I am trying to set up my nextcloud account so that i can log in. When I try to log in with sudo mount -t davfs2 ... it keeps on asking for my next cloud credentials - it does not get them from the secrets file that i created. I have followed the tutorials online with the only difference being that the tutorials specify to update the /etc/fstab file. But i do not want to do this because i have this set up on my laptop where i only sporadically have access to the internet. I would prefer to use sudo mount.... and have the credential input automaticall from the secrects file (i understand that each time i will need to input my sudo password). I believe that what is happening is that when i use sudo mount .... it is trying to load the system /etc/davfs2 configuration instead of my local .davfs2. I believe this because when i try to configure the /etc/davfs2 (to point to my secrets file) i get config erorrs. But when i purposefully put errors in the local .davfs2 config file the system never seems to recognise it. the only other thing i can think to do is allow local users permission to run mount which i would prefer not to do. What i may be doing wrong? PS - using Xubuntu

I have installed this version of Ubuntu on my laptop. └─ $ ▶ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.3 LTS Release: 16.04 Codename: xenial Because of my limited knowledge regarding Linux, I have added a line manually to /etc/passwd My user which I login to the laptop is gofoboso with a password. This user has sudo rights. After adding the second line into the contents following, I do not have sudo rights. root:x:0:0:root:/root:/usr/bin/zsh gofoboso:x:0:0:gofoboso:/gofoboso:/usr/bin/zsh daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin I understand that the passwords are encrypted on the /etc/shadow file, and now this has the exact attributes as the root user has (??) ─ $ ▶ sudo cat /etc/shadow [sudo] password for gofoboso: Sorry, try again. [sudo] password for gofoboso: sudo: account validation failure, is your account locked This is the company's laptop and I do not have the root password. I've tried some commands I found online but all of them required sudo. Anyone knows how can I revert this ? Most importantly I cannot restart the laptop or shut it down, because it will ask the password of the user gofoboso, which probably it's the same as root's now ?? If it cannot be fixed without becoming root, If someone knows the root password, and deletes that line the gofoboso user will be enabled again? Thanks.

I am running Ubuntu 14.04 LTS. Yesterday, I changed the password on my user account, which is an admin account. This morning, I discovered that I can no longer use sudo su to switch to root. I know that sudo uses my user account's password, not the root account's password, but it did not allow me to go to sudo su with either password. Then, after a reboot, when I logged in to the user account, it flashed a message on the screen briefly and then asked for my user name and password again. I had also changed privileges on my home directory yesterday, so I logged in as root and issued chmod 777 against my home directory. Now I can log in using that user account, but my directory structure has been replaced as though I am a new user. If I look at the directory from a terminal as root, I see this instead of the former directory structure:

root@CLM1001-Ubuntu:/home/stephen# whoami
root
root@CLM1001-Ubuntu:/home/stephen# ls
Access-Your-Private-Data.desktop  Documents  Music     Public      Templates
Desktop                           Downloads  Pictures  README.txt  Videos
root@CLM1001-Ubuntu:/home/stephen#

I have seen this behavior before after trying to remove .ecryptfs and my only recourse then was to restore from system backups. Is there something I can do to get this user account working properly again, short of doing another full system restore from backup? I looked at /var/log/syslog and /var/log/auth.log but didn't see anything that was obvious to me. I can add dumps from those logs if needed, but they are large. Adding a little more info: I noticed that my user account can no longer execute mysqldump - it gets privilege denied errors. Although I am able to get into phpmysql. (I know this is another question, so please just ignore it other than as possible, additional info on the first question.) OK, here is more on this problem (if I can get my iMac to cooperate.) I executed a "script" session and will attempt to post the captured text now:

Script started on Sun 31 May 2020 03:51:24 PM PDT  
  stephen@CLM1001-Ubuntu:~$ whoami  
stephen  
  stephen@CLM1001-Ubuntu:~$ pwd  
/home/stephen  
  stephen@CLM1001-Ubuntu:~$ hostname  
CLM1001-Ubuntu  
  stephen@CLM1001-Ubuntu:~$ uname -a  
Linux CLM1001-Ubuntu 3.13.0-93-generic #140-Ubuntu SMP Mon Jul 18 21:21:05  UTC 2016 x86_64 x86_64 x86_64 GNU/Linux  
  stephen@CLM1001-Ubuntu:~$ passwd  
Changing password for stephen.  
(current) UNIX password:   
Enter new UNIX password:   
Retype new UNIX password:   
passwd: password updated successfully  
  stephen@CLM1001-Ubuntu:~$ sudo su  
[sudo] password for stephen:   
  root@CLM1001-Ubuntu:/home/stephen# whoami  
root  
  root@CLM1001-Ubuntu:/home/stephen# exit  
exit  
  stephen@CLM1001-Ubuntu:~$ whoami  
stephen  
  stephen@CLM1001-Ubuntu:~$ ./SQLbackup  
./SQLbackup  
Sun May 31 15:57:06 PDT 2020  
/dev/sdb5 on /media/stephen/Hitachi72101Ptn5 type ext4 (rw)  
/media/stephen/Hitachi72101Ptn5 is mounted  
-- Warning: Skipping the data of table mysql.event. Specify the --events  option explicitly.  
 [note: SQLbackup is my script that runs mysqldump.]  
  stephen@CLM1001-Ubuntu:~$ echo "Ok, it looks like mysqldump is working."  
Ok, it looks like mysqldump is working.  
  stephen@CLM1001-Ubuntu:~$ exit  
exit  
Script done on Sun 31 May 2020 03:57:35 PM PDT

THEN 1. I logged in as stephen 1. I can see my home directory intact 2. I can sudo su with no problem 3. I can run mysqldump with no problem. 2. passwd I changed the password for the stephen account 3. I can sudo su with no problem 4. mysqldump with no problem 5. Via the Firefox browser, attempted to log in to phpmyadmin, but cannot log into phpmyadmin as stephen (regardless of which password I use) 6. ls still shows my home directory with no problem 7. rebooted the system 8. Cannot log in as stephen regardless of which password I use 9. Logged in to the system using a different user account 10. sudo su (to root) 11. passwd Stephen 12. I set the password to the original password again for stephen account 13. logoff 14. log in again as Stephen: Something flashes on the screen and it does directly back to the login screen 15. reboot the system again 16. login as Stephen: screen flashes and goes directly back to the login screen again 17. log in using the second user account 18. su Stephen Signature not found in user keyring Perhaps try the interactive 'ecry0tfs-mount-private' So the machine is dead at this point until I find a fix or restore from backup again. ---- Ok, so I am logged in to the problem machine again, using the second user account. I sudo sud (to root) then, as root, did these steps: (the second user is rootytooty.)

root@CLM1001-Ubuntu:/home/rootytooty# whoami
root
root@CLM1001-Ubuntu:/home/rootytooty# cd /
root@CLM1001-Ubuntu:/# pwd
/
root@CLM1001-Ubuntu:/# su stephen
Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'
stephen@CLM1001-Ubuntu:/$ man ecryptfs-mount-private
stephen@CLM1001-Ubuntu:/$ ecryptfs-mount-private
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
ERROR: Too many incorrect password attempts, exiting
stephen@CLM1001-Ubuntu:/$ whoami
stephen
stephen@CLM1001-Ubuntu:/$ ecryptfs-mount-private stephen
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
ERROR: Too many incorrect password attempts, exiting

I guess I go for the restore again. By the way: /var/log/syslog just shows the same messages that we saw in the terminal.

In the Ubuntu 24.04LTS release, all users (including those not in the sudoers group) who log in and use commands such as whoami, id - un, and view UID will be displayed as root users with root privileges, even if the username displayed after logging in is a normal regular username. Therefore, ordinary users are able to write files as root in restricted directories (such as system folders or other user directories). This completely confuses the permissions of the entire system. Here's an example user:

getent passwd fsy
fsy:x:1001:1001:,,,:/home/fsy:/bin/bash

Does anyone know how to solve this problem ...

I want to edit the sudoers file on my Synology Disk Station (specifically, to enabled password-less shutdown), however my version of Synology DSM does not have visudo installed. How can I install it so I can safely edit the sudoers file?

I'm not good with command lines or servers. But I needed to configure for work a AMI of EC2 AWS with LINUX So I've installed a lot of stuff, moved a lot of stuff around and then I realized that sudo was not behaving normally. Before, when I typed sudo, I would become a root user right away. Now when I type sudo, I get the command instructions (as if I had typed --help) [ec2-user@ip-172-31-33-121 ~]$ sudo usage: sudo [-D level] -h | -K | -k | -V usage: sudo -v [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-u username|#uid] usage: sudo -l[l] [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-U username] [-u user name|#uid] [-g groupname|#gid] [command] usage: sudo [-AbEHknPS] [-r role] [-t type] [-C fd] [-D level] [-g groupname|#gid] [-p prompt] [-u user name|#uid] [-g groupname|#gid [VAR=value] [-i|-s] [] usage: sudo -e [-AknS] [-r role] [-t type] [-C fd] [-D level] [-g groupname|#gid] [-p prompt] [-u user name|#uid] file . To become a root user *now* on my server I have to type sudo su. But once I do that all the commands stop working! [root@ip-172-31-33-121 ec2-user]# yum bash: yum: command not found I've read somewhere it could be a problem with my PATH, and I remember I did changed something on the PATH variable while doing some installations but I can't remember exactly what and why, I think it was when I was trying to install node.js or npm, anyway I'm not sure how to restore my PATH and if that is really the problem *I tried to restore my path, but I don't know how it was before, so or I restored it and it isn't the problem or I didn't really restored it. Output of echo $PATH: [root@ip-172-31-33-121 ~]# echo $PATH /usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/local/bin:/opt/aws/bin:/root/bin But I'm really new with this server config stuff, I have no idea if this is right... or wrong When I run sudo -i: [ec2-user@ip-172-31-33-121 ~]$ sudo -i -bash: id: command not found -bash: tty: command not found [root@ip-172-31-33-121 ~]# uname -a Linux ip-172-31-33-121 3.14.44-32.39.amzn1.x86_64 #1 SMP Thu Jun 11 20:33:38 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux ## UPDATE ## As mentioned in the answers it was verified that /usr/bin was missing from my $PATH, so I've added it to my $PATH, and now when I get root by sudo su the commands are recognized, but if I get root by sudo -i they are still not recognizable, I still get the same error: [ec2-user@ip-172-31-33-121 ~]$ sudo -i -bash: id: command not found -bash: tty: command not found – [root@ip-172-31-33-121 ~]# yum -bash: yum: command not found ## UPDATE 2 ## We've identified that there is something overwriting my $PATH when i restart my shell when I reopen my shell my $PATH variable is overwritten to this: [root@ip-172-31-33-121 ec2-user]# echo $PATH /sbin:/bin:/usr/sbin:/usr/local/bin:/opt/aws/bin So I lose the /usr/bin again. We've thought changing the .bashrc would fix it, but it didn't this is my .bashrc now: # .bashrc # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi PATH=$PATH:/usr/bin; export PATH # User specific aliases and functions The result of env command: [root@ip-172-31-33-121 ec2-user]# env LESS_TERMCAP_mb= HOSTNAME=ip-172-31-33-121 LESS_TERMCAP_md= LESS_TERMCAP_me= SHELL=/bin/bash TERM=xterm HISTSIZE=1000 EC2_AMITOOL_HOME=/opt/aws/amitools/ec2 PYTHON_INSTALL_LAYOUT=amzn LESS_TERMCAP_ue= USER=root LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36: SUDO_USER=ec2-user EC2_HOME=/opt/aws/apitools/ec2 SUDO_UID=500 USERNAME=root LESS_TERMCAP_us= PATH=/sbin:/bin:/usr/sbin:/usr/local/bin:/opt/aws/bin:/usr/bin MAIL=/var/spool/mail/ec2-user PWD=/home/ec2-user JAVA_HOME=/usr/lib/jvm/jre AWS_CLOUDWATCH_HOME=/opt/aws/apitools/mon LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/bin/su HOME=/root AWS_PATH=/opt/aws AWS_AUTO_SCALING_HOME=/opt/aws/apitools/as LOGNAME=root CVS_RSH=ssh AWS_ELB_HOME=/opt/aws/apitools/elb LESSOPEN=||/usr/bin/lesspipe.sh %s AWS_RDS_HOME=/opt/aws/apitools/rds SUDO_GID=500 LESS_TERMCAP_se= _=/bin/env OLDPWD=/home/ec2-user ## UPDATE FINAL ## By adding PATH=$PATH:/usr/bin; export PATH to the file /etc/profile, we were able to fix sudo -i for good sudo su is still not working, but I guess I will just use **sudo -i** Thanks everybody!

I am trying to run a program on a computer running Red Hat 6.5. This results in the three following errors: "/lib64/libc.so.6: version `GLIBC_2.14' not found" "/usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.15' not found" "/lib64/libm.so.6: version `GLIBC_2.15' not found" Clearly I have to install those libraries, but when searching I only found solutions that suggest running "sudo apt-get", which I sadly can't (no sudo access). Thus I need a solution to install them without sudo. (EDIT: This system does not have apt-get, but I am under the impression that yum, which it does have, is not far from the same thing. Still requires root though). Additionally, I would prefer if the solution only affected my account, or even were limited to the program I am trying to run, so I don't affect other users on this system. I would appreciate if I could receive some help on how to achieve something like this, or if it is impossible, I would like to know that (and out of curiosity, maybe also why).

I was trying to update my packages sudo apt update; sudo apt upgrade on a newly created WSL Debian instance but all of the requests to get new repositories failed with this error.

sudo: unable to resolve host Desktop-Dell: Temporary failure in name resolution

Afterwards, apt returned Failed to fetch I am using a Inspiron 16 Plus 7630 and installing Debian 12 Bookworm I installed Debian by running wsl --install -d Debian I tried modifying /etc/hosts and /etc/hostnames (I used nano to modify the files) to include my computer's hostname but instead it triggered the safe mode of WSL which disabled some features but I was still getting the same error as before. I also tried reinstalling WSL and Debian but nothing worked. /etc/hosts

127.0.1.1    Desktop-Dell

/etc/hostname

DESKTOP-DELL

I followed online guides to change these two files and reboot to resolve the host. [AskUbuntu](https://askubuntu.com/questions/59458/error-message-sudo-unable-to-resolve-host-none) **I can't update my apt repositories or access the internet. What steps could I take to resolve the host and fix the internet problem? Is this a problem with the naming of the hostname or is it a problem which requires a system reinstall or a problem with WSL and not with Debian?**

# Note # While making this post I managed to find the problem myself so I thought I might as well post in case it may help someone else later on. The problem was that I had a typo in **/etc/nsswitch.conf**, I had written **suduers** and not **sudoers** The **sudoers:** entry wasn't there from the beginning so I had to add it, hence the typo. One more thing was that the package **libsss-sudo** wasn't installed either, which was needed. # Post # I have my Linux-servers joined to my AD with SSSD like this: apt-get install sssd-ad sssd-tools realmd adcli krb5-user libsss-sudo realm join -U Administrator domain.local I can logon with my AD-users just fine but now I want to manage the sudo-rules in AD too. I extended the AD scheme like this on my AD-server: > wget https://github.com/sudo-project/sudo/blob/main/docs/schema.ActiveDirectory -o schema.ActiveDirectory I changed all the **DC=X** entries with **DC=domain,DC=local** and then ran: > ldifde -i -f schema.ActiveDirectory So far so good. I created a OU where I want all my sudo-rules: OU=Sudo-rules,OU=Linux Servers,OU=Computers,OU=Company,DC=domain,DC=local In the OU **Sudo-rules** I created an object with the **sudoRole** class, named it **LinuxAdminsSudo** and edited the following attributes: sudoCommand: ALL sudoHost: ALL sudoRunAs: ALL sudoUser: %linuxadmins@domain.local The **linuxadmins@domain.local** is an AD-group where all the Linux-admins are members and I want them to get full sudo-access to all Linux-servers. This is my **/etc/sssd/sssd.conf**: [sssd] domains = domain.local config_file_version = 2 services = nss, pam, sudo [domain/domain.local] default_shell = /bin/bash krb5_store_password_if_offline = True cache_credentials = True krb5_realm = DOMAIN.LOCAL realmd_tags = manages-system joined-with-adcli id_provider = ad fallback_homedir = /home/%d/%u ad_domain = domain.local use_fully_qualified_names = True ldap_id_mapping = True access_provider = ad sudo_provider = ad [sudo] In **/etc/nsswitch.conf** I added: sudoers: sss files Clear cache for SSSD and restart: sss_cache -E systemctl restart sssd Now I login with a user that's in the **LinuxAdmins**-group and when I run **sudo -l** I get this: Sorry, user admin-user@domain.local may not run sudo on linux-host1. So I'm not allowed to run sudo at all even though the rule in AD should allow this. When checking the SSSD cache I can see that it has indeed retrieved the rule: ldbsearch -H /var/lib/sss/db/cache_domain.local.ldb I found this entry: # record 28 dn: name=LinuxAdminsSudo,cn=sudorules,cn=custom,cn=domain.local,cn=sysdb cn: LinuxAdminsSudo dataExpireTimestamp: 1699953662 entryUSN: 65897179 name: LinuxAdminsSudo objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=domain,DC=local objectClass: sudoRule originalDN: CN=LinuxAdminsSudo,OU=Sudo-rules,OU=Linux Servers,OU=Computers,OU=Company,DC=domain,DC=local sudoCommand: ALL sudoHost: ALL sudoRunAs: ALL sudoUser: %linuxadmins@domain.local distinguishedName: name=LinuxAdminsSudo,cn=sudorules,cn=custom,cn=domain.local,cn=sysdb Which indicates that it can retrieve the rule just fine from AD. And everything was just fine, I had just made a typo in **/etc/nsswitch.conf** stated in the beginning of the post.

I have created few aliases, that I source to shell: alias apti="apt-fast install -y" alias aptr="apt-fast remove -y" alias aptp="apt-fast purge -y" alias apts="aptitude search" alias aptu="sudo dpkg --configure -a; apti -f; apt-fast update; apt-fast upgrade -y; apt-fast full-upgrade -y; apt-fast autoremove -y" and then added exceptions to /etc/sudoers: # # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d Cmnd_Alias APT=/usr/local/bin/apt Cmnd_Alias DPKG=/usr/bin/dpkg Cmnd_Alias APTGET=/usr/bin/apt-get Cmnd_Alias APTITUDE=/usr/bin/aptitude Cmnd_Alias APTFAST=/usr/sbin/apt-fast Cmnd_Alias PM_SUSPEND=/usr/sbin/pm-suspend myuser ALL=(ALL:ALL) NOPASSWD: APT, DPKG, APTGET, APTITUDE, PM_SUSPEND, APTFAST and it worked fine for years. But few weeks ago (linux mint update?) it started giving me error. $ apti iridium-browser sudo: sorry, you are not allowed to set the following environment variables: DEBUG, LCK_FILE, DOWNLOADBEFORE, _APTMGR, APTCACHE, DLDIR, DLLIST, LISTDIR, _MAXNUM, _MAXCONPERSRV, _SPLITCON, _MINSPLITSZ, _PIECEALGO, aptfast_prefix, APT_FAST_TIMEOUT In /etc/sudoers.d I have two files: README and mintupdate. I have not edited any of them. Only not commented lines are: Cmnd_Alias UPDATE = /usr/lib/linuxmint/mintUpdate/checkAPT.py ALL ALL = NOPASSWD:UPDATE As far as I can see, I am not setting any environment variables that are lissted. What am I doing wrong?

For some reason my main and only user in Debian (Windows Subsystem For Linux v2) **is not a sudoer any more**. sudo apt-get install myuser is not in the sudoers file I know I can add myself to sudoers via usermod -aG sudo myuser but how do that since I'm the only user? Also, If I try to run su to workaround this, my wsl password is not working.

I want to run Firefox as different users (Kubuntu 24.04). I've created extra users, then I do $ xhost +SI:localuser:NEW_USER $ sudo -u NEW_USER firefox I get this error message: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.kde.konsole-32c90ac053c74c8b88698b978c0ba6b5.scope is not a snap cgroup Digging, I've come across these: how to make it possible using SSH and using systemd-run The SSH method works, but I don't want to go that route. Now, I run this command: systemd-run --uid=1001 --slice=user-1001.slice /bin/sh /path/test.sh test.sh writes into a file that only user uid 1001 has access to, and then starts firefox. Checking, content gets written, but Firefox doesn't run. Checking with ps, there's no firefox process. How can I get Firefox (installed as a snap) to run as a different user?

So, I have an entry that looks like this in my sudoers file: user1 ALL=(user2) NOPASSWD: /scripts/dir/ This allows user1 to run all executables under /scripts/dir/ as user2 without entering their password using a command like sudo -u user2 /scripts/dir/script . However, I ran into issues where the executables expect to be run with user2's environment ($PATH, $DISPLAY, etc). user1 can accomplish that by running something like sudo -iu user2 /scripts/dir/script which simulates a login shell, but with the above sudoers entry, this doesn't work and they're prompted to enter their password. Is there a sudoers entry that will alow user1 to run this command or at least be able to source user2's .bashrc, .cshrc, etc. when running commands? I have found the SETENV option, but that allows user1 to preserve their existing environment, not take on user2's environment. I could do source /home/user2/.bashrc followed by sudo -Eu user2 /scripts/dir/script; this would give user1 user2's environment which will be preserved by the -E option, but this assumes that user1 has read access to the .bashrc file and that the script does not try to execute any commands that user1 does not have permission to run. The sudoers man page states the following about the -i option to sudo: > As a special case, if sudo's -i option (initial login) is specified, sudoers will initialize the environment regardless of the value of env_reset. The DISPLAY, PATH and TERM variables remain unchanged; HOME, MAIL, SHELL, USER, and LOGNAME are set based on the target user. On AIX (and Linux systems without PAM), the contents of /etc/environment are also included. On BSD systems, if the use_loginclass flag is enabled, the path and setenv variables in /etc/login.conf are also applied. All other environment variables are removed. which seems to indicate that it's possible to provide the -i option with some sudoers configuration, perhaps by giving user1 permission to run ALL commands or specifically allowing the -i option in sudoers, but I'm hoping there is a more fine-grained way of achieving this. Also, it seems to indicate that PATH and DISPLAY will come from user1's environment which is not what I want. Of course, I could give user1 more permissions than necessary in order to accomplish this, but that presents security risks.

I have a script that does a number of different things, most of which do not require any special privileges. However, one specific section, which I have contained within a function, needs root privileges. I don't wish to require the entire script to run as root, and I want to be able to call this function, with root privileges, from within the script. Prompting for a password if necessary isn't an issue since it is mostly interactive anyway. However, when I try to use sudo functionx, I get: sudo: functionx: command not found As I expected, export didn't make a difference. I'd like to be able to execute the function directly in the script rather than breaking it out and executing it as a separate script for a number of reasons. Is there some way I can make my function "visible" to sudo without extracting it, finding the appropriate directory, and then executing it as a stand-alone script? The function is about a page long itself and contains multiple strings, some double-quoted and some single-quoted. It is also dependent upon a menu function defined elsewhere in the main script. I would only expect someone with sudo ANY to be able to run the function, as one of the things it does is change passwords.

I just found out sudo insults, and I would think it would be fun to get those slanders out through festival , but only the insults - how to do that on Linux ?

sudo has the pleasant property of allowing one to cache credentials, i.e., if one is to execute multiple administrative commands in a row, there's less mistyping passwords. Can the same be achieved using [run0](https://www.freedesktop.org/software/systemd/man/devel/run0.html) , systemd-run's alternative to sudo?

[username@MACHINE bin]$ sudo
sudo: Files/Microsoft: command not found

I can sudo just fine as root. I thought this might be due to spaces introduced into PATH by WSL, but for both the root and non-root accounts, neither enclosing all paths in quotes nor escaping the spaces fixes this problem. **EDIT:** This is apparently due to devtoolset-7 prepending my PATH with /opt/rh/devtoolset-7/root/usr/bin, which includes a sudo executable. I would rather not have to type /bin/sudo every time I wish to invoke superuser access; by what means may I make /opt/rh/devtoolset-7/root/usr/bin/sudo usable?

### Problem Consider a command like this: binary_output 2>error.log where tool is arbitrary and ssh is a wrapper or some ssh-like-contraption that allows the above to work. With regular ssh it doesn't work. I used sudo here but it's just an *example* of a command that requires tty. I'd like a general solution, not specific to sudo. --- ### Research: the cause With regular ssh it doesn't work because: - sudo needs tty to ask for password (or to work at all ), so I need ssh -t ; actually in this case I need ssh -tt. - On the other hand ssh -tt will make sudo read the password from binary_input. I want to provide the password via my local tty. Even if sudo is configured to work without password or if I inject the password to the binary_input, ssh -tt will make sudo and tool read from the remote tty and write output *and* errors and prompts to the remote tty. Not only I won't be able to tell the output and the errors/prompts apart locally. All the streams will be processed by the remote tty and this will mangle data (you can see this in some examples in this answer of mine , in the section entitled "Some practice"). --- ### Research: comparison to commands that work - This local command is the reference point. Let's assume it successfully processes some binary data: binary_output - If I need to run tool on a server, I can do this. Even if ssh asks for my password , this will work: binary_output In this case ssh is transparent for binary data. - Similarly local sudo can be transparent. The following command won't mangle the data even if sudo asks for my password: binary_output - But running tool on the server with sudo is troublesome: binary_output In this configuration ssh and sudo *together* cannot be transparent in general. Finding a way to make them transparent is the gist of this question. --- ### Research: similar questions I have found few similar questions: - Use sudo with ssh command and capturing stdout This question cares about stdout only. The existing answer (from the author of the question) advises sudo -S which consumes stdin. I don't really want to alter my binary_input. And I would appreciate a solution not specific to sudo. - stderr over ssh -t This concentrates on passing Ctrl+c and the background is GNU parallel. A workaround that only makes Ctrl+c work without a remote tty is not enough for me. - SSH: Provide additional “pipe” fds in addition to stdin, stdout, stderr This is a good start (especially this answer , I think). However here I want to emphasize the need for tty. I want a solution that automates things and allows me to use remote sudo (or whatever) as if it was local. --- ### My explicit question In the following command: binary_output 2>error.log requires-tty is a placeholder for code that requires a tty but processes binary data from its stdin to its stdout. It seems I need ssh -tt, otherwise requires-tty will not work; and at the same time I mustn't use ssh -tt, otherwise the binary data will be mangled. How can I solve this problem in a convenient way? requires-tty can be sudo … but I don't want a solution specific to sudo. I imagine the ideal(?) solution will be a script/tool that replaces ssh in the above invocation and just works. It should(?) connect the remote stdin, stdout and stderr each to its local counterpart, *and* the remote tty to the local tty. If it's possible, I prefer a client-side solution that does not require any server-side companion program.

I’m trying to write a C wrapper to run a bash process. The goal of this wrapper is to apply a seccomp policy to restrict certain syscalls. Here is the code:

#define _GNU_SOURCE
#include 
#include 
#include 
#include 
#include 
#include 
#include 

// Function to apply seccomp filter
void apply_seccomp_filter() {
    scmp_filter_ctx ctx;

    // Initialize seccomp context with default allow policy
    ctx = seccomp_init(SCMP_ACT_ALLOW);
    if (ctx == NULL) {
        perror("seccomp_init");
        exit(EXIT_FAILURE);
    }

    // Block finit_module syscall
    if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(finit_module), 0) < 0) {
        perror("seccomp_rule_add: finit_module");
        seccomp_release(ctx);
        exit(EXIT_FAILURE);
    }

    // Load the filter
    if (seccomp_load(ctx) < 0) {
        perror("seccomp_load");
        seccomp_release(ctx);
        exit(EXIT_FAILURE);
    }

    seccomp_release(ctx);
}

int main() {
    apply_seccomp_filter();
    execl("/bin/bash", "bash", NULL);
    perror("execl");
    return EXIT_FAILURE;
}

The code works fine to block the syscall, but when I try to run sudo, I get this message:

sudo: The "no new privileges" flag is set, which prevents sudo from running as root.
sudo: If sudo is running in a container, you may need to adjust the container configuration to disable the flag.

Do you know how to disable this flag? All the answers I find online are related to containers like Docker, but that’s not my case. Thanks in advance for your help!

When I run sudo and enter my password, a subsequent invocation of sudo within a few minutes will not need the password to be re-entered. How can I change the default timeout to require the password again?