Welcome to the Linux Foundation Forum!

Problems setting up sudo on openSUSE

I followed the instructions in Lab 1.1. Configuring the System for 'sudo' for how to configure a user to have sudo privileges, and I can't seem to get it to work. It still continues to prompt me for the root password (not my password) every time I try to run a command via sudo.

Are there additional or different steps required for enabling sudo privileges on openSUSE?

Comments

  • luisviveropena
    luisviveropena Posts: 1,142

    Hi @dsax35316 ,

    What openSUSE version are you using? So I can get it and do a small test case.

    Regards,
    Luis.

  • coop
    coop Posts: 915

    This lab has been tested on OpenSUSE-15.1, 15.2 and 14.x. You need to give more information on what line you added to the sudoers or sudoers.d/student file, and show us the output when sudo fails.

  • loiceahein
    loiceahein Posts: 2
    edited July 2020

    @dsax35316 said:
    I followed the instructions in Lab 1.1. Configuring the System for 'sudo' for how to configure a user to have sudo privileges, and I can't seem to get it to work. It still continues to prompt me for the root password (not my password) every time I try to run a command via sudo.

    Are there additional or different steps required for enabling sudo privileges on openSUSE?

    Can somebody help me as well i have done same procedure but still not able to configure it.

  • luisviveropena
    luisviveropena Posts: 1,142
    edited July 2020

    Hi @loiceahein ,

    I followed the instructions provided by the distro itself:

    https://en.opensuse.org/SDB:Administer_with_sudo

    So, I'm using openSUSE LEAP 15.2, and I did the following:

    1.- As root, edited the /etc/sudoers file, using "visudo". Uncommented the following line:

    %wheel ALL=(ALL) ALL

    2.- Added my user "luis" to the "wheel" group (as root):

    usermod -aG wheel luis

    You can check after with "id ". For example, "id luis".

    3.- Edit the sudoers file again. This time remove the ability for every user to run sudo.

    Comment out the following line, starting by "#", as follows:

    #ALL ALL=(ALL) ALL
    

    4.- Try running "sudo ls" or any other root command, and confirm that works.

    Regards,
    Luis.

  • coop
    coop Posts: 915

    All I can tell you is on the OpenSUSE-15-2 VM that we have at our website, none of this was done and sudo works perfectly. What version of openSUSE are you running? You have not answered this question so it is impossible for me to verify. Two things:

    1) I do remember back in some dark corner of my mind something about openSUSE using the "wheel" group in a way not done by other distros for a long time. "wheel" is a very old UNIX thing that has become kind of arcane.

    2) I really do not like updating the /etc/sudoers file; I prefer to work in /etc/sudoers.d. The reason is that when sudo itself gets updated either you do not receive the update or the new file wipes out your changes depending on how the distro handles configuration files that have been updated since installation. This can cause subtle or not so subtle problems.

    Please note that the normal behaviour for sudo is that it should ask you for your password once, and then not again within some timeout period I have forgotten how to configure. But asking you for the root password it should.

    I have seen this behaviour before in some ancient period, so please what are you running? It is impossible to provide correct advice without knowing this. I have a deep suspicion you are on an old distribution or a funny variant or not workstation etc.

  • @coop said:
    All I can tell you is on the OpenSUSE-15-2 VM that we have at our website, none of this was done and sudo works perfectly. What version of openSUSE are you running? You have not answered this question so it is impossible for me to verify. Two things:

    1) I do remember back in some dark corner of my mind something about openSUSE using the "wheel" group in a way not done by other distros for a long time. "wheel" is a very old UNIX thing that has become kind of arcane.

    2) I really do not like updating the /etc/sudoers file; I prefer to work in /etc/sudoers.d. The reason is that when sudo itself gets updated either you do not receive the update or the new file wipes out your changes depending on how the distro handles configuration files that have been updated since installation. This can cause subtle or not so subtle problems.

    Please note that the normal behaviour for sudo is that it should ask you for your password once, and then not again within some timeout period I have forgotten how to configure. But asking you for the root password it should.

    I have seen this behaviour before in some ancient period, so please what are you running? It is impossible to provide correct advice without knowing this. I have a deep suspicion you are on an old distribution or a funny variant or not workstation etc.

    Finally my problem is fixed i have done few mistake's. during the process i will share it in next post.

  • luisviveropena - apologies!

    I am not getting alerted by the forum when I have responses... I just now saw this.

    I am running OpenSuse leap 15.2.

  • Hi @dsax35316 ,

    You can use the solution I posted above, in fact I did the test case and it worked.

    Also, you can configure to receive notifications by email (for the forum).

    Regards,
    Luis.

  • thanks Luis - I have set up notifications on the forum to enable receiving email alerts going forward.

    Note: following the instructions above did NOT solve my problem, however, I am still able to run as a sudoer by entering the root password vs my own.

  • coop
    coop Posts: 915

    I can't explain why it doesn't work for you, but you are not insane. I have a distant memory of being told of this weirdness before (SUSE requiring root password instead of user password) even though it defeats the whole purpose of using sudo. Because I did not do this while installing the opensuse 15.2 VM we have on our website, I thought the problem was gone. If I get a chance I'll try and do some more investigation.

    The only thing I always do is to install a file /etc/sudoers.d/student rather than modify /etc/sudoers, as system updates wind up being easier that way since /etc/sudoers is unmodified.

  • Update - I was able to fix this -- it seems that visudo was writing changes (when I selected "file save") to a "sudoers.tmp" file. When I redirected the output using "file save as" to the "sudoers" file and over wrote it, sudo now seems to work fine asking for and accepting my password.

    I am still not sure why visudo was saving to "sudoers.tmp" however. I will delete the sudoers.tmp file and report back if that creates any additional problems.

  • Hi @dsax35316 ,

    I'm glad it's fixed!

    The "sudoers.tmp" file is a lock file, which prevents multiple simultaneous edits to /etc/sudoers.

    Regards,
    Luis.

Categories

Upcoming Training