LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 09-26-2018, 02:36 AM   #1
LinuxRSA
LQ Newbie
 
Registered: Apr 2015
Location: South Africa
Posts: 12

Rep: Reputation: Disabled
Sudo not working & brings up a unwanted banner.


Hi All

I have configured Sudo for a PAM user on my system.
It works FINE on another system, but when i say sudo passwd root It comes up with this banner.

Quote:
[pamuser@oraclelinux ~]$ sudo passwd root

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for pamuser:
These are my sudo settings for user pamuser in /etc/sudoers file, im running oracle linux 7.3.

## Allow root to run any commands anywhere
root ALL=(ALL) ALL
pamuser ALL=(ALL) NOPASSWD: ALL

## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
%pam ALL=(ALL) NOPASSWD: ALL

Cmnd_Alias PAM = /usr/bin/grep, /usr/bin/cp, /usr/bin/tee, /usr/bin/sed, /usr/bin/passwd, /usr/bin/rm

%pam ALL = PAM


I have added a group called pam and modified it with this command
usermod -G pam -g wheel pamuser

Please advise on how to get rid of this banner and enable the sudo to work ?

Thanks
 
Old 09-26-2018, 07:47 PM   #2
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 1,758

Rep: Reputation: 554Reputation: 554Reputation: 554Reputation: 554Reputation: 554Reputation: 554
I don't use sudo much, but have seen this in response to the su command.

AFAIK, it's just a warning basically asking if you know what you're doing. Also, again AFAIK, it only happens one time (for each user?). Have you entered the requested password (which would make sudo "work")?
What happens the second time you try?

[Although, if what I think I know isn't correct...what difference does it make that there's what essentially amounts to a multi-line prompt before you enter a password? On my production server I have a login banner:
Code:
************************************************************
*                       ******                             *
*            The Name of My Company , LLC                  *
*                AUTHORIZED ACCESS ONLY                    *
* Login to this server is limited to authorized users only *
*      Proceed ONLY if you are an authorized user.         *
*  Attempts to circumvent user authentication or security  *
*  of any host, network, web server or account will be     *
*  logged and prosecuted to the fullest extent possible.   *
*                       ******                             *
************************************************************
user@server's password:
That certainly doesn't impede logging in in any way. ]
 
Old 09-26-2018, 08:52 PM   #3
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: MID-SOUTH USA
Distribution: Slackware 14.2 / Slackware 14.2 current / Manjaro / Parrot
Posts: 6,876

Rep: Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391Reputation: 1391
comments in your post in here in red.

Quote:
Originally Posted by LinuxRSA View Post
Hi All

I have configured Sudo for a PAM user on my system.
It works FINE on another system, but when i say sudo passwd root It comes up with this banner.



These are my sudo settings for user pamuser in /etc/sudoers file, im running oracle linux 7.3.

## Allow root to run any commands anywhere
root ALL=(ALL) ALL

#that is saying it is a user NAMED pamuser

pamuser ALL=(ALL) NOPASSWD: ALL

## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
%pam ALL=(ALL) NOPASSWD: ALL

Cmnd_Alias PAM = /usr/bin/grep, /usr/bin/cp, /usr/bin/tee, /usr/bin/sed, /usr/bin/passwd, /usr/bin/rm

%pam ALL = PAM


I have added a group called pam and modified it with this command
usermod -G pam -g wheel pamuser

Please advise on how to get rid of this banner and enable the sudo to work ?

Thanks
I created user and a group added group to sudoers file, tested by loging in as new user and issing sudo commands.

notice user name 'dummy' under my user name logged in,
Code:
[dummy@manjaroieo userx]$ cat /etc/sudoers
cat: /etc/sudoers: Permission denied
was denied due to not using root privs.

now using sudo (root privs) it works.
Code:
[dummy@manjaroieo userx]$ sudo cat /etc/sudoers
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##

##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias    WEBSERVERS = www1, www2, www3

##
## User alias specification
##
## Groups of users.  These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias    ADMINS = millert, dowdy, mikef

##
## Cmnd alias specification
##
## Groups of commands.  Often used to group related commands together.
# Cmnd_Alias    PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
#                           /usr/bin/pkill, /usr/bin/top
# Cmnd_Alias    REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff

##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file.  Note that other programs use HOME to find   
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods.  Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to use a hard-coded PATH instead of the user's to find commands
# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
##
## Uncomment to send mail if the user does not enter the correct password.
# Defaults mail_badpass
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!REBOOT !log_output

##
## Runas alias specification
##

##
## User privilege specification
##
root ALL=(ALL) ALL

## Uncomment to allow members of group wheel to execute any command
 %wheel ALL=(ALL) ALL

## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
%mysudo ALL=(ALL) NOPASSWD: ALL



## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL

## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw  # Ask for the password of the target user
# ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'

## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#####includedir /etc/sudoers.d
I'd say make sure you user is valid, and sudo group is valid, and remove or comment out the pamuser line under root. then try it again.

changing passwd
Code:
[dummy@manjaroieo userx]$ whoami
dummy
[dummy@manjaroieo userx]$ sudo passwd root
New password: 
Retype new password: 
passwd: password updated successfully
[dummy@manjaroieo userx]$

Last edited by BW-userx; 09-26-2018 at 09:14 PM.
 
Old 09-29-2018, 01:20 AM   #4
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 9,677
Blog Entries: 7

Rep: Reputation: 2393Reputation: 2393Reputation: 2393Reputation: 2393Reputation: 2393Reputation: 2393Reputation: 2393Reputation: 2393Reputation: 2393Reputation: 2393Reputation: 2393
Quote:
Originally Posted by LinuxRSA View Post
when i say sudo passwd root It comes up with this banner.
on most linux systems, this only comes up the first time you use sudo.

in any case, a little research into sudo documentation should solve it quickly:
Code:
man sudoers
and search for "lecture" by entering this string:
Code:
/lecture
 
  


Reply

Tags
banner, pam, sudo


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux commands & sudo not working goelashish Linux - Newbie 12 11-23-2013 10:05 PM
[SOLVED] WinSCP, sudo & SFTP: can't get them all working together Glop Linux - Newbie 1 12-12-2012 11:28 AM
Beginner NASM arithmetic & unwanted output/result displaytor Programming 1 02-01-2011 02:17 PM
sudo apt-get update && sudo apt-get upgrade hallve_revera Linux - Newbie 6 01-10-2009 09:37 AM
LXer: SudoWn brings Unix-like sudo to Windows LXer Syndicated Linux News 0 09-09-2006 07:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration