In a fresh installation of a 10.4, the installation of pihole gives
Elaborazione dei trigger per mime-support (3.62)...
--------------------------------------------------------------------------------
[✓] Enabling lighttpd service to start on reboot...
[i] Creating user 'pihole'...main: riga 1893: useradd: comando non trovato
[✗] Creating user 'pihole'
Plese note:
riga 1893: useradd: command non found
This because for securiry reasond there is NO /usr/sbin path in the default path of root user
Looks like you've executed Pi-hole's installaton script from a shell with elevated priviliges (e.g. by su root).
You should be aware that starting with Debian Buster, su will not inherit environment settings as its predecessors did, see also the original su maintainer's comment on a related Debian bug report (wontfix).
EDIT: Qouting:
This change is intentional and aligns su with its documented behaviour. I would also like to stress that using plain 'su' is DANGEROUS because it means you're running a shell as root with the environment inherited from another user.
(...)
You should thus ALWAYS use 'su -' (or even better, don't use su at all in favour of other alternatives like 'sudo -i').
Pi-hole's installation script handles necessary access control itself, so there's no need to elevate to su (and that's not a good practice anyhow, prefer sudo over su whenever you can).
pi@ph5:~ $ apt show passwd
[..]
Description: change and administer password and group data
This package includes passwd, chsh, chfn, and many other programs to
maintain password and group data.
.
Shadow passwords are supported. See /usr/share/doc/passwd/README.Debian
What does below four output?
LC_ALL=C hostnamectl | tail -3
LC_ALL=C apt policy passwd
dpkg -L passwd | grep -v share
echo $PATH
EDIT: added one and run above ones with a non root user.
Why is that ?
Isnt debian-10.4.0-amd64-netinst.iso just an ISO to boot from initially for installation.
I believe it allows you to select what you want to install like minimal or to desktop etc.
Its just the netinstall version of Debian instead of a full CDROM/DVD to boot from.
Attach the ISO to a VM and boot from it to install to desired disk location ... full or minimal.
At least thats how I install Debian in a VM.
Thanks. We will change our ansible playbook to deploy new machines to install sudo.
We are using netinst with some automation because is small and we need nothing else. We will try to do automation using full cd but we chooses netinst because it creates smallest footprint
I will update you we find problems
Please note that I keep in great value all your security suggestions. We never expose pihole directly but only using OpenVPN.
These vps are used only for this and no other entities has access to our machines. No end user accesses our vpa. Every install happens only with clean vps. No other sw is installed a parte pihole and OpenVPN.
So we are not risking nothing or not so much using a normal users. I think and hope. But I will change our deployment to accomplish better security .
Sure, if you use is as intended and boot it up, follow the prompts, download the additional packages and all that.
Using it as a template skips all that and all you get is the very minimal OS, which is fine but you then need to install the missing packages to even get the installer script to start up.
Just a friendly reminder, if you're sending user information (paid customers?) through Pi-hole and pihole-FTL is handling their DNS then you are required to provide those users with a copy of our copyrights.
