Sudo not available in guest login

root sudo guest-session

When I login as guest I am unable to execute any command with sudo.

E.g.:

sudo ps

returns:

sudo: unable to change to sudoers gid: Operation not permitted

How can I fix this?


This is designed as a security feature, really. The "guest" user has a locked down set of permissions and are denied access to sudo, su, and other commands.

If you need to access those commands, you can login as your own user on the TTY, through Ctrl+Alt+F1 or any of the other F# keys up to 6, and login through that, however guest user is locked out of the administrative commands and such.


It is every easy to do administrative tasks from a guest session. The su is disabled, but they cannot disable ssh.

All you have to do is ssh into an account in the sudoers list on localhost:

ssh <username>@localhost

where <username> is that of the account.


I recommend against all the solutions here, again for security reasons. In the use-case outlined by the op in his response:

A guest user is logged in and I/root come over and want to do something(say, copy a specific file from my profile to the guest's desktop) which requires root and sudo seems to be the most convenient way of doing that.

The most convenient way of doing this is to execute su [your username]. By default root has no password and you can't use that username, so use your regular admin account. You will then be prompted for your password. You can then execute what commands you wish, perhaps prepending them with sudo, typing your password again. When you are finished using your own account's permissions, type exit and they will be returned to their own prompt.


Rather than trying to fix it, consider creating a second user with sudo privileges. Hopefully this is straighforward to do via the unity ui, since I only know how to do it by editing /etc/sudoers. That way, "guest" remains unpriviliged like it's supposed to be, and you can make the second user as secure or insecure as you like.


The guest user in Ubuntu is a generated user every time you log in with guest. See:

guest-5VczkW@host:~$ grep guest /etc/passwd
guest-5VczkW:x:115:125:Guest,,,:/tmp/guest-5VczkW:/bin/bash

The name guest-5VczkW is changing with every guest session. The script that generates this user is the a script called guest-account:

which guest-account
/usr/sbin/guest-account

Now you can edit this sciript by adding the guest user to a sudo group. So every new generated guest user is added to this group that has the right to gain root-privileges.

But, I can't recommend this intrusion into the system. It's a major security risk. In your situation I would just make a new normal user called "guest" with a password that everyone knows, and add this user to the sudo group. But notice, even with this solution everyone that known the guest login can change the system significantly.

Related

Ubuntu 12.04 installer does not see Windows already installed on my computer [closed]
What is the difference between "vlc" and "VLC media player" in Ubuntu Software in Ubuntu 16.04? [duplicate]
Where can I get the latest Ubuntu Alpha or Beta?
Chromium immediate shutdown upon launch Ubuntu 16.04
How do I start developing a lens for Unity? [duplicate]
Is it possible to install Unity 6.x.x on 12.04?
Windows doesn't boot after updating to 13.10
How to disable multimedia keys entirely? 18.04 LTS
What is this structure? Can I infiltrate it?
Is there a way to reliably set rooms on fire?
Will Steam remember my saves if I uninstall Deus Ex: HR?
Is there a way to gift Blizzard games using Battle.net?