sudo access denied

ZAMO · 03-19-2010, 05:35 PM

Hi all,

I have users white and swan, who can sudo to the user craig to execute some script there. User swan's password got expired and it was reset as well. he can be able to login to the server , but he is denied to sudo to the user craig.

Code:

[swan@serv1 ~]$ sudo su - craig
swan is not allowed to run sudo on serv1

The settings in /etc/sudoers remain the same. Do you need to look into some other files to get this fixed?

Thanks

jschiwal · 03-19-2010, 06:09 PM

Is user swan's password current now?
Check the group memberships. Were they changed?

Also look in /var/log/messages for clues.

anomie · 03-19-2010, 06:52 PM

On RH-family distros, also check /var/log/secure.

It might help if you posted the /etc/sudoers directives related to those users.

---

edit: Also, this looks like a strange usage of sudo...

ZAMO · 03-20-2010, 12:58 PM

Thanks for the Reply.

Analyzing the /var/log/secure and /var/log/message did not help. If someone has experienced this sudo login issue here, please share your ideas.

Thanks

PTrenholme · 03-20-2010, 05:28 PM

How can we have any ideas when you fail to follow the advice posted by anomie?

Why should they need to sudo craig when you could put white, swan and craig in the same group, say craig_script_users (created de novo if necessary), and then do a chown craig:craig_script_users <script> and a chmod g=rx <script> so any member of the craig_script_users group can run the script? (I think that this is why anomie added the comment to the post above.)

Or, even easier, just link the script from /usr/bin and give everyone x permission on the script (unless, of course, there are some users who should not be able to run the script).

jim80net · 03-21-2010, 05:48 PM

What PTrenholme writes makes sense, unless there's a reason to be giving root level privileges to your users.