The straight, but blunt, answer here, I think, is to read the man pages for
sudo and sudoers (i.e., the /etc/suduoers file that does access control for the
sudo command. The command is very flexible and can be tuned to allow specified
sudoers to use elevated privilege only to execute specific commands. But it is
not especially friendly.
Absent a specific reason to allow otherwise non-privileged users to run
specific privileged commands it probably is better to remove sudo and simply
log on as the root user to do privileged things. Even for the first case, where
ordinary users need tuned privileged access, it probably is better practice to
activate selinux for the purpose, although the documentation is somewhat
inaccessible (Red Hat probably is best).
The TL;DR here is that for maintaining personal workstations and servers it makes more sense to log
in as root, do the work as required, then log out. Or there is "sudo -i" to get an
interactive root shell and avoid prepending every command with "sudo."
Regards,
Tom Dial
On 2/20/25 15:29, Jeffrey Walton wrote:
Hi Everyone,
I have a fresh Debian 12.9 install. My user account is part of sudo
group, and members of sudo can run any command. However, I get an
error when trying to use sudo:
$ sudo ls
[sudo] password for jwalton:
jwalton is not in the sudoers file.
$ groups
jwalton cdrom floppy sudo audio dip video plugdev users netdev
bluetooth lpadmin scanner
$ su -
Password:
# grep -v -E '^#' /etc/sudoers | cat -s
Defaults env_reset
Defaults mail_badpass
Defaults
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Defaults use_pty
root ALL=(ALL:ALL) ALL
sudo ALL=(ALL:ALL) ALL
I've rebooted the machine twice. I know the failure is not due to
stale login information.
Does anyone know why I cannot use sudo in this case?
Jeff
