[SOLVED] How is this user able to sudo su to root?

abefroman · 08-09-2016, 10:27 AM

How is this user able to sudo su to root?

Code:

[terry@CentOS7 ~]$ whoami
terry
[terry@CentOS7 ~]$ sudo su
[root@centos7 terry]# whoami
root
[root@centos7 terry]# cat /etc/group |grep wheel
wheel:x:10:
[root@centos7 terry]# cat /etc/passwd |grep terry
terry:x:1000:1000::/home/terry:/bin/bash
[root@centos7 terry]# cat /etc/sudoers |grep terry
[root@centos7 terry]# cat /etc/group |grep terry
terry:x:1000:
[root@centos7 terry]#

Emerson · 08-09-2016, 11:54 AM

The answer is in groups and sudoers.

lazydog · 08-09-2016, 11:57 AM

Look into the sudoers file.

Habitual · 08-09-2016, 12:54 PM

instead of all that "cat'iness", try

Code:

id terry

command instead.

abefroman · 08-09-2016, 01:04 PM

Code:

# cat /etc/sudoers |grep -v \#
Defaults    requiretty
Defaults   !visiblepw
Defaults    always_set_home
Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root	ALL=(ALL) 	ALL
%wheel	ALL=(ALL)	ALL
[root@centos7 terry]# id terry
uid=1000(terry) gid=1000(terry) groups=1000(terry)

If the user isn't in the wheel group, and not uid 0, it shouldn't be able to su to root, correct?

lazydog · 08-09-2016, 01:09 PM

Again look at your sudoers file. Wheel group doesn't permit or deny anyone anything.

abefroman · 08-09-2016, 01:17 PM

You're right, the wheel group doesn't matter when sudo is used.

But /etc/sudoers doesn't seem to have anything specific for the terry user, and if I add a user called test, that is not able to sudo su:

Code:

[root@centos7terry]# su test
[test@centos7 terry]$ whoami
test
[test@centos7 terry]$ sudo su
[sudo] password for test: 
sudo: pam_authenticate: Conversation error

HMW · 08-09-2016, 02:20 PM

I have no idea what is up with your system and your permissions, but here's a tip; save yourself some pipes and ditch the cat in:

Code:

cat /etc/group |grep terry

and

Code:

cat /etc/sudoers |grep -v \#

etc...

You can (and should!) issue those commands like this:

Code:

grep terry /etc/group

and

Code:

grep -v '^#' /etc/sudoers

More here: http://catb.org/jargon/html/U/UUOC.html

Best regards,
HMW

lazydog · 08-09-2016, 02:31 PM

What is the output of the following command:

Code:

sudo -l -U terry

abefroman · 08-09-2016, 02:33 PM

Well here's my answer.

Where is this set though? Like if I want to disable it, or reenable it later?

Code:

$ sudo -l -U terry
Matching Defaults entries for terry on this host:
    requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME
    LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
    env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User terry may run the following commands on this host:
    (ALL) NOPASSWD: ALL

lazydog · 08-09-2016, 02:39 PM

That in itself shows that terry has full rights to run ALL commands without using a password.

Did terry at one time have sudo rights?

abefroman · 08-09-2016, 02:41 PM

Quote:

Originally Posted by lazydog

That in itself shows that terry has full rights to run ALL commands without using a password.

Has terry at one time had sudo rights?

It has the default settings, its a new VM.

lazydog · 08-09-2016, 02:48 PM

I'm at the end of my knowledge with this one. Some how he has the elevated rights but nothing shows that he should.

If you reboot the VM does terry still have sudo rights?

abefroman · 08-09-2016, 02:50 PM

Quote:

Originally Posted by lazydog

I'm at the end of my knowledge with this one. Some how he has the elevated rights but nothing shows that he should.

Glad its just not me

That was the default user when the VM was created, if that makes a difference.

Quote:

Originally Posted by lazydog

If you reboot the VM does terry still have sudo rights?

Yes, I have rebooted it a couple times.

michaelk · 08-09-2016, 02:56 PM

What type of virtual machine?

Typically sudo is not configured on Red Hat/CentOS systems. My CentOS 7 is basically an as is min install.