1. Forum
  2. USENET
  3. comp.sys.raspberry-pi

  • New installation asks for password when I 'sudo -i'

    From Chris Green@cl@isbd.net to comp.sys.raspberry-pi on Fri May 8 21:20:54 2026
    From Newsgroup: comp.sys.raspberry-pi

    All my pis until now allow me to get root privileges by doing 'sudo
    -i' without entering my password.

    One I have just installed does request my password when I do 'sudo -i'.

    Can anyone suggest why this new one acts differently?

    I have checked that /etc/sudoers is the same on the new system as on
    all others. I have also checked that my user is in all the same
    groups in /etc/group.

    All systems are running the latest Raspbian with kernel 6.12.75.
    --
    Chris Green
    -+
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Chris Green@cl@isbd.net to comp.sys.raspberry-pi on Fri May 8 21:39:39 2026
    From Newsgroup: comp.sys.raspberry-pi

    Chris Green <cl@isbd.net> wrote:
    All my pis until now allow me to get root privileges by doing 'sudo
    -i' without entering my password.

    One I have just installed does request my password when I do 'sudo -i'.

    Can anyone suggest why this new one acts differently?

    I have checked that /etc/sudoers is the same on the new system as on
    all others. I have also checked that my user is in all the same
    groups in /etc/group.

    All systems are running the latest Raspbian with kernel 6.12.75.

    Ah, I finally found the difference, all systems except the new pi have
    a file /etc/sudoers.d/010_pi-nopasswd which provides the no password
    "sudo -i".

    The remaining question is why the latest system didn't get this file
    installed. Has rpi-imager been changed so that it no longer installs
    it?
    --
    Chris Green
    -+
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Knute Johnson@knute2025@585ranch.com to comp.sys.raspberry-pi on Fri May 8 16:33:43 2026
    From Newsgroup: comp.sys.raspberry-pi

    On 5/8/26 15:39, Chris Green wrote:
    Chris Green <cl@isbd.net> wrote:
    All my pis until now allow me to get root privileges by doing 'sudo
    -i' without entering my password.

    One I have just installed does request my password when I do 'sudo -i'.

    Can anyone suggest why this new one acts differently?

    I have checked that /etc/sudoers is the same on the new system as on
    all others. I have also checked that my user is in all the same
    groups in /etc/group.

    All systems are running the latest Raspbian with kernel 6.12.75.

    Ah, I finally found the difference, all systems except the new pi have
    a file /etc/sudoers.d/010_pi-nopasswd which provides the no password
    "sudo -i".

    The remaining question is why the latest system didn't get this file installed. Has rpi-imager been changed so that it no longer installs
    it?


    As I understand it, the latest OS image now has that limitation that you
    need a password for sudo. My Xubuntu desktop has been like that for
    years. 25 years ago I had BSD installed on a 386 and it required a
    separate password for root. They are just trying to make the computers
    a little more secure. They got rid of pi and raspberry a couple of
    years ago. This is just one more step in that direction.
    --

    Knute Johnson
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From rbowman@bowman@montana.com to comp.sys.raspberry-pi on Sat May 9 00:50:23 2026
    From Newsgroup: comp.sys.raspberry-pi

    On Fri, 8 May 2026 21:39:39 +0100, Chris Green wrote:


    The remaining question is why the latest system didn't get this file installed. Has rpi-imager been changed so that it no longer installs
    it?

    It was a deliberate decision to require a password for sudo in the latest release. That's been the norm in most Linux distros for years. Pi was the exception.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From The Natural Philosopher@tnp@invalid.invalid to comp.sys.raspberry-pi on Sat May 9 03:38:29 2026
    From Newsgroup: comp.sys.raspberry-pi

    On 08/05/2026 21:39, Chris Green wrote:
    Chris Green <cl@isbd.net> wrote:
    All my pis until now allow me to get root privileges by doing 'sudo
    -i' without entering my password.

    One I have just installed does request my password when I do 'sudo -i'.

    Can anyone suggest why this new one acts differently?

    I have checked that /etc/sudoers is the same on the new system as on
    all others. I have also checked that my user is in all the same
    groups in /etc/group.

    All systems are running the latest Raspbian with kernel 6.12.75.

    Ah, I finally found the difference, all systems except the new pi have
    a file /etc/sudoers.d/010_pi-nopasswd which provides the no password
    "sudo -i".

    The remaining question is why the latest system didn't get this file installed. Has rpi-imager been changed so that it no longer installs
    it?

    Everybody is fashionably conscientious about 'security' these days...
    --
    WOKE is an acronym... Without Originality, Knowledge or Education.

    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Chris Green@cl@isbd.net to comp.sys.raspberry-pi on Sat May 9 09:24:32 2026
    From Newsgroup: comp.sys.raspberry-pi

    rbowman <bowman@montana.com> wrote:
    On Fri, 8 May 2026 21:39:39 +0100, Chris Green wrote:


    The remaining question is why the latest system didn't get this file installed. Has rpi-imager been changed so that it no longer installs
    it?

    It was a deliberate decision to require a password for sudo in the latest release. That's been the norm in most Linux distros for years. Pi was the exception.

    I wish they'd make this sort of change more explicit. It had me
    confused for a while. I have loads of other Linux based systems and
    I'm used to them requiring a password for sudo so I don't have an
    issue with that. I just don't like things like this changing without
    the change being noted somewhere.

    Are there release notes anywhere that would have told me?
    --
    Chris Green
    -+
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Daniel James@daniel@me.invalid to comp.sys.raspberry-pi on Sat May 9 10:47:16 2026
    From Newsgroup: comp.sys.raspberry-pi

    On 09/05/2026 09:24, Chris Green wrote:
    Are there release notes anywhere that would have told me?

    I read about it somewhere. It might have been this:

    https://www.raspberrypi.com/news/a-security-update-for-raspberry-pi-os/

    which I may have come across via this:

    https://www.theregister.com/software/2026/04/15/raspberry-pi-os-ends-open-door-policy-for-sudo/5222213

    The former is the official word from RPi, though. It's always worth
    keeping an eye on the announcements on their website.
    --
    Cheers,
    Daniel.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From wibble@bibble.com.invalid@wibble@bibble.com.invalid to comp.sys.raspberry-pi on Sat May 9 12:09:54 2026
    From Newsgroup: comp.sys.raspberry-pi

    On Fri, 8 May 2026 21:20:54 +0100, Chris Green <cl@isbd.net> wrote:

    All my pis until now allow me to get root privileges by doing 'sudo
    -i' without entering my password.

    One I have just installed does request my password when I do 'sudo -i'.

    Can anyone suggest why this new one acts differently?

    I have checked that /etc/sudoers is the same on the new system as on
    all others. I have also checked that my user is in all the same
    groups in /etc/group.

    All systems are running the latest Raspbian with kernel 6.12.75.


    https://www.theregister.com/software/2026/04/15/raspberry-pi-os-ends-open-door-policy-for-sudo/5222213
    --
    NNNN
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From rbowman@bowman@montana.com to comp.sys.raspberry-pi on Sat May 9 17:35:03 2026
    From Newsgroup: comp.sys.raspberry-pi

    On Sat, 9 May 2026 09:24:32 +0100, Chris Green wrote:

    I wish they'd make this sort of change more explicit. It had me confused
    for a while. I have loads of other Linux based systems and I'm used to
    them requiring a password for sudo so I don't have an issue with that. I
    just don't like things like this changing without the change being noted somewhere.

    The RPi confused me too. If I don't have to give a password for sudo, why
    do I even have to type sudo? I like consistent and the Pi was the odd man
    out.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From The Natural Philosopher@tnp@invalid.invalid to comp.sys.raspberry-pi on Sun May 10 00:55:28 2026
    From Newsgroup: comp.sys.raspberry-pi

    On 09/05/2026 18:35, rbowman wrote:
    On Sat, 9 May 2026 09:24:32 +0100, Chris Green wrote:

    I wish they'd make this sort of change more explicit. It had me confused
    for a while. I have loads of other Linux based systems and I'm used to
    them requiring a password for sudo so I don't have an issue with that. I
    just don't like things like this changing without the change being noted
    somewhere.

    The RPi confused me too. If I don't have to give a password for sudo, why
    do I even have to type sudo? I like consistent and the Pi was the odd man out.

    I always assumed it was there (Pi's sudo) simply to avoid you doing
    damage by accident, rather than to prevent others from using your login
    to do damage.

    'Here be Tygers' as it were...
    --
    "When one man dies it's a tragedy. When thousands die it's statistics."

    Josef Stalin


    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Chris Green@cl@isbd.net to comp.sys.raspberry-pi on Sun May 10 08:45:25 2026
    From Newsgroup: comp.sys.raspberry-pi

    The Natural Philosopher <tnp@invalid.invalid> wrote:
    On 09/05/2026 18:35, rbowman wrote:
    On Sat, 9 May 2026 09:24:32 +0100, Chris Green wrote:

    I wish they'd make this sort of change more explicit. It had me confused >> for a while. I have loads of other Linux based systems and I'm used to
    them requiring a password for sudo so I don't have an issue with that. I >> just don't like things like this changing without the change being noted >> somewhere.

    The RPi confused me too. If I don't have to give a password for sudo, why do I even have to type sudo? I like consistent and the Pi was the odd man out.

    I always assumed it was there (Pi's sudo) simply to avoid you doing
    damage by accident, rather than to prevent others from using your login
    to do damage.

    Yes, that's how I've always thought of it on the Pi, it's a way to
    meke sure you know that you have root privelege rather than s security
    thing.
    --
    Chris Green
    -+
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Richard Kettlewell@invalid@invalid.invalid to comp.sys.raspberry-pi on Sun May 10 10:49:33 2026
    From Newsgroup: comp.sys.raspberry-pi

    Daniel James <daniel@me.invalid> writes:
    On 09/05/2026 09:24, Chris Green wrote:
    Are there release notes anywhere that would have told me?

    I read about it somewhere. It might have been this:

    https://www.raspberrypi.com/news/a-security-update-for-raspberry-pi-os/

    which I may have come across via this:

    https://www.theregister.com/software/2026/04/15/raspberry-pi-os-ends-open-door-policy-for-sudo/5222213

    The former is the official word from RPi, though. It's always worth
    keeping an eye on the announcements on their website.

    The new default Pi configuration is very common for Linux (and macOS)
    systems. Still, justifying the change on security grounds is rather
    dubious: an attacker who compromises your non-root account can capture
    any password you enter via it with the aid of a keylogger and some
    patience, so in practice the password requirement is more like a
    speedbump than a barrier.

    If you donrCOt like a default configuration you can change it.
    --
    https://www.greenend.org.uk/rjk/
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Theo@theom+news@chiark.greenend.org.uk to comp.sys.raspberry-pi on Sun May 10 12:27:35 2026
    From Newsgroup: comp.sys.raspberry-pi

    rbowman <bowman@montana.com> wrote:
    On Sat, 9 May 2026 09:24:32 +0100, Chris Green wrote:

    I wish they'd make this sort of change more explicit. It had me confused for a while. I have loads of other Linux based systems and I'm used to them requiring a password for sudo so I don't have an issue with that. I just don't like things like this changing without the change being noted somewhere.

    The RPi confused me too. If I don't have to give a password for sudo, why
    do I even have to type sudo? I like consistent and the Pi was the odd man out.

    sudo means 'run this command as root'. Otherwise something would be run as a normal user. root has many special powers, which you ordinarily wouldn't
    give to normal things. If you ran everything as root, it would have a lot
    of detrimental effects beyond that command you wanted to run.

    Unlike Windows, there are no 'Administrator' accounts that have extra
    powers. Instead you have to temporarily borrow those powers from root via sudo. The password check is just a proof that you really have the rights to your account and intend to do this dangerous action, rather than say some script you downloaded trying to 'sudo dobadthing' without you knowing.

    Theo
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From rbowman@bowman@montana.com to comp.sys.raspberry-pi on Sun May 10 17:21:30 2026
    From Newsgroup: comp.sys.raspberry-pi

    On Sun, 10 May 2026 08:45:25 +0100, Chris Green wrote:

    The Natural Philosopher <tnp@invalid.invalid> wrote:
    On 09/05/2026 18:35, rbowman wrote:
    On Sat, 9 May 2026 09:24:32 +0100, Chris Green wrote:

    I wish they'd make this sort of change more explicit. It had me
    confused for a while. I have loads of other Linux based systems and
    I'm used to them requiring a password for sudo so I don't have an
    issue with that. I just don't like things like this changing without
    the change being noted somewhere.

    The RPi confused me too. If I don't have to give a password for sudo,
    why do I even have to type sudo? I like consistent and the Pi was the
    odd man out.

    I always assumed it was there (Pi's sudo) simply to avoid you doing
    damage by accident, rather than to prevent others from using your login
    to do damage.

    Yes, that's how I've always thought of it on the Pi, it's a way to meke
    sure you know that you have root privelege rather than s security thing.

    iirc it was SuSE in the early 2000's that switched the wallpaper to bright
    red with black cartoon-style bombs if you were running as root. Life was simpler then -- every Linux and AIX box in our shop had the same root password, wolf359.

    Was Ubuntu the first distro that more or less bypassed setting up an
    explicit root account?

    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Lawrence =?iso-8859-13?q?D=FFOliveiro?=@ldo@nz.invalid to comp.sys.raspberry-pi on Sun May 10 19:46:33 2026
    From Newsgroup: comp.sys.raspberry-pi

    On 10 May 2026 12:27:35 +0100 (BST), Theo wrote:

    Unlike Windows, there are no 'Administrator' accounts that have
    extra powers.

    rCLrootrCY is an actual rCLaccount that has extra powersrCY. Yes, itrCOs easy enough to set things up so you can log directly into it. ItrCOs your
    machine, not under the control of Apple or Microsoft, you can do what
    you like.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Theo@theom+news@chiark.greenend.org.uk to comp.sys.raspberry-pi on Mon May 11 12:25:44 2026
    From Newsgroup: comp.sys.raspberry-pi

    Lawrence DrCOOliveiro <ldo@nz.invalid> wrote:
    On 10 May 2026 12:27:35 +0100 (BST), Theo wrote:

    Unlike Windows, there are no 'Administrator' accounts that have
    extra powers.

    rCLrootrCY is an actual rCLaccount that has extra powersrCY. Yes, itrCOs easy enough to set things up so you can log directly into it. ItrCOs your
    machine, not under the control of Apple or Microsoft, you can do what
    you like.

    On Windows, you have have a regular account with administrator privileges,
    and that account can Do More Stuff. Most of the time you're being you, and
    not being administrator - it's just that your account can do those extra
    things when needed.

    On Linux, root has administrator privileges but it's a Very Bad Idea to
    use root as a regular user account, especially at the GUI. So typically you just borrow the use of root for a short while to do something and then drop back to a non-root user.

    In one way of doing things you can 'login as root' eg on a console, do your things, then logout. sudo is just a way to make that more convenient when
    you are logged in as another user.

    That's not to say you can't login as root on the GUI and run your web
    browser, but you may find things don't work properly. There are
    increasingly more checks that say things like 'if uid==0 then error else
    ...' to guard against exploits where the attacker gets root privs.

    Theo
    --- Synchronet 3.22a-Linux NewsLink 1.2