LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-31-2008, 04:56 PM   #1
geekdad
LQ Newbie
 
Registered: Sep 2005
Posts: 10

Rep: Reputation: 0
sudo doesn't work in .bash_profile for chroot user


This appears to be a complicated issue, so I'm hoping someone has run into this before or can point me in the right direction.

for the sake of this example lets say the user account is test and the command I'm trying to run is a small c program called chdir.

I have a user account that logs into the chroot jail using ssh. That account runs a bunch of commands in the .bash_profile file. One of the commands needs to run under sudo. If I delete the .bash_profile file and just get to a shell prompt, I can run sudo ... and it works.

If I try the same command in the .bash_profile it comes back with.

Sorry, try again.
Sorry, try again.
Sorry, try again.
/chbin/sudo: 3 incorrect password attempts
(Never once did it give me an option to enter a password)

sudoers has

test ALL=(ALL) NOPASSWD: /bin/chdir

Since this is a jail I've duplicated the sudoers file in the normal /etc and the chroot/etc folders. I've also duplicated the /etc passwd and shadow files.

looking in the var/log/secure I see:
May 31 21:02:37 myhost sudo: test : 3 incorrect password attempts ; TTY=pts/3 ; PWD=/y/tmp/off000 ; USER=root ; COMMAND=chdir off000 /y/tmp/off000

I'm not sure where to go next with this, so I hope someone in the know can help.
 
Old 05-31-2008, 05:45 PM   #2
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
Might give it a try this way.
Code:
test	ALL=NOPASSWD: /bin/chdir
Does the command work fine when you run it in terminal itself after booted?

Brian
 
Old 05-31-2008, 06:44 PM   #3
geekdad
LQ Newbie
 
Registered: Sep 2005
Posts: 10

Original Poster
Rep: Reputation: 0
Thumbs up

I finally figured it out. I'm running Redhat and I needed to set up a sudo config file in the pam.d folder. I found a copy of the (sudo) sample.pam file and everything is moving forward again. None of the error messages gave me any clue that this was a pam problem. Sigh! Thanks for trying to lend a hand.
 
Old 05-31-2008, 07:31 PM   #4
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
Interesting. What do you have the sudo pam file setup as?

Brian
 
Old 05-31-2008, 07:41 PM   #5
geekdad
LQ Newbie
 
Registered: Sep 2005
Posts: 10

Original Poster
Rep: Reputation: 0
Here is the working sudo config file for pam

auth required pam_env.so
auth sufficient pam_unix.so
account required pam_unix.so
password required pam_cracklib.so retry=3 type=
password required pam_unix.so nullok use_authtok md5 shadow
session required pam_limits.so
session required pam_unix.so
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
need to change oracle .bash_profile from root user ? shipon_97 Linux - Enterprise 1 08-09-2007 01:27 PM
sudo /usr/bin/chroot /home/chroot /bin/su - xxx| /bin/su: user xxx does not exist saavik Linux - General 3 07-04-2007 10:30 AM
alsa work with root or sudo but not user walterbyrd Linux - Hardware 5 10-24-2005 01:53 PM
edit .bash_profile, trying to add variable, didn't work feetyouwell Linux - Software 4 08-29-2004 04:14 PM
.bash_profile alias doesn´t seem to work Electronkz Linux - Newbie 2 04-11-2004 03:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration