{{Header}}
'''1.''' Essentials.
{{Box|text=
The user needs to verify that the following prerequisites are met.
* Debian {{Stable project version based on Debian codename}} installed.
* A user account such as for example user user exists.
* Calling the user name user is recommended because then you could copy and paste the commands below and do not need to adjust for another user name.
}}
'''2.''' Gain administrative (root) rights. [
Use any method to gain administrative (root) rights. Gain root one way or another.
]
{{Box|text=
Becoming root is required because the following commands need to be run with administrative (root) rights as documented below. [
When a user is using ]su to gain administrative rights, the user is required to use full path to the programs addgroup, adduser, reboot because when using su the PATH environment variable is not adjusted for use with root rights. See echo "$PATH".
{{CodeSelect|lang=bash|code=
echo "$PATH"
}}
user rights PATH printout:
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
root rights PATH printout:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
By comparison, when using sudo using /full/path/to/application is not required.
* '''A)''' Debian: Use su or sudo su as documented below.
* '''B)''' Most Qubes users: same as above.
* '''C)''' Advanced Qubes users: If using a Debian minimal template or not having the passwordless-root package installed, see footnote. [
A root terminal is required to proceed which can be started from Qubes dom0 terminal as per the Qubes upstream documentation. [[Unspecific|Unspecific to {{project_name_short}}.]]
]
Try to come root by running the following command in a terminal.
{{CodeSelect|lang=bash|code=
su
}}
Executing plain su might not be possible depending on how Debian has been installed. [
If a root password has not configured during Debian installation, Debian-Installer might have already set up ]sudo.
In that case, try.
{{CodeSelect|lang=bash|code=
sudo su
}}
}}
'''3.''' Install sudo and adduser package.
{{Box|text=
'''1.''' Update the package lists.
{{CodeSelect|lang=bash|code=
apt update
}}
'''2.''' Upgrade the system.
{{CodeSelect|lang=bash|code=
apt full-upgrade
}}
'''3.''' Install sudo and adduser package.
{{CodeSelect|lang=bash|code=
apt install --no-install-recommends sudo adduser
}}
}}
'''4.''' Root rights hardening notice.
{{Box|text=
'''Note:'''
* '''A)''' Most users: No special notice.
* '''B)''' Advanced users: If the user is intending to lockdown user user by not granting root rights, see footnote. [
The following command ]/usr/sbin/adduser user sudo grants root rights to user user. If the user intents to use user user without root rights for better security, the user should omit running the /usr/sbin/adduser user sudo and instead 1) make sure that another Linux user account such as user admin is a member of Linux user group sudo and 2) adhere to the following platform specific instructions.
* Debian: Use su.
* {{q_project_name_long}}: If not installing the passwordless-root package and/or when distribution morphing a Debian minimal template into {{project_name_short}}, root terminal is required to proceed which can be started from Qubes dom0 terminal as per the Qubes upstream documentation. [[Unspecific|Unspecific to {{project_name_short}}.]]
}}
'''5.''' sudo configuration.
Optional.
Allow user user to run sudo without as password.
Note: Replace user user with your actual user name.
{{Tab
|type=controller
|content=
{{Tab
|title= ==Configuration File Method==
|active=true
|content=
Securely create file /etc/sudoers.d/user.conf using visudo.
{{CodeSelect|lang=bash|code=
echo "user ALL=(ALL:ALL) NOPASSWD:ALL" {{!}} EDITOR=tee visudo -f /etc/sudoers.d/nopassword >/dev/null
}}
}}
{{Tab
|title= ==Adduser Method==
|content=
Add user user to group sudo.
{{CodeSelect|lang=bash|code=
/usr/sbin/adduser user sudo
}}
Reboot required.
{{CodeSelect|lang=bash|code=
/sbin/reboot
}}
Gain administrative rights after reboot. Same as in step 2.
}}
}}
'''6.''' Create group console.
{{CodeSelect|lang=bash|code=
/usr/sbin/addgroup --system console
}}
'''7.''' Add your Linux account user name to group console. [
Context: [[Dev/Strong_Linux_User_Account_Isolation#Console_Lockdown|Console Lockdown]]
Required for login into a [[Desktop#Virtual_Consoles|Virtual Consoles]] which might be handy in context of [[Recovery]].
]
Note: Replace user user with your actual user name.
{{CodeSelect|lang=bash|code=
/usr/sbin/adduser user console
}}
'''8.''' Install console related packages.
This might also result in removal of plymouth, which is good, because it is [[unsupported]]. [
https://forums.kicksecure.com/t/error-plymouth-conflict-in-debian-morphing/641
]
{{CodeSelect|lang=bash|code=
sudo apt install console-data console-common kbd keyboard-configuration
}}
= Footnotes =
{{Footer}}