LinuxQuestions.org - [SOLVED] How is this user able to sudo su to root?

Page 1 of 2

Show 50 post(s) from this thread on one page

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - How is this user able to sudo su to root? (https://www.linuxquestions.org/questions/linux-server-73/how-is-this-user-able-to-sudo-su-to-root-4175586660/)

abefroman

08-09-2016 10:27 AM

How is this user able to sudo su to root?

How is this user able to sudo su to root?

Code:

[terry@CentOS7 ~]$ whoami

terry

[terry@CentOS7 ~]$ sudo su

[root@centos7 terry]# whoami

root

[root@centos7 terry]# cat /etc/group |grep wheel

wheel:x:10:

[root@centos7 terry]# cat /etc/passwd |grep terry

terry:x:1000:1000::/home/terry:/bin/bash

[root@centos7 terry]# cat /etc/sudoers |grep terry

[root@centos7 terry]# cat /etc/group |grep terry

terry:x:1000:

[root@centos7 terry]#

Emerson

08-09-2016 11:54 AM

The answer is in groups and sudoers.

lazydog

08-09-2016 11:57 AM

Look into the sudoers file.

Habitual

08-09-2016 12:54 PM

instead of all that "cat'iness", try

Code:

id terry

command instead.

abefroman

08-09-2016 01:04 PM

Code:

# cat /etc/sudoers |grep -v \#

Defaults    requiretty

Defaults  !visiblepw

Defaults    always_set_home

Defaults    env_reset

Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"

Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"

Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"

Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"

Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

root        ALL=(ALL)        ALL

%wheel        ALL=(ALL)        ALL

[root@centos7 terry]# id terry

uid=1000(terry) gid=1000(terry) groups=1000(terry)

If the user isn't in the wheel group, and not uid 0, it shouldn't be able to su to root, correct?

lazydog

08-09-2016 01:09 PM

Again look at your sudoers file. Wheel group doesn't permit or deny anyone anything.

abefroman

08-09-2016 01:17 PM

You're right, the wheel group doesn't matter when sudo is used.

But /etc/sudoers doesn't seem to have anything specific for the terry user, and if I add a user called test, that is not able to sudo su:

Code:

[root@centos7terry]# su test

[test@centos7 terry]$ whoami

test

[test@centos7 terry]$ sudo su

[sudo] password for test: 

sudo: pam_authenticate: Conversation error

HMW	08-09-2016 02:20 PM

I have no idea what is up with your system and your permissions, but here's a tip; save yourself some pipes and ditch the cat in:

Code:

cat /etc/group |grep terry

and

Code:

cat /etc/sudoers |grep -v \#

etc...

You can (and should!) issue those commands like this:

Code:

grep terry /etc/group

and

Code:

grep -v '^#' /etc/sudoers

More here: http://catb.org/jargon/html/U/UUOC.html

Best regards,
HMW

lazydog

08-09-2016 02:31 PM

What is the output of the following command:

Code:

sudo -l -U terry

abefroman

08-09-2016 02:33 PM

Well here's my answer.

Where is this set though? Like if I want to disable it, or reenable it later?

Code:

$ sudo -l -U terry

Matching Defaults entries for terry on this host:

    requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME

    LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",

    env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin



User terry may run the following commands on this host:

    (ALL) NOPASSWD: ALL

lazydog

08-09-2016 02:39 PM

That in itself shows that terry has full rights to run ALL commands without using a password.

Did terry at one time have sudo rights?

abefroman

08-09-2016 02:41 PM

Quote:

Originally Posted by lazydog (Post 5588569)

That in itself shows that terry has full rights to run ALL commands without using a password.

Has terry at one time had sudo rights?

It has the default settings, its a new VM.

lazydog

08-09-2016 02:48 PM

I'm at the end of my knowledge with this one. Some how he has the elevated rights but nothing shows that he should.

If you reboot the VM does terry still have sudo rights?

abefroman

08-09-2016 02:50 PM

Quote:

Originally Posted by lazydog (Post 5588580)

I'm at the end of my knowledge with this one. Some how he has the elevated rights but nothing shows that he should.

Glad its just not me :cool: That was the default user when the VM was created, if that makes a difference.

Quote:

Originally Posted by lazydog (Post 5588580)

If you reboot the VM does terry still have sudo rights?

Yes, I have rebooted it a couple times.

michaelk

08-09-2016 02:56 PM

What type of virtual machine?

Typically sudo is not configured on Red Hat/CentOS systems. My CentOS 7 is basically an as is min install.

All times are GMT -5. The time now is 01:05 AM.

Page 1 of 2

Show 50 post(s) from this thread on one page