sudo like in Ubuntu (for Debian and other Linuxes)

Question

I personally like the default sudo behavior of Ubuntu: - Root login impossible - "admin" group granted "ALL=(ALL) ALL" - users in the "admin" group are asked for their user password (not a root password) when using sudo.

[I like it, because this way, there's no root password to be shared among several people. There may be good reasons for other opinions, too - but that shouldn't be the topic of this question.]

Now I'm trying to re-create this behavior in Debian Etch. It basically works, but there's one important difference: Debian doesn't ask for a password. It should ask for the user's password.

I edited the sudoers file to be exactly the same as in Ubuntu, and I added a user to the newly created "admin" group. What else do I have to do to get the Ubuntu behavior in Debian (and other Linuxes)?

Thanks Chris

score 4 · Accepted Answer · answered Mar 11 '10 at 16:49

4

Problem solved itself by waiting 15 minutes... It works now, it simply kept the password alive for 15 minutes - which is normal, but I didn't know, that it even keeps it after a logout/login. I didn't expect this at all.

Everything's working fine now, thanks for the answers! (Can/should I somehow close this question?)

answered Mar 11 '10 at 16:49

Chris Lercher

4,152
9
35
41

Since you provided the best answer, you can click the "check mark" next to your name. – Warner Mar 11 '10 at 16:55
Warner: He will have to wait a couple days before it lets him I think – Kyle Brandt Mar 11 '10 at 16:57
Ok, thanks. When I click the check mark, it tells me, that I have to wait two days before I can accept my own answer. I'll mark it in my calendar. – Chris Lercher Mar 11 '10 at 16:59
7

When testing sudo you can use sudo -k to forget the login success instead of waiting 15 minutes. – Richard Holloway Mar 11 '10 at 17:01
1

chris_l: You can also run the search `user:2561 hasaccepted:0` every once and a while, putting in your user id, to keep on top of those. – Kyle Brandt Mar 11 '10 at 17:04

score 0 · Answer 2 · answered Mar 11 '10 at 16:38

0

Are you sure there is no NOPASSWD anywhere in the sudoers file?

answered Mar 11 '10 at 16:38

Kyle Brandt

83,619
74
305
448

score 0 · Answer 3 · answered Mar 11 '10 at 16:39

0

If it doesn't ask the password, you are root. I have the configuration working :

visudo

%admin ALL=(ALL) ALL

/etc/group

admin:x:1000:user1,user2

answered Mar 11 '10 at 16:39

Dom

6,743
1
20
24

score 0 · Answer 4 · answered Feb 08 '12 at 23:59

The 15 minutes is the default length of time that the sudo timestamp will be valid. This timeout can be manipulated from the command line and also be set in the sudoers file.

To "cancel" the timeout so that the next use of sudo will request a password, use the command:

sudo -k

Alternately, if you want to extend the current timeout - that is, restart the timeout "timer" - use this command:

sudo -v

If the timeout is 15 minutes, after the sudo -v command you'll have 15 minutes before the password is asked for again.

In the sudoers file, the timeout can be set like this:

Defaults timestamp_timeout=10

(This sets the timeout to 10 minutes.)

sudo like in Ubuntu (for Debian and other Linuxes)

4 Answers4