sudo apt-get install help!
September 20, 2009 9:01 PM   Subscribe

LinuxFilter : I seem to have lost sudo privileges in Ubuntu. How to fix please?

About a month back I picked up an Asus eeepc and installed #!CrunchBang on it, which is a variation on Ubuntu. Sudo worked fine for a couple of weeks, but the other day I went to install something and received this message:

(username) is not in the sudoers file. This incident will be reported.

Usual googling and message-board combing led to this solution
. But attempting to follow it, I enter my password after 'su -' and get a reply stating that the password is incorrect.

SO ... is this a catch-22, or has my password somehow been changed?
posted by mannequito to Computers & Internet (8 answers total)
Boot into single user mode. From there you can either passwd root and set a root password or edit /etc/sudoers.
posted by signalnine at 9:08 PM on September 20, 2009

Your account isn't in sudoers, and isn't int he admin group, you won't be able to use sudo or su until it's fixed.

Start here:
posted by iamabot at 9:17 PM on September 20, 2009

You should not be able to log in as root under ubuntu.

Add a line like this to /etc/sudoers after booting single user:

justin ALL=(ALL) ALL

Change that if your username is not justin

In single user mode, there will be no graphic login, so make sure you know how to log in at the text prompt and use a text mode editor (easier to find that info before booting to single user).
posted by idiopath at 9:21 PM on September 20, 2009

Additionally, you may wish to run vigr while you're in single user mode, and be sure that your day-to-day user is in the admin group. I can't remember if the name of the group is adm or admin.
posted by simoncion at 10:24 PM on September 20, 2009

Is this machine facing the Internet? If so, you may be compromised.

You can get root privileges by booting into single user (google it) and fixing your sudoers file, but beware the state of this machine if you can't explain why this happened. Sudo privileges work by mapping a username (in /etc/sudoers) to a loginname (in /etc/passwd and /etc/shadow) or a group (/etc/group and /etc/gshadow). If you didn't tinker with these files yourself -- or use visudo, vipw or vigr -- there's no reason for this to happen that I can think of.

As for logging in as root, this account is generally disabled for security reasons. You can enable it by setting the password (sudo passwd -l root), but this is discouraged for various (good) reasons. If you decide to go that route, at least disable logging in as root via SSH by turning off PermitRootLogin in /etc/ssh/sshd_config.
posted by cj_ at 11:17 PM on September 20, 2009

It's pretty debatable as to how important it is to not have a root password. No other distro does it and I think it's rather silly and annoying. Just set a good password. In an attack, if they can get in on a non-privileged account, especially one that has sudo permissions, privilege escalation is usually trivial.
posted by signalnine at 12:05 AM on September 21, 2009

Have you been turning the machine on and off, or logging in and out as yourself while this has been true? If it recognizes your password as yours, but doesn't recognize that you're in the admin group (or sudoers doesn't recognize that the admin group can sudo), well, that's a strange situation that shouldn't be easy to create accidentally. Might you have been editing your user groups and unchecked admin?

You should not be able to log in as root under ubuntu.

I'll note that "should" here is descriptive of a new Ubuntu installation. Whether it continues to be true going forward is up to the tastes of the admin. I consider the absence of a root password to be preferable, but having one is fine, too -- I just would recommend against having an ssh server that accepts direct login as root if you do.
posted by Zed at 8:54 AM on September 21, 2009

Sorry I posted this the other night but had a few days away from the machine ... Now that I've had a chance, I used signalnine's advice, booted into single user, and set a new root password ... my own account still isn't in the sudoers file but this is fine, I can drop to a terminal, enter 'su -', enter the new root password, and then perform any system tasks/updates etc from there.

Works quite well actually. May this help anyone else who ends up here looking for solutions. Thanks metafilter.
posted by mannequito at 9:47 AM on September 23, 2009

« Older What is the most effective way...   |  What should an extended abstra... Newer »
This thread is closed to new comments.