Locking the root account and using sudo

From Void Linux Wiki
Jump to: navigation, search

To begin with, ensure that a regular user has been created, and can use sudo to execute commands with root permission.

Be careful and don't lock yourself out. If you did lock yourself out, see this page.

Enable sudo

sudo is a package, check it's installed:

  $ xbps-query -Rs sudo
  ...
  [*] sudo-1.8.20p2_1 Allow others to run commands as root

Groups and related users can be viewed in /etc/group. Ensure the user is in the wheel group:

  $ usermod -aG wheel $USER

visudo can be configured to use an editor other than vi if desired. Edit /etc/sudoers using visudo:

  # visudo /etc/sudoers
  ...
  ## Uncomment to allow members of group wheel to execute any command
  %wheel ALL=(ALL) ALL
  ...

Lock the root account

The output of passwd -S root reveals how P is changed to L:

  $ sudo passwd -S root
  root P 03/27/2016 0 99999 7 -1
  $ sudo passwd -dl root
  passwd: password expiry information changed.
  $ sudo passwd -S root
  root L 03/27/2016 0 99999 7 -1

Set the root account shell to bash, the status can be viewed in /etc/passwd:

  $ sudo usermod --shell /bin/bash root

Set up sulogin for Grub rescue mode to allow operation without a root account password

Configure runit to use the sulogin -e option. Create the file /etc/sv/sulogin/conf with this content:

  OPTS="-e"

The conf file will be read by /etc/sv/sulogin/run.

Or if OPTS is not supported in the run file, edit the last line of /etc/sv/sulogin/run to this (although it will be overwritten on subsequent updates of runit and will need to be edited again):

  exec setsid sulogin -e < $tty >$tty 2>&1

This means if there is no root password, rescue mode boots to a root terminal which doesn't require a password. This is potentially insecure if the terminal can be physically accessed by others, although there are numerous other security issues in that situation. If a root password is set, then it will still be requested.

The root default environment in rescue mode could be lacking some elements for normal operation as displayed by the env command:

  $ env
  SHELL=/bin/bash
  USER=root
  PATH=/usr/bin:/usr/sbin
  PWD=/root
  SHLVL=1
  HOME=/root
  LOGNAME=root
  _=/usr/bin/env

This can be amended as desired by creating or editing /root/.bashrc, e.g.:

  # .bashrc

  # If not running interactively, don't do anything
  [[ $- != *i* ]] && return

  alias ls='ls --color=auto'
  PS1='[\u@\h \W]\$ '
  export PAGER=less
  export EDITOR=nano
  export TERM=xterm
  export PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin

After booting to rescue mode, the shell can be exited by pressing CTRL ALT DELETE to reboot, or:

  # shutdown -h now

Void Linux is constantly evolving along with the software that comprises it, and there are numerous installation approaches which include different groups of software and configuration. It's possible this page may include steps that are not required for some users, or omit steps that are. Further clarifications, corrections or additions are welcome.