How might I use script /usr/bin/su-to-root
after I have intentionally locked the root account?
Running Debian GNU/Linux 6.0.5 "squeeze" and noticed menu item "System > Administration > Synaptic Package Manager" has default command:
su-to-root -X -c /usr/sbin/synaptic
which fails even though I provide the correct root password.
I have locked the root account (via command sudo passwd -l root
) after granting my normal user sudo access via file /etc/sudoers.
Via the su-to-root man page, I tried modifying the command to use a specific user:
su-to-root -X -p "user" -c /usr/sbin/synaptic
but this did not seem to work.
In both cases, after three failed authentications, I receive message:
"Starting without administrative privileges. You will not be able to
apply any changes. But you can still export the marked changes or
create a download script for
Any ideas?
Traces of the script:
k@bucket:/tmp$ bash -x /tmp/su-to-root -X -c /usr/sbin/synaptic
+ test -r /etc/su-to-rootrc
+ test -r /home/k/.su-to-rootrc
+ PRIV=root
+ COMMAND=
+ NEEDS=text
++ which gettext
+ gettext=/usr/bin/gettext
+ for i in '"$@"'
+ case "$prev" in
+ prev=-X
+ for i in '"$@"'
+ case "$prev" in
+ NEEDS=X11
+ prev=-c
+ for i in '"$@"'
+ case "$prev" in
+ COMMAND=/usr/sbin/synaptic
+ prev=/usr/sbin/synaptic
+ '[' -z /usr/sbin/synaptic ']'
++ id -u
+ euid=1000
++ id -u root
+ privid=0
+ test 1000 = 0
+ case $NEEDS in
+ test -z ''
+ which gksu
+ SU_TO_ROOT_X=gksu
+ test X = Xtrue
+ case $SU_TO_ROOT_X in
+ gksu -u root /usr/sbin/synaptic
k@bucket:/tmp$
and
k@bucket:/tmp$ bash -x /tmp/su-to-root -X -p k -c /usr/sbin/synaptic
+ test -r /etc/su-to-rootrc
+ test -r /home/k/.su-to-rootrc
+ PRIV=root
+ COMMAND=
+ NEEDS=text
++ which gettext
+ gettext=/usr/bin/gettext
+ for i in '"$@"'
+ case "$prev" in
+ prev=-X
+ for i in '"$@"'
+ case "$prev" in
+ NEEDS=X11
+ prev=-p
+ for i in '"$@"'
+ case "$prev" in
+ PRIV=k
+ prev=k
+ for i in '"$@"'
+ case "$prev" in
+ prev=-c
+ for i in '"$@"'
+ case "$prev" in
+ COMMAND=/usr/sbin/synaptic
+ prev=/usr/sbin/synaptic
+ '[' -z /usr/sbin/synaptic ']'
++ id -u
+ euid=1000
++ id -u k
+ privid=1000
+ test 1000 = 1000
+ sh -c /usr/sbin/synaptic
k@bucket:/tmp$
Best Answer
Create a file named '~/.su-to-rootrc' with contents 'SU_TO_ROOT_SU="sudo"'.
Example:
echo 'SU_TO_ROOT_SU="sudo"'>~/.su-to-rootrc
Or create it system wide at /etc. su-to-root without this rc file always tries su, which does not work with blocked root accout. If you create the rc file, it uses sudo instead and everything is fine.