Join Log in
Score:1
user83455 avatar Server

Why same user has different password and system properties over SSH and GUI login (Debian)?

it flag
user83455

I am using a VM on Google Cloud Platform. Once created it can be accessed through SSH through the GCP web GUI. When I access through SSH, I can use sudo to perform privileged actions. When I access through a GUI method such as Chrome Desktop or VNC, I do not have sudo privilege. However I get my same username through whoami in either case.

I am confused because I have some assumptions:

  • whoami indicates the current user by their name.
  • There is only one user for a given name on the whole system, and vice versa.
  • sudo applies to the current user (the same one as whoami)
  • A user's authentication and sudo properties are the same across the whole system.

If these are true I don't understand how there is different sudo behavior when I log in different ways.

Update 3:

I ran sudo usermod -aG sudo username and after rebooting the user has sudo privileges everywhere. Nothing changed in the sudoers files. I didn't think to check the groups file before making the change.

I think everything is fine now from a practical aspect. I still don't understand how the same user can have different sudo privileges in different places.

Update 2:

In /etc/sudoers the non-commented lines (and directive) are:

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root    ALL=(ALL:ALL) ALL
%sudo   ALL=(ALL:ALL) ALL
#includedir /etc/sudoers.d

in sudoers.d is google_sudoers containing

%google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL

OS version: Debian 10 (buster) Linux 4.19.0-17-cloud-amd64

Update:

Unfortunately maybe it could be caused by some features Google have added relating to a google-sudoers group.

Relevant logs from /var/log/auth.log

gpasswd[2309]: user user_me added by root to group google-sudoers

Succcessful sudo:

sudo: user_me : TTY=pts/2 ; PWD=/home/user_me ; USER=root ; COMMAND=/usr/bin/echo test
sudo: pam_unix(sudo:session): session opened for user root by user_me(uid=0)
sudo: pam_unix(sudo:session): session closed for user root

Unsuccessful sudo:

sudo: user_me : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/user_me ; USER=root ; COMMAND=/usr/bin/echo test

I still am not sure how the behavior can be different for the same user.

145
0 + 1
John Hanley avatar
cn flag
John Hanley
Try adding your username o the sudo group: **sudo usermod -aG sudo username**. If that solves the problem compare the differences.
0
Reply
Goli Nikitha avatar
ng flag
Goli Nikitha
Need of some additional information to troubleshoot this issue : 1.Run 'tail -f /var/log/auth.log' and let each user logon to see if there are any issues and also Run "id -a" and provide the output. 2.Can you confirm if the VM is using OSLOGIN and the image used by the VM is a google provided one?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.