{{Header}}
{{IconSet|h1|1}} Essentials.
{{Box|text=
The user needs to verify that the following prerequisites are met.
* Operating system: Debian {{Stable project version based on Debian codename}} is installed.
* User account: A Linux user account exists, for example user.
* Recommended username: Using the account name user is recommended so the commands below can be copy-pasted without modification.
}}
{{IconSet|h1|2}} Gain administrative (root) rights. [
Use any method to gain administrative (root) rights. Gain root one way or another.
]
{{Box|text=
Becoming root is required because the following commands need to be run with administrative (root) rights as documented below. [
When a user is using ]su to gain administrative rights, the user is required to use full path to the programs addgroup, adduser, reboot because when using su the PATH environment variable is not adjusted for use with root rights. See echo "$PATH".
{{CodeSelect|lang=bash|code=
echo "$PATH"
}}
user rights PATH printout:
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
root rights PATH printout:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
By comparison, when using sudo using /full/path/to/application is not required.
* '''A)''' Debian: Use su or sudo su as documented below.
* '''B)''' Most Qubes users: same as above.
* '''C)''' Advanced Qubes users: If using a Debian minimal template or not having the passwordless-root package installed, see footnote. [
A root terminal is required to proceed which can be started from Qubes dom0 terminal as per the Qubes upstream documentation. [[Unspecific|Unspecific to {{project_name_short}}.]]
]
Try to become root by running the following command in a terminal.
{{CodeSelect|lang=bash|code=
su
}}
Executing plain su might not be possible depending on how Debian has been installed. [
If a root password has not configured during Debian installation, Debian-Installer might have already set up ]sudo.
In that case, try.
{{CodeSelect|lang=bash|code=
sudo su
}}
}}
{{IconSet|h1|3}} Install sudo and adduser package.
{{Box|text=
{{IconSet|h2|1}} Update the package lists.
{{CodeSelect|lang=bash|code=
apt update
}}
{{IconSet|h2|2}} Upgrade the system.
{{CodeSelect|lang=bash|code=
apt full-upgrade
}}
{{IconSet|h2|3}} Install sudo and adduser package.
{{CodeSelect|lang=bash|code=
apt install --no-install-recommends sudo adduser
}}
}}
{{IconSet|h1|4}} Root rights hardening notice.
{{Box|text=
'''Note:'''
* '''A)''' Most users: No special notice.
* '''B)''' Advanced users: If the user is intending to lock down account user by not granting root rights, see footnote. [
The following command ]/usr/sbin/adduser user sudo grants root rights to account user. If the user intends to use account user without root rights for better security, the user should omit running the /usr/sbin/adduser user sudo and instead 1) make sure that another Linux user account such as user sysmaint is a member of Linux user group sudo and 2) adhere to the following platform specific instructions.
* Debian: Use su.
* {{q_project_name_long}}: If not installing the passwordless-root package and/or when distribution morphing a Debian minimal template into {{project_name_short}}, root terminal is required to proceed which can be started from Qubes dom0 terminal as per the Qubes upstream documentation. [[Unspecific|Unspecific to {{project_name_short}}.]]
}}
{{IconSet|h1|5}} sudo configuration.
{{box|text=
Allow account user to run sudo without a password.
Optional.
Select a method.
Note: Replace account user with your actual user name.
{{Tab
|type=controller
|content=
{{Tab
|title= ==Configuration File Method==
|active=true
|content=
Securely create file /etc/sudoers.d/user.conf using visudo.
{{CodeSelect|lang=bash|code=
echo "user ALL=(ALL:ALL) NOPASSWD:ALL" {{!}} EDITOR=tee visudo -f /etc/sudoers.d/nopassword >/dev/null
}}
}}
{{Tab
|title= ==Adduser Method==
|content=
Add account user to group sudo.
{{CodeSelect|lang=bash|code=
/usr/sbin/adduser user sudo
}}
Reboot required.
{{CodeSelect|lang=bash|code=
/sbin/reboot
}}
Gain administrative rights after reboot. Same as in step 2.
}}
}}
}}
{{IconSet|h1|6}} Create group console.
{{CodeSelect|lang=bash|code=
/usr/sbin/addgroup --system console
}}
{{IconSet|h1|7}} Add your Linux account user name to group console. [
Context: [[Dev/Strong_Linux_User_Account_Isolation#Console_Lockdown|Console Lockdown]]
Required for login into a [[Desktop#Virtual_Consoles|Virtual Consoles]] which might be handy in context of [[Recovery]].
]
Note: Replace account user with your actual user name.
{{CodeSelect|lang=bash|code=
/usr/sbin/adduser user console
}}
{{IconSet|h1|8}} Install console related packages.
Note: This might also result in removal of plymouth, which is good, because it is [[unsupported]]. [
https://forums.kicksecure.com/t/error-plymouth-conflict-in-debian-morphing/641
]
{{CodeSelect|lang=bash|code=
sudo apt install console-data console-common kbd keyboard-configuration
}}
= Footnotes =
{{Footer}}