On 5/8/26 15:39, Chris Green wrote:

Chris Green <cl@isbd.net> wrote:

All my pis until now allow me to get root privileges by doing 'sudo
-i' without entering my password.

One I have just installed does request my password when I do 'sudo -i'.

Can anyone suggest why this new one acts differently?

I have checked that /etc/sudoers is the same on the new system as on
all others. I have also checked that my user is in all the same
groups in /etc/group.

All systems are running the latest Raspbian with kernel 6.12.75.

Ah, I finally found the difference, all systems except the new pi have
a file /etc/sudoers.d/010_pi-nopasswd which provides the no password
"sudo -i".

The remaining question is why the latest system didn't get this file installed. Has rpi-imager been changed so that it no longer installs
it?

As I understand it, the latest OS image now has that limitation that you
need a password for sudo. My Xubuntu desktop has been like that for
years. 25 years ago I had BSD installed on a 386 and it required a
separate password for root. They are just trying to make the computers
a little more secure. They got rid of pi and raspberry a couple of
years ago. This is just one more step in that direction.

--

Knute Johnson

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

All my pis until now allow me to get root privileges by doing 'sudo
-i' without entering my password.

One I have just installed does request my password when I do 'sudo -i'.

Can anyone suggest why this new one acts differently?

I have checked that /etc/sudoers is the same on the new system as on
all others. I have also checked that my user is in all the same
groups in /etc/group.

All systems are running the latest Raspbian with kernel 6.12.75.

--
Chris Green
ú

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Chris Green <cl@isbd.net> wrote:

All my pis until now allow me to get root privileges by doing 'sudo
-i' without entering my password.

One I have just installed does request my password when I do 'sudo -i'.

Can anyone suggest why this new one acts differently?

I have checked that /etc/sudoers is the same on the new system as on
all others. I have also checked that my user is in all the same
groups in /etc/group.

All systems are running the latest Raspbian with kernel 6.12.75.

Ah, I finally found the difference, all systems except the new pi have
a file /etc/sudoers.d/010_pi-nopasswd which provides the no password
"sudo -i".

The remaining question is why the latest system didn't get this file
installed. Has rpi-imager been changed so that it no longer installs
it?

--
Chris Green
ú

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 08/05/2026 21:39, Chris Green wrote:

Chris Green <cl@isbd.net> wrote:

All my pis until now allow me to get root privileges by doing 'sudo
-i' without entering my password.

One I have just installed does request my password when I do 'sudo -i'.

Can anyone suggest why this new one acts differently?

I have checked that /etc/sudoers is the same on the new system as on
all others. I have also checked that my user is in all the same
groups in /etc/group.

All systems are running the latest Raspbian with kernel 6.12.75.

Ah, I finally found the difference, all systems except the new pi have
a file /etc/sudoers.d/010_pi-nopasswd which provides the no password
"sudo -i".

The remaining question is why the latest system didn't get this file installed. Has rpi-imager been changed so that it no longer installs
it?

Everybody is fashionably conscientious about 'security' these days...


--
WOKE is an acronym... Without Originality, Knowledge or Education.


--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Fri, 8 May 2026 21:20:54 +0100, Chris Green <cl@isbd.net> wrote:

All my pis until now allow me to get root privileges by doing 'sudo
-i' without entering my password.

One I have just installed does request my password when I do 'sudo -i'.

Can anyone suggest why this new one acts differently?

I have checked that /etc/sudoers is the same on the new system as on
all others. I have also checked that my user is in all the same
groups in /etc/group.

All systems are running the latest Raspbian with kernel 6.12.75.

https://www.theregister.com/software/2026/04/15/raspberry-pi-os-ends-open-door-policy-for-sudo/5222213
--
NNNN

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

rbowman <bowman@montana.com> wrote:

On Fri, 8 May 2026 21:39:39 +0100, Chris Green wrote:

The remaining question is why the latest system didn't get this file installed. Has rpi-imager been changed so that it no longer installs
it?

It was a deliberate decision to require a password for sudo in the latest release. That's been the norm in most Linux distros for years. Pi was the exception.

I wish they'd make this sort of change more explicit. It had me
confused for a while. I have loads of other Linux based systems and
I'm used to them requiring a password for sudo so I don't have an
issue with that. I just don't like things like this changing without
the change being noted somewhere.

Are there release notes anywhere that would have told me?

--
Chris Green
ú

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 09/05/2026 09:24, Chris Green wrote:

Are there release notes anywhere that would have told me?

I read about it somewhere. It might have been this:

https://www.raspberrypi.com/news/a-security-update-for-raspberry-pi-os/

which I may have come across via this:

https://www.theregister.com/software/2026/04/15/raspberry-pi-os-ends-open-door-policy-for-sudo/5222213

The former is the official word from RPi, though. It's always worth
keeping an eye on the announcements on their website.

--
Cheers,
Daniel.

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 09/05/2026 18:35, rbowman wrote:

On Sat, 9 May 2026 09:24:32 +0100, Chris Green wrote:

I wish they'd make this sort of change more explicit. It had me confused
for a while. I have loads of other Linux based systems and I'm used to
them requiring a password for sudo so I don't have an issue with that. I
just don't like things like this changing without the change being noted
somewhere.

The RPi confused me too. If I don't have to give a password for sudo, why
do I even have to type sudo? I like consistent and the Pi was the odd man out.

I always assumed it was there (Pi's sudo) simply to avoid you doing
damage by accident, rather than to prevent others from using your login
to do damage.

'Here be Tygers' as it were...

--
"When one man dies it's a tragedy. When thousands die it's statistics."

Josef Stalin



--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

The Natural Philosopher <tnp@invalid.invalid> wrote:

On 09/05/2026 18:35, rbowman wrote:

On Sat, 9 May 2026 09:24:32 +0100, Chris Green wrote:

I wish they'd make this sort of change more explicit. It had me confused >> for a while. I have loads of other Linux based systems and I'm used to
them requiring a password for sudo so I don't have an issue with that. I >> just don't like things like this changing without the change being noted >> somewhere.

The RPi confused me too. If I don't have to give a password for sudo, why do I even have to type sudo? I like consistent and the Pi was the odd man out.

I always assumed it was there (Pi's sudo) simply to avoid you doing
damage by accident, rather than to prevent others from using your login
to do damage.

Yes, that's how I've always thought of it on the Pi, it's a way to
meke sure you know that you have root privelege rather than s security
thing.

--
Chris Green
ú

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

rbowman <bowman@montana.com> wrote:

On Sat, 9 May 2026 09:24:32 +0100, Chris Green wrote:

I wish they'd make this sort of change more explicit. It had me confused for a while. I have loads of other Linux based systems and I'm used to them requiring a password for sudo so I don't have an issue with that. I just don't like things like this changing without the change being noted somewhere.

The RPi confused me too. If I don't have to give a password for sudo, why
do I even have to type sudo? I like consistent and the Pi was the odd man out.

sudo means 'run this command as root'. Otherwise something would be run as a normal user. root has many special powers, which you ordinarily wouldn't
give to normal things. If you ran everything as root, it would have a lot
of detrimental effects beyond that command you wanted to run.

Unlike Windows, there are no 'Administrator' accounts that have extra
powers. Instead you have to temporarily borrow those powers from root via sudo. The password check is just a proof that you really have the rights to your account and intend to do this dangerous action, rather than say some script you downloaded trying to 'sudo dobadthing' without you knowing.

Theo

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Daniel James <daniel@me.invalid> writes:

On 09/05/2026 09:24, Chris Green wrote:

Are there release notes anywhere that would have told me?

I read about it somewhere. It might have been this:

https://www.raspberrypi.com/news/a-security-update-for-raspberry-pi-os/

which I may have come across via this:

https://www.theregister.com/software/2026/04/15/raspberry-pi-os-ends-open-door-policy-for-sudo/5222213

The former is the official word from RPi, though. It's always worth
keeping an eye on the announcements on their website.

The new default Pi configuration is very common for Linux (and macOS)
systems. Still, justifying the change on security grounds is rather
dubious: an attacker who compromises your non-root account can capture
any password you enter via it with the aid of a keylogger and some
patience, so in practice the password requirement is more like a
speedbump than a barrier.

If you don?t like a default configuration you can change it.

--
https://www.greenend.org.uk/rjk/

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 10 May 2026 12:27:35 +0100 (BST), Theo wrote:

Unlike Windows, there are no 'Administrator' accounts that have
extra powers.

?root? is an actual ?account that has extra powers?. Yes, it?s easy
enough to set things up so you can log directly into it. It?s your
machine, not under the control of Apple or Microsoft, you can do what
you like.

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Lawrence D?Oliveiro <ldo@nz.invalid> wrote:

On 10 May 2026 12:27:35 +0100 (BST), Theo wrote:

Unlike Windows, there are no 'Administrator' accounts that have
extra powers.

?root? is an actual ?account that has extra powers?. Yes, it?s easy
enough to set things up so you can log directly into it. It?s your
machine, not under the control of Apple or Microsoft, you can do what
you like.

On Windows, you have have a regular account with administrator privileges,
and that account can Do More Stuff. Most of the time you're being you, and
not being administrator - it's just that your account can do those extra
things when needed.

On Linux, root has administrator privileges but it's a Very Bad Idea to
use root as a regular user account, especially at the GUI. So typically you just borrow the use of root for a short while to do something and then drop back to a non-root user.

In one way of doing things you can 'login as root' eg on a console, do your things, then logout. sudo is just a way to make that more convenient when
you are logged in as another user.

That's not to say you can't login as root on the GUI and run your web
browser, but you may find things don't work properly. There are
increasingly more checks that say things like 'if uid==0 then error else
...' to guard against exploits where the attacker gets root privs.

Theo

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)