LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-16-2014, 02:05 PM   #1
selfprogrammed
Member
 
Registered: Jan 2010
Location: Minnesota, USA
Distribution: Slackware 13.37
Posts: 290

Rep: Reputation: 55
SUDO user not in sudoers


I have edited with visudo, to try to make sudo somewhat useful.
I have already searched the internet and LinuxQuestions for explanations but have more confusion. Other users report the same problem, without solutions. There are many responses, none of which put a finger on the problem. The suggestions vary in usefulness.

I have explored the man sudoers page and have copied almost literally from it.
This is Slackware, running Linux 2.6. It is not very helpful if all you got is to point out that you have the means to run some more recent kernel. I get too many of that type of response.

Have edited everything with visudo and have not got any errors, and root can sudo.

Have several lines that should allow some users to sudo, but sudo will not accept anyone except root.
Everyone else is "not in sudoers", I tried my new manageruser and my personal account.
Even "sudo -l" does not work (except for root).
This is in spite of specifying.
Defaults listpw=never

I already know that some of this is redundant, but
nothing seems to work in getting any user recognition.

Cmd_Alias SHUTDOWN= /sbin/shutdown /usr/sbin/halt /sbin/reboot
I did check with whereis on all the alias commands for the right directory.

There are several group privs.
%users localhost= (ALL) SHUTDOWN
%users localhost= (ALL) /sbin/halt
%power localhost= (ALL) SHUTDOWN
It seems that there is also a wheel group and a sudo group that are used for nearly the same thing, to have sudo group privs.
But I get nasty messages from sudo if I try to halt from manageruser (who is also in power group).
>> sudo halt

There are specific lines (like in the man sudo page).
manageruser localhost= (ALL) DUMPS SHUTDOWN PRINTING

Even tried:
manageruser ALL= (ALL) ALL

I managed to change my log file and that worked.
Defaults logfile=/var/log/sudo
I get a log message every time any user (other than root) tries to do "sudo -l". It has no other errors in the log.

Also some other things are not recognized. No actual errors, but "sudo -V" indicates it is still using defaults.
Defaults runas_default=manageruser
Defaults mailto="manageruser"
Defaults !mail_no_user

But root running sudo -V still reports (from memory):
Runas default is : root
When user is not in sudoers send mail to : root


I also have some other lines but cannot see how they could block all users, or cause
sudo defaults to be ignored.
Defaults requiretty, use_pty
A Linux console meets the requirements of requiretty, doesn't it??

sudo -L
indicates that these things should be settable.

These recent changes did not change how sudo works. I have not successfully used sudo, even when it had only the root line and %users line for "/sbin/shutdown -t now".

Last edited by selfprogrammed; 06-16-2014 at 10:47 PM.
 
Old 06-16-2014, 04:38 PM   #2
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,838

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Instead of
Quote:
manageruser ALL: (ALL) ALL
Should be
Quote:
<username> ALL=(ALL:ALL) ALL
or just copy the ALL the same way it's written for root.
Also I usually put my listing right under the root entry.
 
Old 06-16-2014, 10:26 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,394

Rep: Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199Reputation: 2199
Did you see this? http://gnu-linux-slackware.blogspot....oers-file.html

I'll assume wheel has access to most root commands in slack.
 
Old 06-16-2014, 11:04 PM   #4
selfprogrammed
Member
 
Registered: Jan 2010
Location: Minnesota, USA
Distribution: Slackware 13.37
Posts: 290

Original Poster
Rep: Reputation: 55
Sorry, I typed it wrong in this forum, it is = in the sudoers file. It would have detected errors if I was using colons.

I turned off the requiretty line and added some more
lines with variations of manageruser. I did manage to get "sudo -l" to give results, but it seems to ignore the original manageruser line, and it ignores all the group permissive commands.

These three commands all work, and apparently at least one is necessary to
enable "sudo -l" for the manageruser.
manageruser ALL=(ALL) /sbin/lspci
manageruser localhost=(ALL) /sbin/lsmod
manageruser ALL=(ADMIN) /bin/powertop

This line does not work, and does not enable "sudo -l" to work.
manageruser localhost=(ADMIN) NOPASSWD: DUMPS, SHUTDOWN, PRINTING

However it does not give any errors.
It must be the Alias or the commas ??

This is also ignored in the "sudo -l" listing, even though manageruser is a power group member.
%power localhost= NOPASSWD: SHUTDOWN

The "sudo -l" listing does list the mailto and !mail_no_user as applying to the user.
But the "sudo -V" command gives different results that look like compiled defaults.

The slackware blog about wheel is information I already knew (and some other groups like users, sudo, and power).
I have more specific groups.
But, I cannot use any such command if groups are going to be ignored by sudo.

So, if you are using such a sudo group command, what does "sudo -l" show for you for a user that is only in the wheel group or the sudo group and has no more specific sudo lines?

Last edited by selfprogrammed; 06-16-2014 at 11:16 PM.
 
Old 06-17-2014, 08:58 AM   #5
saivinoba
Member
 
Registered: Oct 2007
Distribution: Gentoo, Gentoo ~amd64, Linux Mint 17
Posts: 48

Rep: Reputation: 9
Hi,

Sorry, but your post is confusing to read (for me). Not using code/quote tags is also problem. It's not clear what exactly is the problem. From what I have understood,
1. sudo command is not working for you (for your username)
2. you created a test account 'manageruser' but it would not work even with that user account
3. some commands seem to work. For eg. manageruser ALL=(ALL) /sbin/lspci
4. some commands esp aliases don't work. For eg. manageruser localhost=(ADMIN) NOPASSWD: DUMPS, SHUTDOWN, PRINTING

You can verify that,
1. your users are members of group wheel (or sudo)
2. relevent line (eg. %wheel ALL=(ALL) ALL) is not commented out.
3. There are no typos or other mistakes in the file. For example,
a) It's Cmnd_Alias not Cmd_Alias
b) The commands should be comma seperated. "Cmd_Alias SHUTDOWN= /sbin/shutdown /usr/sbin/halt /sbin/reboot"
4. In the line "manageruser localhost=(ADMIN) NOPASSWD: DUMPS, SHUTDOWN, PRINTING", ADMIN is runas alias. Have you defined it?

Post your /etc/sudoers file (wrapped in code tag ofcourse . It would be easy to see if there are any mistakes in that file. Have you gone through Sudoers Configuration HowTo already?
 
Old 06-17-2014, 07:29 PM   #6
selfprogrammed
Member
 
Registered: Jan 2010
Location: Minnesota, USA
Distribution: Slackware 13.37
Posts: 290

Original Poster
Rep: Reputation: 55
Solved:

localhost is the problem. It is not recognized by sudo as a machine, yet it is not an error.
I have localhost defined (/etc/hosts), but the actual machine name is something else ( /etc/HOSTNAME ).

Created an alias (LOCAL) with the right name, and that has solved most user problems.
Of course, then I find the two lines in the man page that says localhost will not be recognized unless you actually have named your machine "localhost".

I got the localhost name from the example lines that were in sudoers file that Slackware and sudo installed.

Running "sudo -V" still does not print out the right settings, but "sudo -l" does.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] User not in sudoers: How to add user? Permtion Denied for sudoers file esgol Linux - Newbie 3 07-13-2012 08:44 AM
[SOLVED] Need help with sudo and /etc/sudoers jonaskellens Linux - Newbie 7 11-06-2009 10:58 AM
Help with sudo and sudoers zeeple Linux - Newbie 2 12-06-2008 12:51 PM
Preventing Sudoers from doing sudo su DejaCpp Linux - Security 4 12-22-2007 05:47 AM
sudo and sudoers syntax mikemrh9 Linux - Security 7 06-04-2005 08:54 PM


All times are GMT -5. The time now is 02:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration