CentOSThis forum is for the discussion of CentOS Linux. Note: This forum does not have any official participation.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have paid a considerable time on my centos7 with sudo,I added local user test to /etc/sudoers via visudo as follows
Code:
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
test ALL=(ALL) ALL
also add test to wheel
Quote:
[root@ark-centos-smb4 ~]# groups test
test : bin wheel arkgrp
then su to test,run command as root get error says the user in not in sudoers file,please give some suggestion,thanks
Quote:
[root@ark-centos-smb4 ~]# su - test
Last login: Tue Aug 8 01:03:48 PDT 2017 on pts/0
[test@ark-centos-smb4 ~]$ sudo ls /root/
[sudo] password for test:
test is not in the sudoers file. This incident will be reported.
intesting, root user is also refused to run sudo
Quote:
[root@ark-centos-smb4 ~]# sudo ls
root is not allowed to run sudo on ark-centos-smb4. This incident will be reported.
"test" is a command so your system might be confused with a user by that name.
Try changing the username to "testuser".
The wheel group is not required for RHEL/CentOS like it is for some other distros. Although you can setup grants by group the fact you did it for a specific user means he doesn't need to be in wheel.
Also you mention /etc/sudoers which makes it sound as if you did a direct edit of that file. The appropriate way to edit the file is using the "visudo" command. It will check for syntax errors before you save. I'd suggest doing a visudo then a write to see if it complains of any issues.
Finally RHEL/CentOS have SELinux. If that is enabled and enforcing you may have modified context on /etc/sudoers if you did direct edit. You should check /etc/sudoers if you are in fact enforcing in SELinux.
"test" is a command so your system might be confused with a user by that name.
Try changing the username to "testuser".
tried it,not working
Quote:
The wheel group is not required for RHEL/CentOS like it is for some other distros. Although you can setup grants by group the fact you did it for a specific user means he doesn't need to be in wheel.
I add user usera to /etc/sudoers via visudo,not working,see below commands result
Code:
[root@ark-centos-smb4 ~]# su - usera
Last login: Thu Aug 17 19:14:40 PDT 2017 on pts/0
[root@ark-centos-smb4 ~]# su - usera
Last login: Thu Aug 17 19:16:16 PDT 2017 from dln-l-qx01.***.com on pts/1
[usera@ark-centos-smb4 ~]$ sudo ls
[sudo] password for usera:
usera is not in the sudoers file. This incident will be reported.
Quote:
Also you mention /etc/sudoers which makes it sound as if you did a direct edit of that file. The appropriate way to edit the file is using the "visudo" command. It will check for syntax errors before you save. I'd suggest doing a visudo then a write to see if it complains of any issues.
I edited /etc/sudoers via visudo each time
Code:
[root@ark-centos-smb4 ~]# visudo -c
/etc/sudoers: parsed OK
/etc/sudoers.d/arkgrp-users: parsed OK
Quote:
Finally RHEL/CentOS have SELinux. If that is enabled and enforcing you may have modified context on /etc/sudoers if you did direct edit. You should check /etc/sudoers if you are in fact enforcing in SELinux.
according above visudo result, /etc/sudoers has no error
thanks
visudo will check syntax but doesn't check SELinux status. Did you check whether you have that enabled and enforcing? If it is did you check the SELinux context of /etc/sudoers?
Also did you verify permissions of /etc itself and /etc/sudoers?
If you look in /var/log/secure does it show any more detail about the failure?
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
XAUTHORITY"
That is when I go to, for example, the line that appears to end in "LINGUAS _XKB_CHARSET" the "XAUTHORITY" appears to me to be a separate line. It should in fact be the end of the first line. The other things I quoted appear the same way to me.
see post #5, it was parsed. I don't know why, but visudo -c processed that.
And the sudoers file has a relatively strange behaviour: the rules are order dependent, and probably the users are disabled somewhere....
visudo will check syntax but doesn't check SELinux status. Did you check whether you have that enabled and enforcing? If it is did you check the SELinux context of /etc/sudoers?
If you look in /var/log/secure does it show any more detail about the failure?
i ran sudo with local user usera and captured /var/log/secure, /var/log/messages content
Code:
[usera@ark-centos-smb4 ~]$ sudo ls
[sudo] password for usera:
usera is not in the sudoers file. This incident will be reported.
/var/log/secure message:
Aug 21 01:03:17 ark-centos-smb4 sudo: usera : user NOT in sudoers ; TTY=pts/1 ; PWD=/home/usera ; USER=root ; COMMAND=/usr/bin/ls
/var/log/messages result:
Aug 21 01:05:21 ark-centos-smb4 nslcd[988]: [b2491e] <group/member="root"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 21 01:05:21 ark-centos-smb4 nslcd[988]: [b2491e] <group/member="root"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 21 01:05:26 ark-centos-smb4 nslcd[988]: [68239f] <group/member="postfix"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 21 01:05:26 ark-centos-smb4 nslcd[988]: [68239f] <group/member="postfix"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 21 01:05:26 ark-centos-smb4 nslcd[988]: [8049f8] <group/member="postfix"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 21 01:05:26 ark-centos-smb4 nslcd[988]: [8049f8] <group/member="postfix"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
In your sudoers file can you verify the following are actually each a single line rather than two lines as appears when I viewed your attachment:
That is when I go to, for example, the line that appears to end in "LINGUAS _XKB_CHARSET" the "XAUTHORITY" appears to me to be a separate line. It should in fact be the end of the first line. The other things I quoted appear the same way to me.
i checked the /etc/sudoers with notepad++ it shows these Defaults* lines are single line instead of two lines
see post #5, it was parsed. I don't know why, but visudo -c processed that.
And the sudoers file has a relatively strange behaviour: the rules are order dependent, and probably the users are disabled somewhere....
probably need to set logging to catch it.
by referring other posts, just want members of group arkgrp could run sudo as well
Code:
[root@ark-centos-smb4 /]# more /etc/sudoers.d/arkgrp-users
%arkgrp ALL=(ALL) ALL
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.