Back again on Zorin after several years. That comeback though wasn't trouble free . Upon installing useful programs / utilities I came across to a problem. One of my main programs is Anydesk. Since on other distros I just download the appropriate .deb file and install it, I thought to give it a try the same way.
After running the .deb file though I had the message about appropriate dependencies not met (I can t replicate the message since I installed it otherwise). So I thought to try it the terminal way. The first step is to add the keys with command
sudo wget -qO - https://keys.anydesk.com/repos/DEB-GPG-KEY | apt-key add -
which couln t be executed, because of root (not admin privileges). Since root user is locked I had to set a password , unlock the user , run the command and install the program, then to lock the user again.
So my questions are ....
Why a simple command like that needs only root user to run ?
Is there another way I could have followed in order to avoid using root user ?
Yes. I am actually confused about how you set up your computer, actually.
Running a sudo command is to run as root user. You enter a sudo command, it asks for your root password, you enter it (just as you do to Login or elevate to root) and the command runs.
Did you install Zorin OS, set up your root password, then create a new user for yourself?
No it was a straight installation and after entering the environment for the first time, updated the system, rebooted and then started configuring it. So the user created within the installation process, was the one used to install Anydesk as well, using the sudo command, asking me afterwards for the pass which was accepted and then the message about, this command runs only as a root user.
I am curious too, why this happened.
Even if I wanted to, installation steps are such that you can t create a pass for the root user. I only asks credentials for the user who is part of the sudoers group I guess.
Exactly. It asked for the root user. I didn t unlock him just out of curiosity.
It wasn t anydesk if you come to think about it, since the command
sudo wget -qO - https://keys.whatever_program_needs_keys_added /repos/DEB-GPG-KEY | apt-key add - isnt anydesk related only.
In order to have a more accurate answer I need to install something else that uses this command to add keys beforehand.
I do not understand this statement. What do you mean you locked the root user? Was this a deliberate lock action you chose or a consequence you did not intend?
If you run sudo su from your user account, it should elevate you to root. What is this lock you refer to?
I mean that some distros including Zorin have root user locked by not having a password (locked anyway, since I m not sure if just by don t having a password it means locked user). So I unlocked the root user with
sudo passwd root (and gave him a password. Retype it in the next line)
sudo passwd -u root (this command will return passwd: passwd expiry information changed). Then you can log in as root
I run the command needed (because with my current user and using sudo I just couldn t ) and afterwards locked him again with ...... sudo passwd -l root
Nice but the installation commands for brave include
curl, echo tee and apt install and not wget (which for some strange reason for me it didn t work and thus i created the post at first place ) to add keys
On top of all that, I thought to remove & purge all of the anydesk installation and start over after reboot. First command resulted at the same issue as the one described in my initial post.
my_user_name@dm-dsk:/etc/apt/sources.list.d$ sudo wget -qO - https://keys.anydesk.com/repos/DEB-GPG-KEY | apt-key add -
E: This command can only be used by root.
The only thing that helped here was to run (instead of unlocking root) sudo su which elevated to root and then the command could be executed successfully.
Main question remains though. Since my user is part of the sudoers why it keeps asking for root user for the command to run.
Zorin OS does not come with Root locked without a password. The password creation is a necessary step the user must proceed through during the Ubiquity installer process.
The command you listed above for sudo passwd is to change the password of an account.
You also appear to be relying on information over a decade old and outdated from the internet.
The sudo su command does not elevate the user to root without a password (normally or by default). And this makes sense when you think about it... What kind of security would that provide if sudo su allowed any user to access root without providing credentials? It would provide none. We can plainly see that cannot be the default.
Ah, my apologies. I was running from memory. That being said, the curl command is a database query as is wget. Fundamentally for this exercise, you can consider them the same.
At this point... and with examination of the multiple points made above; I cannot honestly say what is going on with your sudoers or permissions.
It appears quite jumbled up. The only meaningful advice I can give is to back up your personal data and reinstall Zorin OS.
Upon reinstall, please take note of what password you provide that will be used for your account elevation and be sure to not change it post installation.
I recommend that you choose an easy to type sequence like a PIN since you will likely enter it often.
Using sudo in a command can become tedious, though the timeout for sudo is about five minutes. This is more than long enough to accomplish most tasks.
If you need elevated to root in the terminal, sudo -i is the recommended way. Substitute user (su) should be used for additionally created accounts (admin [there are many levels of admin permissions other than full root] , other users and such). Root is treated differently and recommended to use sudo -i to obtain that elevation. You should never log in or su as root.
That you had to change the root password should have been a clue soothing want right.
A disabled account verse a locked account is extremely different.
Locked accounts can only be accessed and unlocked by root and admins. Locked accounts are normally locked from improper user interaction, violation of rules set by administrators or by the administrators manual interaction.
Disabled accounts must be enabled prior to use as a security measure. This happens in windows and Linux alike. That is why both OSs add the very first user created to the administration group. A disabled account shouldn't be enabled unless it is utterly necessary or you know what you're doing and understand the security implications.
Guest account is also disabled by default. It can be activated, but is normally unnecessary for home use.
I don't know where you found your information (sounds like a dated manual on Linux), but that is not currently how things are done today. Security has been improved and features have been added that it won't cover.
Info comes from my personal notes all these years in digital form typed by hand with examples. Since there are hundreds of these files, I can t have them updated all the time and I only do so when I come across something new.
It is not the first time I install a linux distro, since within several years of my occupation in both personal and pro level i have install / setup and configure nas devices / type 1 Hypervisors / Linux servers with command line only / Voip systems and all the above mentioned are based on Linux (mainly Debian and some Red Hat). It was the first time I noticed a message like that upon installation and thought to investigate a little bit more.
No worries though. Thanks again
Ps You could try to install anydesk and see the outcome of the command
sudo wget -qO - https://keys.anydesk.com/repos/DEB-GPG-KEY | apt-key add -
instead of me trying again (well I did and had the same result).
As of right now, I m going to leave it as is, since I never forgot my current user's password (so no need to re-install and use an easy one in order to remember it) and I don t have the time to troubleshoot something that was just a curiosity type kind of thing at first place.
As a last point, I ll mention that installation in most Linux distros are damn pretty easy (Zorin not excluded) and developers made it literally very difficult to mesh something up. The worst case scenario (taking into account that someone follows the simple steps of using the whole drive and not making partitions himself for home / swap ... etc) would be to forget his credentials. Installation process doesn t involve taking actions for the root user so there is no way to mesh it up.
The warning message I had, was straight out of a clean installation, after updating the system and trying to install Anydesk. That's it.