Home / ubuntu / Questions / 313674
Accepted
Nav
Asked: 2013-06-28 20:53:54 +0800 CST

Granting administrator privileges to user not working?

  • 772

I saw the sudoers manual and plan to eventually give the user only rights to run specific programs, but tried testing it with ALL permissions and it isn't working.

sudo -l shows this:

[sudo] password for nav: 
Matching Defaults entries for nav on this host:
    env_reset,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

User nav may run the following commands on this host:
    (ALL : ALL) ALL
    (ALL : ALL) ALL

But yet when I try apt-get install firefox I get this: 

E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?

My actual aim is to run Truecrypt without having it to ask for the Ubuntu login password, but before that I'd at least like to be able to run other commands without having to type sudo. Any idea what I'm doing wrong?
Also tried this solution and it didn't work.

12.04

1 Answers

  1. Best Answer

    Um, there is a slight confusion as to how sudo works.

    Sudo allows you to become root (or other user) for the purpose of running a certain command. However, it is not automatically invoked when you run the command apt-get; you need to run sudo:

    sudo apt-get install firefox

    and not

    apt-get install firefox

    Otherwise you are not invoking sudo at all! You see, sudo is not a system thing. It is just a regular program that runs always with root privileges (suid, in other words).

    ~$ ls -l `which sudo`
-rwsr-xr-x 2 root root 127668 2013-02-27 21:41 /usr/bin/sudo*

    See this star and the "s" in the permissions? That is what it means -- whoever runs sudo, sudo runs with the permissions of root; just as if root has started it. And then it looks around, sees that it is you who run it, looks up the sudoers file and says: fine, you are allowed to run apt-get as root, let me run that for you. And invokes apt-get with root permissions, which has the same effect as if root has run that.

    If you do not use sudo, but just type

    apt-get install firefox

    Then apt-get is run as regular user and naturally has no permissions to touch the files which can only be opened for writing by root. This is because apt-get is not a suid program; it runs with the permission of that user who started it.

    Suid programs are dangerous, because if there is any error in the program, it can be used to escalate the privileges of a non-authorized user. That is why only one program (sudo) exists for these particular purposes.

    Fine. About that password thing: use the NOPASSWD directive in the sudoers file (use visudo to edit it) and run the command with sudo. Here is the appropriate entry to your sudoers file:

    yourusername ALL = NOPASSWD: /path/to/the/program

    That way, invoking

    sudo /path/to/the/program

    will not require to type a password and you will be able to run it from a script or through cron.

    • 2