LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-18-2019, 05:58 AM   #1
wat
LQ Newbie
 
Registered: Jun 2019
Posts: 1

Rep: Reputation: Disabled
command not allowed TTY=unknown


I am running an icinga supervision and have to start a command (perl script) wich need super user rights.
I added the user (nagios) and command (check_dhcp_relayed.pl) to the sudo file and switched of tty requirement (see below). I restarted the icinga service.
-------------------
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/nagios/plugin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
Cmnd_Alias DHCPRELAY = /usr/lib/nagios/plugins/check_dhcp_relayed.pl
Defaults logfile="/var/log/sudo.log"
nagios ALL=NOPASSWDHCPRELAY
Defaults !requiretty
Defaults!DHCPRELAY !requiretty
Defaults:nagios !requiretty
Defaults:root !requiretty
-------------------------------------------
Still the command cannot be executed. Error message is:
"sudo: no tty present and no askpass program specified"
sudo.log holds the message:
"command not allowed TTY=unknown"
logging in as nagios and starting the script works, so it seems the tty is missing which should be handled with the !requiretty.
Linux distribution is debian 9.9.
Any solution?
 
Old 06-18-2019, 06:09 AM   #2
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 13,103

Rep: Reputation: 4145Reputation: 4145Reputation: 4145Reputation: 4145Reputation: 4145Reputation: 4145Reputation: 4145Reputation: 4145Reputation: 4145Reputation: 4145Reputation: 4145
you explicitely disabled tty by this: Defaults:nagios !requiretty
 
Old 06-18-2019, 06:11 AM   #3
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,412
Blog Entries: 9

Rep: Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897Reputation: 1897
Sudo has to have some way of getting your password. Otherwise how does it know that you are who you claim to be? If you aren't using a terminal, you must specify another way of getting the password. That's what the askpass program is for.
Quote:
Originally Posted by sudo man page
-A, --askpass
Normally, if sudo requires a password, it will read it from
the user's terminal. If the -A (askpass) option is speci-
fied, a (possibly graphical) helper program is executed to
read the user's password and output the password to the stan-
dard output. If the SUDO_ASKPASS environment variable is
set, it specifies the path to the helper program. Otherwise,
if sudo.conf(5) contains a line specifying the askpass pro-
gram, that value will be used. For example:

# Path to askpass helper program
Path askpass /usr/X11R6/bin/ssh-askpass

If no askpass program is available, sudo will exit with an
error.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
tty in chroot env says "not a tty" pattbert Linux - Software 1 11-19-2011 10:06 PM
Method Not Allowed: The requested method POST is not allowed for the URL /writedhcp.p WiWa Linux - Networking 15 01-06-2011 01:20 PM
can a tty execute command on another tty? BeacoN Linux - Desktop 3 11-08-2008 09:39 AM
Tracking user logins that was allowed and not allowed eswanepoel Linux - Security 3 08-02-2006 04:37 AM
SlackWare :Method Not Allowed The requested method POST is not allowed for the URL slack31337 Linux - Software 0 04-08-2006 06:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration