sudo user

Posted Aug 21, 2025 10:55 UTC (Thu) by alx.manpages (subscriber, #145117)
In reply to: sudo user by josh
Parent article: Lucky 13: a look at Debian trixie

Could you please separate it into two questions?

I want a root password for login as root,
and I also want sudo(8) for my primary account.

Which means that with the current installer I currently am forced to set up sudo(8) after installation.

sudo user

Posted Aug 21, 2025 12:43 UTC (Thu) by rschroev (subscriber, #4164) [Link] (9 responses)

Or skip the root password when installing, then after installation set a root password.

sudo user

Posted Aug 21, 2025 19:07 UTC (Thu) by alx.manpages (subscriber, #145117) [Link] (8 responses)

> Or skip the root password when installing, then after installation set a root password.

Yup, that's an alternative I always thought should be possible.

I never tried it, though. Since I know my approach works, it always felt risky to try it in the other way. :)

Also, I have a sudoers file that I just cp(1) into /etc/sudoers.d and it works, which is easy. (Although it is painful to install and configure sudo(8) until I actually have sudo(8).)

sudo user

Posted Aug 30, 2025 21:23 UTC (Sat) by josh (subscriber, #17465) [Link] (7 responses)

Yeah, I have a Debian package that installs the configuration I want for sudo (and other packages for other things).

sudo user

Posted Aug 31, 2025 5:49 UTC (Sun) by alx.manpages (subscriber, #145117) [Link] (6 responses)

So, would you split the question into two separate questions?

- Enter password for root:

- Do you want sudo(8) for the main user?

(Of course, with more wording than that.)

sudo user

Posted Oct 1, 2025 12:50 UTC (Wed) by josh (subscriber, #17465) [Link] (5 responses)

Ideally, I'd have the default (non-expert) install unconditionally install and enable sudo for the initial admin user, not prompt for a root password at all, and let people who want to have a root password run `passwd root` or graphical equivalent.

For an expert-level install, the simplest improvement would be to reorder the prompts. First set up an initial user. If not skipped, prompt for setting up sudo (default yes, skipped and set to no if no initial user). And after that, ask "don't set up a root password (default)"/"use the same password"/"set a different root password", with options disabled depending on previous questions.

sudo user

Posted Oct 14, 2025 11:34 UTC (Tue) by taladar (subscriber, #68407) [Link] (4 responses)

The main use for a root password is for failed boots, isn't it? How does the sudo setup with a password less root user handle this case? I have never really had a system with a root user without a password.

sudo user

Posted Oct 14, 2025 12:19 UTC (Tue) by dskoll (subscriber, #1630) [Link] (1 responses)

If you can't log in as root, then you have to fix a broken boot by booting from external rescue media, I guess. Which can be annoying if your machine is remote, but you have a KVM-over-IP box. So I too always set a root password on my machines.

sudo user

Posted Oct 16, 2025 8:24 UTC (Thu) by taladar (subscriber, #68407) [Link]

It is not even just annoying, it also potentially makes it impossible to figure out what the problem is in the first place since most boot failures happen before logging to persistent media is enabled so you need to know what state the initrd based system is in at the time of failure to figure out what went wrong.

sudo user

Posted Oct 14, 2025 16:17 UTC (Tue) by PhilippWendler (subscriber, #126612) [Link] (1 responses)

You just get a shell without password prompt.

sudo user

Posted Oct 14, 2025 18:11 UTC (Tue) by rschroev (subscriber, #4164) [Link]

There are ways around it, but by default you can't login in rescue mode when you didn't set a root password:

"Cannot open access to console, the root account is locked.
See sulogin(8) man page for more details."

AFAIK that's the main reason why people often recommend to set a root password.