rubikwizard
Posts: 95
Joined: Tue Jan 10, 2012 10:37 pm
Location: West Yorkshire
Contact: Website

Re: Debian Admin Password

Wed Apr 18, 2012 9:06 pm

Hi

Just received my RasPi today and having great fun playing with it

I have installed the Debian image from this site and have been browsing through all the applications in the menus. Some of them require an admin password to access them. What is this password? I have tried the password to initially log in to the machine (raspberry) but this is not accepted.

Many thanks for any help.

ianm1981
Posts: 15
Joined: Wed Nov 30, 2011 2:18 pm

Re: Debian Admin Password

Wed Apr 18, 2012 9:14 pm

As far as im aware there isnt one (anyone feel free to correct me)

It is however very easy to make one. Simply open a terminal window and type

sudo passwd root

press enter

then enter the new password in twice and away you go.

Standard exclamations of shock and alarm and the dangers of using root accounts may follow from people more linux/security conscious than myself ;o)

User avatar
grumpyoldgit
Posts: 1454
Joined: Thu Jan 05, 2012 12:20 pm

Re: Debian Admin Password

Wed Apr 18, 2012 9:17 pm

With Debian, if you are carrying out a command that needs admin privileges, you type sudo in front and then type your password when required. With Debian, Ubuntu and the rest of that family, root is hidden.

User avatar
grumpyoldgit
Posts: 1454
Joined: Thu Jan 05, 2012 12:20 pm

Re: Debian Admin Password

Wed Apr 18, 2012 9:20 pm

What ianm1981 said works but it is generally considered to be bad form as the theory is you should never need to log in as root. I've been running on Ubuntu for a couple of years now and never logged on as root.

rubikwizard
Posts: 95
Joined: Tue Jan 10, 2012 10:37 pm
Location: West Yorkshire
Contact: Website

Re: Debian Admin Password

Wed Apr 18, 2012 9:31 pm

Well I came across the application called GParted in the Preferences menu on the desktop. I figured I could use this to resize my partition to use the full capacity of my SD card but it asked for an admin password.

Not really sure what I am doing yet so might just leave it for the moment!

I realise there have been other threads about resizing partitions but didn't fully understand so I will have another look for them.

I have to say all this command line stuff is bringing back many happy memories of my Amiga days writing, compiling and running programs from the CLI. Hopefully I will now have many happy RasPi days ahead! I have bought the book "Linux Command Line" so am starting to work my way through it. Too many years of using Windows has made me soft!

User avatar
jojopi
Posts: 3000
Joined: Tue Oct 11, 2011 8:38 pm

Re: Debian Admin Password

Wed Apr 18, 2012 10:30 pm

There is an issue in the debian image because LXDE's menus are set up to use su instead of sudo, but there is no root password.  To fix it run the following command as user pi:gconftool-2 -\-type bool -\-set /apps/gksu/sudo-mode true

User avatar
grumpyoldgit
Posts: 1454
Joined: Thu Jan 05, 2012 12:20 pm

Re: Debian Admin Password

Wed Apr 18, 2012 10:32 pm

Presumably this information needs to be highlighted as everyone is going to hit the problem.

Chris.Rowland
Posts: 239
Joined: Thu Jan 12, 2012 5:45 pm

Re: Debian Admin Password

Thu Apr 19, 2012 7:24 am

Yes, we went through this a week or two ago.

Where would be best to put this? In the wiki somewhere but what page? I don't mind adding something.

While either of these approaches used allow Gparted to be used from lxde neither help with moving or copying files using the file manager.  Is this a "feature" of the file manager? In which case is there a better one?

And leafpad doesn't allow saving files as root.

I tripped over this when trying to set the screen size to 800x600 running Debian in QEMU.

User avatar
grumpyoldgit
Posts: 1454
Joined: Thu Jan 05, 2012 12:20 pm

Re: Debian Admin Password

Thu Apr 19, 2012 7:33 am

I have to admit I don't understand it. The PC I am typing on runs Lubuntu 11.10 which is basically a cut down Ubuntu with an LXDE front. I've had it up and running a couple of months to give me some familiarity with LXDE. In terminal. if I need to install software or otherwise carry out a task which requires advanced priviledges I just add sudo in front and give my password if prompted. In LXDE if I use an application like Gparted, I will be prompted for my password.

I can't work out whether this su issue is deliberate or is an error or oversight that the gconftool command corrects.

Chris.Rowland
Posts: 239
Joined: Thu Jan 12, 2012 5:45 pm

Re: Debian Admin Password

Thu Apr 19, 2012 7:42 am

I guess it's an oversight, the debian version for the Pi definitely seems to do this.  I guess that the fix that jojopi suggested could be added to the image quite easily.

There's still the issue that it works with gparted but not for writing files from LXDE.

User avatar
croston
Posts: 670
Joined: Sat Nov 26, 2011 12:33 pm
Location: Blackpool
Contact: Website

Re: Debian Admin Password

Thu Apr 19, 2012 7:48 am

@Grumpyoldgit Ubuntu uses sudo by default. Debian does not even though sudo has been set up on the RPi image on a basic level (look at .bash_history). The gconftool command needs to be run to change the default behavior in X. Hopefully this will be done in the next Debian image by default. Bear in mind that the early RPi developers are rapidly finding and fixing niggles like this. Remember Debian != Ubuntu

GizmoB73
Posts: 80
Joined: Fri Jan 27, 2012 12:51 pm

Re: Debian Admin Password

Thu Apr 19, 2012 1:57 pm

Interestingly (and probably rather dangerously) I have found that you can run:

$ sudo su -

#

to get logged in as root without knowing the password!

This works regardless of whether you know the root password or not.

This seems to make a mockery of the whole security model to me.  Isn't this a massive security hole?

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 18036
Joined: Sat Jul 30, 2011 7:41 pm

Re: Debian Admin Password

Thu Apr 19, 2012 2:04 pm

croston said:


@Grumpyoldgit Ubuntu uses sudo by default. Debian does not even though sudo has been set up on the RPi image on a basic level (look at .bash_history). The gconftool command needs to be run to change the default behavior in X. Hopefully this will be done in the next Debian image by default. Bear in mind that the early RPi developers are rapidly finding and fixing niggles like this. Remember Debian != Ubuntu


I've asked for it to be done on the next release.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

User avatar
jojopi
Posts: 3000
Joined: Tue Oct 11, 2011 8:38 pm

Re: Debian Admin Password

Thu Apr 19, 2012 2:20 pm

GizmoB73 said:

Isn't this a massive security hole?
It is not the most secure configuration of sudo, but it is the most convenient.  It is not an unreasonable default on a truly personal computer where the owner is actively encouraged to experiment.

If you want to tighten the configuration up, run "sudo visudo" and then delete the line "Defaults exempt_group = users" and save.  Then run "passwd pi" and change the password from raspberry to something less guessable, if you have not already.

Now sudo will ask for pi's password (except for rapid repeat uses), which provides additional protection against unattended keyboards or malicious software.

GizmoB73
Posts: 80
Joined: Fri Jan 27, 2012 12:51 pm

Re: Debian Admin Password

Thu Apr 19, 2012 2:25 pm

jojopi said:


GizmoB73 said:


Isn't this a massive security hole?


It is not the most secure configuration of sudo, but it is the most convenient.  It is not an unreasonable default on a truly personal computer where the owner is actively encouraged to experiment.

If you want to tighten the configuration up, run "sudo visudo" and then delete the line "Defaults exempt_group = users" and save.  Then run "passwd pi" and change the password from raspberry to something less guessable, if you have not already.

Now sudo will ask for pi's password (except for rapid repeat uses), which provides additional protection against unattended keyboards or malicious software.



That's fair comment about the usage.

And thanks for the tips on changing sudo.

User avatar
frying_fish
Posts: 80
Joined: Mon Jan 23, 2012 3:26 pm

Re: Debian Admin Password

Thu Apr 19, 2012 2:54 pm

GizmoB73 said:


Interestingly (and probably rather dangerously) I have found that you can run:

$ sudo su -

#

to get logged in as root without knowing the password!

This works regardless of whether you know the root password or not.

This seems to make a mockery of the whole security model to me.  Isn't this a massive security hole?


You can get a root shell by either:

$sudo -s

or

$sudo -i

depending on whether you want it to keep all your current shell defaults (-s), or login with a new interactive shell using roots defaults (-i). Using sudo su obviously also works, but you could also

$sudo su SOMEOTHERUSER

That would allow you to become said other user, and interact with the system as if you were them (useful if you need to check permissions are working on a multi user system)

Hopefully that gives a little insight.

Joe Schmoe
Posts: 4277
Joined: Sun Jan 15, 2012 1:11 pm

Re: Debian Admin Password

Thu Apr 19, 2012 3:45 pm

I just do "sudo bash".

As far as whether or not this is a security "hole" - I think you just have to accept it.  It is part and parcel of the idea of a personal computer.  I mean, that's the whole point of having a personal computer - it is for you.  The fact that they've evolved the normal desktop office PC back into a mainframe/terminal model, with limited access (and control) by the person sitting at the keyboard, is pretty much irrelevant to what we are trying to accomplish with the Pi.
And some folks need to stop being fanboys and see the forest behind the trees.

(One of the best lines I've seen on this board lately)

User avatar
Jim Manley
Posts: 1593
Joined: Thu Feb 23, 2012 8:41 pm
Location: SillyCon Valley, California, and Powell, Wyoming, USA, plus The Universe
Contact: Website

Re: Debian Admin Password

Sun May 06, 2012 12:31 am

Joe Schmoe said:


I just do "sudo bash".


For any newbies who aren't aware, /bin/sh is now the default shell (i.e., the command line interpreter, script execution environment, etc.) for Debian as of Squeeze for POSIX compliance, having been downgraded from bash (the historically-preferred shell), but, what a PITA.

bash is supposed to be the default interactive shell, but, when I accessed the Pi in the UK from California, it defaulted to sh everywhere.  Naturally, I fixed that via chsh to and bash was available when I logged into another xterm or when I logged out and then logged back in via the same xterm.

Up/down arrow keys to browse command history and tab auto-completion don't work in sh (at least remotely accessing the UK Pi), the color-coded file types in bash are gone in sh, and all of the other features we Linuxen have grown to know and love in bash are pretty much not in sh.  Talk about dumbing down to the lowest common denominator.  Yeah, yeah, I know, sh is really meant for the system to use to execute scripts in a uniform way.
The best things in life aren't things ... but, a Pi comes pretty darned close! :D
"Education is not the filling of a pail, but the lighting of a fire." -- W.B. Yeats
In theory, theory & practice are the same - in practice, they aren't!!!

User avatar
jojopi
Posts: 3000
Joined: Tue Oct 11, 2011 8:38 pm

Re: Debian Admin Password

Sun May 06, 2012 1:40 am

Jim Manley said:


bash is supposed to be the default interactive shell, but, when I accessed the Pi in the UK from California, it defaulted to sh everywhere.


It seems that the annoying[+], Debian specific, "adduser" script defaults to bash, whereas the underlying, portable, "useradd" binary defaults to sh.  These defaults being set in /etc/adduser.conf and /etc/default/useradd, respectively.  I can only assume that Deb and/or Ian expect you to use "adduser" for human users and "useradd" for system accounts!

Incidentally, I do not think the argument is that dash is more POSIX compliant than bash, but rather that because it implements only the bare minimum functionality it is faster for non-interactive uses.

[+] I have a pathological hatred for such scripts ever since I used the one in Slackware 1.1.2 to add a user with a home directory of "/" and it recursively chowned the entire filesystem.

bredman
Posts: 1415
Joined: Tue Jan 17, 2012 2:38 pm

Re: Debian Admin Password

Sun May 06, 2012 8:28 am

I have now added this to the troubleshooting wiki

http://elinux.org/R-Pi_Trouble.....#Passwords

Return to “Beginners”

Who is online

Users browsing this forum: Bing [Bot], gkreidl and 23 guests