LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   sudo doesn't work in .bash_profile for chroot user (https://www.linuxquestions.org/questions/linux-security-4/sudo-doesnt-work-in-bash_profile-for-chroot-user-646112/)

geekdad 05-31-2008 04:56 PM
sudo doesn't work in .bash_profile for chroot user
 
This appears to be a complicated issue, so I'm hoping someone has run into this before or can point me in the right direction.

for the sake of this example lets say the user account is test and the command I'm trying to run is a small c program called chdir.

I have a user account that logs into the chroot jail using ssh. That account runs a bunch of commands in the .bash_profile file. One of the commands needs to run under sudo. If I delete the .bash_profile file and just get to a shell prompt, I can run sudo ... and it works.

If I try the same command in the .bash_profile it comes back with.

Sorry, try again.
Sorry, try again.
Sorry, try again.
/chbin/sudo: 3 incorrect password attempts
(Never once did it give me an option to enter a password)

sudoers has

test ALL=(ALL) NOPASSWD: /bin/chdir

Since this is a jail I've duplicated the sudoers file in the normal /etc and the chroot/etc folders. I've also duplicated the /etc passwd and shadow files.

looking in the var/log/secure I see:
May 31 21:02:37 myhost sudo: test : 3 incorrect password attempts ; TTY=pts/3 ; PWD=/y/tmp/off000 ; USER=root ; COMMAND=chdir off000 /y/tmp/off000

I'm not sure where to go next with this, so I hope someone in the know can help.

Brian1 05-31-2008 05:45 PM
Might give it a try this way.
Code:
test        ALL=NOPASSWD: /bin/chdir
Does the command work fine when you run it in terminal itself after booted?

Brian

geekdad 05-31-2008 06:44 PM
I finally figured it out. I'm running Redhat and I needed to set up a sudo config file in the pam.d folder. I found a copy of the (sudo) sample.pam file and everything is moving forward again. None of the error messages gave me any clue that this was a pam problem. Sigh! Thanks for trying to lend a hand.

Brian1 05-31-2008 07:31 PM
Interesting. What do you have the sudo pam file setup as?

Brian

geekdad 05-31-2008 07:41 PM
Here is the working sudo config file for pam

auth required pam_env.so
auth sufficient pam_unix.so
account required pam_unix.so
password required pam_cracklib.so retry=3 type=
password required pam_unix.so nullok use_authtok md5 shadow
session required pam_limits.so
session required pam_unix.so


All times are GMT -5. The time now is 11:39 AM.