||<>|| ||{{attachment:IconsPage/warning.png}}|| '''March 14, 2019 PLEASE NOTE: This wiki article is being significanly rewritten as it contains a good deal of old, dated and possibly questionable material. Using caution and consulting with others on the Ubuntu Forums or Ask Ubuntu is highly recommended!'''||{{attachment:IconsPage/warning.png}}|| Note: For help with configuring ''sudo'' privileges via its configuration file {{{/etc/sudoers}}}, please see [[Sudoers]]. = Background Information = In Linux (and Unix in general), there is a !SuperUser named '''root'''. The Windows equivalent of root is the Administrators group. The !SuperUser can do anything and everything, and thus doing daily work as the !SuperUser can be dangerous. You could type a command incorrectly and destroy the system. Ideally, you run as a user that has only the privileges needed for the task at hand. In some cases, this is necessarily root, but most of the time it is a regular user. '''By default, the root account password is locked in Ubuntu.''' This means that you cannot login as root directly or use the {{{su}}} command to become the root user. However, since the root account physically exists it is still possible to run programs with root-level privileges. This is where {{{sudo}}} comes in - it allows authorized users (normally "Administrative" users; for further information please refer to AddUsersHowto) to run certain programs as root without having to know the root password. This means that in the [[UsingTheTerminal|terminal]] you should use sudo for commands that require root privileges; simply prepend {{{sudo}}} to all the commands you need to run as root. For more extensive usage examples, please see below. Similarly, when you run GUI programs that require root privileges (e.g. the network configuration applet), use graphical sudo and you will also be prompted for a password (more below). Just remember, when sudo asks for a password, it needs '''YOUR USER password''', and not the root account password. '''Please keep in mind, a substantial number of Ubuntu users are new to Linux.''' There is a learning curve associated with any OS and many new users try to take shortcuts by enabling the root account, logging in as root, and changing ownership of system files. Example: [[http://ubuntuforums.org/showthread.php?t=1877557| Broken system via (ab)use of root by a new user]] Please note: At the time of the post, this was the users' first post on the Ubuntu forums. While some might call this a "learning experience", learning by breaking your system is frustrating and can result in data loss. When giving advice on the Ubuntu Forums and IRC, please take the time to teach "the basics" such as ownership, permissions, and how to use sudo / gksu / kdesudo in such a way that new users do not break systems. = Advantages and Disadvantages = == Benefits of using sudo == There are a number of benefits to Ubuntu leaving '''root''' logins disabled by default, including: * The installer has fewer questions to ask. * Users don't have to remember an extra password for occasional use (i.e. the root password). If they did, they'd be likely to forget it (or record it unsafely, allowing anyone to easily crack into their system). * It avoids the "I can do ''anything''" interactive login by default. You will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing. * sudo adds a log entry of the command(s) run (in {{{/var/log/auth.log}}}). If you mess up, you can go back and see what commands were run. * On a server, every cracker trying to ''brute-force'' their way in will know it has an account named '''root''' and will try that first. What they don't know is what the usernames of your other users are. Since the root account password is locked, this attack becomes essentially meaningless, since there is no password to crack or guess in the first place. * Allows easy transfer for admin rights by adding and removing users from groups. When you use a single root password, the only way to de-authorize users is to change the root password. * sudo can be setup with a much more fine-grained security policy. * The root account password does not need to be shared with everybody who needs to perform some type of administrative task(s) on the system (see the previous bullet). * The authentication automatically expires after a short time (which can be set to as little as desired or 0); so if you walk away from the terminal after running commands as root using sudo, you will not be leaving a root terminal open indefinitely. == Downsides of using sudo == Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted: * Redirecting the output of commands run with sudo requires a different approach. For instance consider {{{sudo ls > /root/somefile}}} will not work since it is the shell that tries to write to that file. You can use `ls | sudo tee -a /root/somefile` to append, or `ls | sudo tee /root/somefile` to overwrite contents. You could also pass the whole command to a shell process run under sudo to have the file written to with root permissions, such as `sudo sh -c "ls > /root/somefile"`. * In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as nss-ldap. To setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to leave the system unusable unless cracked. An extra local user, or an enabled root password is needed here. The local user account should have its $HOME on a local disk, _not_ on NFS (or any other networked filesystem), and a .profile/.bashrc that doesn't reference any files on NFS mounts. This is usually the case for root, but if adding a non-root rescue account, you will have to take these precautions manually. However the advantage of using a local user with sudo is that commands can be easily tracked, as mentioned in the benefits above. ## * In a long sequence of sysadmin commands, the need to prefix each command with "{{{sudo }}}", the inability to use redirection naturally, and having to retype ones password every 15 minutes are exasperating. For a heavy sysadmin session, a conventional root shell is better. ## The last addition seems to be written from the point of view that sudo is a poor choice. The downsides mentioned are weak at best, and also go against the policy of not recommending a root shell. = Usage = * When using sudo, your password is stored by default for 15 minutes. After that time, you will need to enter your password again. * Your password will '''not''' be shown on the screen as you type it, not even as a row of stars (******). It is being entered with each keystroke! == sudo == To use {{{sudo}}} on the command line, preface the command with {{{sudo}}}, as below: ''Example #1'' {{{ sudo chown bob:bob /home/bob/* }}} ''Example #2'' {{{ sudo /etc/init.d/networking restart }}} To repeat the last command entered, except with sudo prepended to it, run: {{{ sudo !! }}} == Graphical sudo == You should '''never''' use normal sudo to start graphical applications as root. Using {{{sudo}}} with graphical apps has the potential to corrupt your environment by allowing root to take ownership of and/or change permissions on critical files that you must own. The forums frequently see panicked requests for help from users who can no longer log in after running graphical applications under {{{sudo}}}. Please note that many websites and old threads advise the use of {{{gksu}}}. However, such search results are obsolete. gksudo has not been updated for years and is not even available in Bionic (18.04) and higher. {{{gksu}}} has been replaced by {{{pkexec}}}, but even {{{pkexec}}} is being deprecated by the mainline Ubuntu developers. They have taken the position that file manipulation and editing under root should be restricted to the command line. We can only surmise what the motives were behind this decision: perhaps there are just too many users who run into problems running graphical apps as root. In any case, running graphical apps as root now requires workarounds and additional steps. === Flavour-specific workarounds === There are a number of flavour-specific options for running graphical applications as root: * You can use {{{pkexec}}} on those flavours that support this option. As of 18.04, only Xubuntu supports this option by default, as shown in the following examples: {{{ pkexec thunar pkexec mousepad /etc/fstab }}} * By default, Kubuntu allows easy access to a root file manager: '''KDE Launcher → Computer → Root-Dolphin''' From there: '''(→ edit file)''' will open up a root instance of Kate. * Mainline Ubuntu and Gnome use Nautilus as their file manager. Any flavour running Nautilus will allow you to install the package {{{nautilus-admin}}} which will add two python extensions to Nautilus. These extensions add options that allow root access: '''Open as Administrator''' and '''Edit as Administrator''' It is also possible to install the missing Policykit files for both Nautilus and Gedit. See [[http://www.webupd8.org/2015/03/how-to-run-gedit-and-nautilus-as-root.html| this site]] for instructions and links. A knowledgeable user could build further Policykit files for alternate file managers and editors by using the linked files as templates. They are simple XML files that can be edited with a standard text editor. === General workarounds === The following methods will work on all flavours: * Use the command line. Simple text editors like nano are quite easy to learn. If you prefer a quasi-graphical file manager, install Midnight Commander. Both of these apps run under sudo with no problems. Examples: {{{ sudo mc sudo nano /etc/fstab }}} * Notwithstanding the earlier warning, it is possible to use {{{sudo}}} with graphical apps provided you add the {{{-H}}} flag. This flag is critical: it properly sets root to its own environment instead of improperly inheriting the user's environment. Use of the {{{-H}}} flag is mandatory. Failing to use this flag may corrupt critical system files and prevent you from logging in. With {{{sudo -H}}} almost any graphical app can be launched under root within any 'buntu flavour. This includes each flavour's default graphical editor and file manager. An appreciable danger with {{{sudo -H}}} is that the {{{-H}}} flag is easy to forget. And all it takes is one omission for the damage to be done. = Users = == Allowing other users to run sudo == To add a new user to sudo, open the '''Settings''' window, then '''Details → Users''' menu. First click '''Unlock''', then you can select a user and hit '''Administrator'''. ## replaced $user with below so as not to be confused with the environment variable #USER /!\ In the terminal (for Precise Pangolin, 12.04), this would be: {{{ sudo adduser sudo }}} where you replace with the name of the user (without the <>). In previous version of Ubuntu {{{ sudo adduser admin }}} would have been appropriate, but the admin group has been deprecated and no longer exists in Ubuntu 12.04. == Logging in as another user == '''Please don't use this to become root,''' see further down in the page for more information about that. {{{ sudo -i -u }}} For example to become the user {{{amanda}}} for tape management purposes. {{{ sudo -i -u amanda }}} The password being asked for is your own, not amanda's. == root account == === Enabling the root account === ||{{attachment:IconsPage/warning.png}}|| '''Enabling the root account is rarely necessary. Almost everything you need to do as administrator of an Ubuntu system can be done via sudo or gksudo. If you really need a persistent root login, the best alternative is to simulate a root login shell using the following command...'''||{{attachment:IconsPage/warning.png}}|| {{{ sudo -i }}} To enable the root account (i.e. set a password) use: {{{ sudo passwd root }}} ''' Use at your own risk! ''' ## In the interests of being open with available information, the Ubuntu Documentation Team and the Ubuntu Security Team have elected to allow directions on enabling the root account on this page so long as there are clear warnings about it. DO NOT REMOVE THIS INFORMATION. Thank you. ||{{attachment:IconsPage/dont.png}}|| '''Logging in to X as root may cause very serious trouble.''' If you believe you need a root account to perform a certain action, '''please consult the official support channels first''', to make sure there is not a better alternative. ||{{attachment:IconsPage/dont.png}}|| ## Ubuntu does not "encrypt the root password when you lock it". Please don't add untrue information. ## Using the su command isn't necessary. Please use sudo/gksudo/kdesu/kdesudo. The root account should not generally be enabled. === Re-disabling your root account === ||{{attachment:IconsPage/info.png}}|| If for some reason you have enabled your root account and wish to disable it again, use the following command in terminal... ||{{attachment:IconsPage/info.png}}|| {{{ sudo passwd -dl root }}} ## The bug with {{{passwd -l root}}} was fixed in the package landscape-client - 1.0.25-0ubuntu0.9.04 so you can safely use it as a proper way of re-disabling your root account. ## {{{usermod -p '!' root}}} actually restores the default state :) ## sudo passwd -dl root deletes the password and locks the account. It's the equivalent of sudo usermod -p '!' root. = Other Information = == Misconceptions == * ''Isn't sudo less secure than su?'' The basic security model is the same, and therefore these two systems share their primary weaknesses. Any user who uses `su` '''or''' `sudo` must be considered to be a privileged user. If that user's account is compromised by an attacker, the attacker can also gain root privileges the next time the user does so. The user account is the weak link in this chain, and so must be protected with the same care as root. On a more esoteric level, `sudo` provides some features which encourage different work habits, which can positively impact the security of the system. `sudo` is commonly used to execute only a single command, while `su` is generally used to open a shell and execute multiple commands. The `sudo` approach reduces the likelihood of a root shell being left open indefinitely, and encourages the user to minimize their use of root privileges. * ''I won't be able to enter single-user mode!'' The sulogin program in Ubuntu is patched to handle the default case of a locked root password. * ''I can get a root shell from the console without entering a password!'' You have to enter your password. Console users have access to the boot loader, and can gain administrative privileges in various ways during the boot process. For example, by specifying an alternate `init(8)` program. Linux systems are not typically configured to be secure at the console, and additional steps (for example, setting a root password, a boot loader password and a BIOS password) are necessary in order to make them so. Note that console users usually have physical access to the machine and so can manipulate it in other ways as well. == Special notes on sudo and shells == '''None of the methods below are suggested or supported by the designers of Ubuntu.''' Please do not suggest this to others unless you personally are available 24/7 to support the user if they have issues as a result of running a shell as root. ## sudo -i is not the same as su - nor is sudo -s == su , there are minor differences however. To start a ''root shell'' (i.e. a command window where you can run root commands), starting root's environment and login scripts, use: {{{ sudo -i (similar to sudo su - , gives you roots environment configuration) }}} To start a ''root shell'', but keep the current shell's environment, use: {{{ sudo -s (similar to sudo su) }}} For a brief overview of some of the differences between su, su -, and sudo -{i,s} see : [[http://ubuntuforums.org/showpost.php?p=6188826&postcount=4|Ubuntu Forums Post with nice table]] . Summary of the differences found - {{{ corrupted by user's HOME=/root uses root's PATH env vars sudo -i Y Y[2] N sudo -s N Y[2] Y sudo bash N Y[2] Y sudo su Y N[1] Y [1] PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games probably set by /etc/environment [2] PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin }}} For a detailed description of the differences see man su and man sudo . = Remove Password Prompt For sudo = ||{{attachment:IconsPage/warning.png}}||'''If you disable the sudo password for your account, you will seriously compromise the security of your computer. Anyone sitting at your unattended, logged in account will have complete root access, and remote exploits become much easier for malicious crackers.'''||{{attachment:IconsPage/warning.png}}|| * '''This method is NOT suggested nor supported by the designers of Ubuntu.''' * Please do not suggest this to others unless you personally are available 24/7 to support the user if they have issues as a result of running a shell as root. These instructions are to remove the prompt for a password when using the '''sudo''' command. The '''sudo''' command will still need to be used for root access though. '''Edit the sudoers file''' Open a Terminal window. Type in '''sudo visudo'''. Add the following line to the END of the file (if not at the end it can be nullified by later entries): {{{ ALL=NOPASSWD: ALL }}} Replace with your user name (without the <>). This is assuming that Ubuntu has created a group with the same name as your user name, which is typical. You can alternately use the group ''users'' or any other such group you are in. Just make sure you are in that group. This can be checked by going to '''System->Administration->Users and Groups''' Example: {{{ michael ALL=NOPASSWD: ALL }}} Type in '''^x''' to exit. This should prompt for an option to save the file, type in '''Y''' to save. Log out, and then log back in. This should now allow you to run the sudo command without being prompted for a password. Or to do this for the system wide group '''sudo''' {{{ root$ echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers }}} Log out, and then back in. = Reset sudo timeout = You can make sure sudo asks for password next time by running: {{{ sudo -k }}} The default sudo timeout length can be changed by following this article: [[RootSudoTimeout]]. = Other Resources = * How to [[http://www.psychocats.net/ubuntu/fixsudo| fix broken sudo]] * [[http://www.webupd8.org/2015/03/how-to-run-gedit-and-nautilus-as-root.html| How to run Gedit and Nautilus as Root]] * [[http://ubuntuforums.org/showthread.php?t=1486138| Ubuntu Forums policy]] on enabling the root account * [[http://manpages.ubuntu.com/manpages/lucid/en/man8/sudo.8.html| sudo]] man page * [[http://manpages.ubuntu.com/manpages/lucid/en/man5/sudoers.5.html| sudoers file]] man page ---- CategoryCommandLine CategorySecurity CategoryCommandLine