpris-plugin. The only problem is that it crashes with current ddb version.

• How to know the system generated password when reseting users password?

  Dear All,
  I have reset password using "genarated new password" in the portal from User admin,but dont want to send a e-mail notification  to end users, instead of that i want to know the system generated password.
  But system doses't shows it.How can I tell what the password is and give it to the user?
  I have a All super admin rols.
  Pleas guide.
  Thanks in advance.

  Basically you can't! If you tell it to generate one, then that's only sent to the user. Why not enter your own random password or let the user pick their own through some sort of self service function?

• Filevault2 system password different from user password

  Using filevault2 system encryption I noticed that my login password is also used to decrypt the disk at boot time.
  This does not fit my needs. My requirements for the system encryption passphrase and the login password differ significantly.
  To protect my disk, I want to use a long and complicated pass phrase. One that can not be broken by brute force in the universe's lifetime.
  For my login account, I want a shorter, easy to type password. The main use of this password is to authorize actions that need administrative privileges. And it is needed quite often. Using the disk pass phrase for this purpose is just impractical.
  Is it possible to set up the system this way? Of course, if the shorter login password can also unlock the disk, then no security is gained by having an additional longer pass phrase.
  I tried to change the pass phrase of the system partition in disk utility. I selected the OSX partition and executed File->Change Password.
  There was no error message of any kind, but on the next boot, I was still able to unlock the disk using my shorter login password. (Which managed to cause some distrust in filevault2 on my side. What is going on? There was no error message when changing the password in disk utility.)

  After the next reboot, it showed again decrypting progress.
  Decrypting is not very stable, I had two freezes during decryption, where a Window of Death advises you to hold the power button until the computer turns off.
  Several more times, the progress indication of the decryption process displayed nonsense.
  Reencryption had to be done as the new disk unlocker user, as it is not possible to exclude the user from disk unlocking that starts the filevault2 encryption.
  What about the other question, why is it possible to set a password for the system partition in disk utility without any error message, and, as it seems, without any effect?

• Leopard prompts for 802.1X username and password instead of WEP password

  hey!
  so i got leopard on friday and i haven't been able to connect to my wireless properly since.
  i have an old D-Link DI-624 (Revision B) router that i have protected with a WEP password. in tiger i never had any problems with this, but now instead of prompting me for a WEP password when i try to connect, leopard prompts me to enter username and password and below there is a dropdown entitled 802.1X with options automatic and TTLS-PAP.
  if i try to enter my WEP password as the password, the connection fails.
  i know that the issue is not the router because my girlfriend is still running tiger and has no issues.
  i ran that login and keychain update and that didn't help. i also deleted that old airport driver file that other people had mentioned for other airport issues and that didn't do anything either.
  any ideas??
  thanks!!

  I have this exact same problem.

• [SOLVED] Sudo does not accept user password

  Hello , again !
  usually i run root commands with sudo , and i enter my current user password and everything works !
  Today , i updated my Arch linux with :
  pacman -Syu
  and my arch upgraded to 3.4.2-2. 
  but when i want to run a command with sudo , i cannot use my current user password ?
  thankyou
  Last edited by arashroshan (2012-06-19 11:10:52)

  thank you for reply but i have read sudo wiki and also sudo was working before updating .
  by the way su is still working .
  here is my sudoer file :
  ## sudoers file.
  ## This file MUST be edited with the 'visudo' command as root.
  ## Failure to use 'visudo' may result in syntax or file permission errors
  ## that prevent sudo from running.
  ## See the sudoers man page for the details on how to write a sudoers file.
  ## Host alias specification
  ## Groups of machines. These may include host names (optionally with wildcards),
  ## IP addresses, network numbers or netgroups.
  # Host_Alias    WEBSERVERS = www1, www2, www3
  ## User alias specification
  ## Groups of users.  These may consist of user names, uids, Unix groups,
  ## or netgroups.
  # User_Alias    ADMINS = millert, dowdy, mikef
  ## Cmnd alias specification
  ## Groups of commands.  Often used to group related commands together.
  # Cmnd_Alias    PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
  #                           /usr/bin/pkill, /usr/bin/top
  ## Defaults specification
  ## You may wish to keep some of the following environment variables
  ## when running commands via sudo.
  ## Locale settings
  # Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"                                                                                                                               
  ## Run X applications through sudo; HOME is used to find the                                                                                                                                   
  ## .Xauthority file.  Note that other programs use HOME to find                                                                                                                                 
  ## configuration files and this may lead to privilege escalation!                                                                                                                               
  # Defaults env_keep += "HOME"                                                                                                                                                                   
  ## X11 resource path settings
  # Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
  ## Desktop path settings
  # Defaults env_keep += "QTDIR KDEDIR"
  ## Allow sudo-run commands to inherit the callers' ConsoleKit session
  # Defaults env_keep += "XDG_SESSION_COOKIE"
  ## Uncomment to enable special input methods.  Care should be taken as
  ## this may allow users to subvert the command being run via sudo.
  # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
  ## Uncomment to enable logging of a command's output, except for
  ## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
  # Defaults log_output
  # Defaults!/usr/bin/sudoreplay !log_output
  # Defaults!/usr/local/bin/sudoreplay !log_output
  # Defaults!/sbin/reboot !log_output
  ## Runas alias specification
  ## User privilege specification
  root ALL=(ALL) ALL
  ## Uncomment to allow members of group wheel to execute any command
  %wheel ALL=(ALL) ALL
  ## Same thing without a password
  # %wheel ALL=(ALL) NOPASSWD: ALL
  #arashr ALL=(ALL) All
  ## Uncomment to allow members of group sudo to execute any command
  # %sudo ALL=(ALL) ALL
  ## Uncomment to allow any user to run sudo if they know the password
  ## of the user they are running the command as (root by default).
  # Defaults targetpw  # Ask for the password of the target user
  # ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
  ## Read drop-in files from /etc/sudoers.d
  ## (the '#' here does not indicate a comment)
  #includedir /etc/sudoers.d
  Last edited by arashroshan (2012-06-17 10:02:55)

• Connecting with Unix user/password using JDBC

  1) Is it possible to connect on a java program, with JDBC, using the Unix autentification ?
  With the JDBC thin client I use :
  DriverManager.getConnection("jdbc:oracle:thin:@<ip addresse>:<listener entry port>:<SID>","<user>","<password>");
  2) What Java syntaxe may I use, not to give the <user>/<password> in my java program ?
  I want to lauch my java program from a shell script (UNIX). The Unix's user is know in my Oracle database.
  3) Is it a secure way ?
  Thank's

  For what it's worth, I have not yet found a way to do this, either. But since it's not critical for me, I have given up on it, for now. I have not found anything on OTN nor in the Oracle documentation that explains how to do this. Sorry :-(
  Good Luck,
  Avi.

• Ignore user-password value under CAR 4.0

  Hi All,
  One of our NAS server, is using a default string for User-Password attribute value in the event that no password is set by the user in PAP authentication mode.
  How can we ignore that value or set it to Null under CAR in order to use the AllowNullPassword Feature?
  Please note that under CHAP Authentication mode the NAS Server does not modify CHAP-Password value so, if not set by user, AllowNullPassword works fine.

  To grant administrative privileges to users, you must first log onto CAR using admin as the initial user name and password. Log onto CAR using this user name and password to grant CAR administrator rights to user(s) for the first time. This user ID and password will only work when there are no CAR administrators configured in the system. Once one or more users have been granted administrator rights, this initial logon (admin, admin) will be disabled. At this point, only CAR administrators (users who have been granted administrator rights initially using admin, admin, can grant CAR administrator rights to other users.
  This URl should help you:
  http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a00801ed126.ht

• Procedure/package to change user password through plsql gateway

  I'm not sure is this the right place to ask, but I don't know anywhere better.
  I'm using Oracle 817 with the apache that bundled. I use the plsql gateway (mod_plsql). I want to create a page for user to change their password, however, I don't know how to verify the existing password of the user before changing to a new password. Also, how can I change the password, is there a standard procedure to do that?
  One more question, when I key in the following:
  http://myhost/pls/my_dad/my_schema.my_procedure
  the web server return a page with lots of cgi environment (assuming the my_procedure doesn't exist), how can I customise this page?
  thx.

  To ensure security of the Oracle database system and prevent unauthorized access to the Oracle database, it’s important for Oracle users to not only using strong and long Oracle passwords to avoid brute force or dictionary attacks, but also to change the Oracle user password regularly. Oracle users also have to change the password when the password has or going to expire, if database system administrator implements and enforces strict password control with PASSWORD_LIFE_TIME option for user profiles which limits the number of days the password can be used for authentication to login to the system.
  To change the Oracle password, users can use SQL*Plus or Oracle SQL and PL/SQL language interface administration tool such as Toad for Oracle. No matter what SQL apps you use, the commands and SQL query languages used to change the password are similar.
  There are two SQL command syntaxes that can be used to change Oracle database user password:
  ALTER USER user_name IDENTIFIED BY new_password;or (from Oracle8 and above):
  PASSWORD
  For above SQL query, if you need to change another user’s password, use the following command:
  PASSWORD user_name
  For PASSWORD command, after you press Enter, you will be prompted to input the old password and new password interactively. For example:
  SQL> password
  Changing password for DAVID
  Old password:
  New password:
  Retype new password: Note: You need to have enough privileges to change other Oracle user’s password.
  As the variable in italic implied by name, user_name is the user whose password wishes to be changed, and new_password is the new password to assign.
  As ALTER USER SQL syntax will send the new password to the Oracle database server unencrypted if use without Advanced Security Option, and thus expose to security risk, Oracle users should always use the PASSWORD command to change the Oracle user password.

• Password protected without a password

  I was attempting to password protect my adobe .pdf but it never gave me the screen to enter the password I wanted to use. Now the document is password protected without a password and I cannot open it.  Please help.

  I think i might have the same issue as MymicFSO.
  The issue is when you try to go to secure>manage security policies by default there would be 2 entries
  Encrypt with certificate
  Encrypt with Password option
  For the second if i check on the policy details both user password and owner password are set to "Not Required"
  So if I try to secure a document and choose the "Encrypt a password" option, since there is no default password setup then it will prompt me to enter what ever password I choose.
  Now on another computer someone changed the setting and chose to put in a password for the "User password" under the "Encrypt a password" policy. So now whenever I secure a document using that machine using "Encrypt a Password" it uses the one already stored and does not prompt me to enter a new password.
  Now it can still be changed by by to the password security settings manually but I wonder if it is possible to get back that option for it to just prompt me whenever i try to secure a document.

• [solved] Sudo works with user password instead of admin password.

  When i do a sudo command, it asks for a password. I enter my normal user password, and it works!
  It doesn't work if I enter root password. Is this normal?
  Last edited by trusktr (2010-07-27 10:14:15)

  gotcha! Thanks