LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   sudo access denied (http://www.linuxquestions.org/questions/linux-server-73/sudo-access-denied-796585/)

ZAMO 03-19-2010 05:35 PM

sudo access denied
 
Hi all,

I have users white and swan, who can sudo to the user craig to execute some script there. User swan's password got expired and it was reset as well. he can be able to login to the server , but he is denied to sudo to the user craig.

Code:

[swan@serv1 ~]$ sudo su - craig
swan is not allowed to run sudo on serv1

The settings in /etc/sudoers remain the same. Do you need to look into some other files to get this fixed?

Thanks

jschiwal 03-19-2010 06:09 PM

Is user swan's password current now?
Check the group memberships. Were they changed?

Also look in /var/log/messages for clues.

anomie 03-19-2010 06:52 PM

On RH-family distros, also check /var/log/secure.

It might help if you posted the /etc/sudoers directives related to those users.

---

edit: Also, this looks like a strange usage of sudo...

ZAMO 03-20-2010 12:58 PM

Thanks for the Reply.

Analyzing the /var/log/secure and /var/log/message did not help. If someone has experienced this sudo login issue here, please share your ideas.

Thanks

PTrenholme 03-20-2010 05:28 PM

How can we have any ideas when you fail to follow the advice posted by anomie? :scratch:

Why should they need to sudo craig when you could put white, swan and craig in the same group, say craig_script_users (created de novo if necessary), and then do a chown craig:craig_script_users <script> and a chmod g=rx <script> so any member of the craig_script_users group can run the script? (I think that this is why anomie added the comment to the post above.)

Or, even easier, just link the script from /usr/bin and give everyone x permission on the script (unless, of course, there are some users who should not be able to run the script).

jim80net 03-21-2010 05:48 PM

What PTrenholme writes makes sense, unless there's a reason to be giving root level privileges to your users.


All times are GMT -5. The time now is 02:07 AM.