I personally like the default sudo behavior of Ubuntu: - Root login impossible - "admin" group granted "ALL=(ALL) ALL" - users in the "admin" group are asked for their user password (not a root password) when using sudo.
[I like it, because this way, there's no root password to be shared among several people. There may be good reasons for other opinions, too - but that shouldn't be the topic of this question.]
Now I'm trying to re-create this behavior in Debian Etch. It basically works, but there's one important difference: Debian doesn't ask for a password. It should ask for the user's password.
I edited the sudoers file to be exactly the same as in Ubuntu, and I added a user to the newly created "admin" group. What else do I have to do to get the Ubuntu behavior in Debian (and other Linuxes)?
Thanks Chris
Problem solved itself by waiting 15 minutes... It works now, it simply kept the password alive for 15 minutes - which is normal, but I didn't know, that it even keeps it after a logout/login. I didn't expect this at all.
Everything's working fine now, thanks for the answers! (Can/should I somehow close this question?)
Are you sure there is no NOPASSWD anywhere in the sudoers file?
If it doesn't ask the password, you are root. I have the configuration working :
visudo
/etc/group
The 15 minutes is the default length of time that the
sudotimestamp will be valid. This timeout can be manipulated from the command line and also be set in thesudoersfile.To "cancel" the timeout so that the next use of
sudowill request a password, use the command:Alternately, if you want to extend the current timeout - that is, restart the timeout "timer" - use this command:
If the timeout is 15 minutes, after the
sudo -vcommand you'll have 15 minutes before the password is asked for again.In the
sudoersfile, the timeout can be set like this:(This sets the timeout to 10 minutes.)