DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th May 2010
rpindy rpindy is offline
Fdisk Soldier
 
Join Date: May 2010
Posts: 59
Thanked 1 Time in 1 Post
Default sudo issue

Whenever I type sudo and a command, it gives me insulting error messages (there are a few humorous ones that are randomly given) saying I have the wrong password but if I type su and enter the root password it works fine. I have tried it several times so I know I didn't just happen to misspell the root password only on sudo. This is on OpenBSD 4.7. Any ideas? I appreciate it if so.
Reply With Quote
  #2   (View Single Post)  
Old 29th May 2010
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,873
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by rpindy View Post
Any ideas?
Your question is unclear, but it appears you are assuming that the root password is required for both su(1) & sudo(8). This isn't necessarily true.

The problem with su(1) is that one either knows the root password or one doesn't, & if one knows the root password, they have complete control over the system. The privilege separation implemented by the system is absolutely defeated.

The purpose of sudo(8) is to implement a configurable privilege policy which can be partial. su(1) cannot do this. sudo(8) roles can be established which may grant some privileges of root, but not necessarily all. sudo(8) can also grant root privileges by command. Likewise, the root password doesn't have to be shared since sudo(8) expects the user to enter their own non-privileged account password.

In this manner, sudo(8) has finer control & granularity over sharing root's control all without sharing root's password.

Note that sudo(8) is not configured by default. visudo(8) is used to edit the local sudo(8) policy. The default policy will not grant any root privileges to non-privileged users irregardless of whether the root password or non-privileged password(s) are used.

If you are looking for more information on sudo(8), study the manpage & the project's Webpage:

http://www.gratisoft.us/sudo/

Also note that sudo(8)'s current author is also an OpenBSD developer.
Reply With Quote
  #3   (View Single Post)  
Old 30th May 2010
rpindy rpindy is offline
Fdisk Soldier
 
Join Date: May 2010
Posts: 59
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by ocicat View Post
Your question is unclear, but it appears you are assuming that the root password is required for both su(1) & sudo(8).
Yes. Thank you for your detailed explanation. I'll study more about sudo and try configuring it.
Reply With Quote
  #4   (View Single Post)  
Old 30th May 2010
3th3r 3th3r is offline
New User
 
Join Date: May 2010
Location: Los Angeles
Posts: 6
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by rpindy View Post
Whenever I type sudo and a command, it gives me insulting error messages (there are a few humorous ones that are randomly given) saying I have the wrong password but if I type su and enter the root password it works fine. I have tried it several times so I know I didn't just happen to misspell the root password only on sudo. This is on OpenBSD 4.7. Any ideas? I appreciate it if so.
You'll need to set the insults flag to off in the sudoers file.
Reply With Quote
  #5   (View Single Post)  
Old 30th May 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,135
Thanked 182 Times in 149 Posts
Default

Quote:
Originally Posted by 3th3r View Post
You'll need to set the insults flag to off in the sudoers file.
No, that is not the reason. For sudo you have to use your own password, and not the root password
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #6   (View Single Post)  
Old 31st May 2010
rpindy rpindy is offline
Fdisk Soldier
 
Join Date: May 2010
Posts: 59
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by 3th3r View Post
You'll need to set the insults flag to off in the sudoers file.
LOL, thanks for that one, burrito brains.
Reply With Quote
  #7   (View Single Post)  
Old 31st May 2010
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

The insults motivate me not to mash keys at 3am in the morning and go to bed, not that they always succeed.. I like a challenge.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vulnerabilities in sudo closed J65nko News 0 1st March 2010 05:16 PM
Possible SMP Issue? MetalHead OpenBSD General 1 25th November 2008 03:52 AM
Installing sudo rex FreeBSD General 4 24th October 2008 12:40 AM
SUDO Wildcards jcatrysse FreeBSD Security 2 30th June 2008 07:18 AM
RAM issue nikkon FreeBSD General 5 7th May 2008 04:26 AM


All times are GMT. The time now is 08:49 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick