System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with sudo authorisation rule

$t!$-
Advisor

Problem with sudo authorisation rule

Hii Champs,
I have a weird problem with one of sudo rule i have set on sudoers file. I have provided a user group of 14 users (say xyz) to switch one adm account (say xyzadm) using password in below way -
xyz ALL=(ALL) /bin/su - xyzadm

this rule is going fine for 12 users, but for 2 users its inconsistence.Sometime it works fine and sometime giving error. Sometime When they use sudo command and enter there password, it is giving them password error ( Sorry, try again). I have also checked by making one test account ,assigned test user xyz group. I also face same issue. Whenever i change password it works for few session then again start giving password error. It really sound foolish ..
but if anyone has suggestion to help me,would be grateful.
thanks
7 REPLIES
$t!$-
Advisor

Re: Problem with sudo authorisation rule

Correction in rule i mentioned..its like below--
%xyz ALL=(ALL) /bin/su - xyzadm

Steven E. Protter
Exalted Contributor

Re: Problem with sudo authorisation rule

Shalom,

The actual error would help.

Check the environment before running the command with a good user and a problematic user.

env > env.txt

Use diff to compare the files.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
$t!$-
Advisor

Re: Problem with sudo authorisation rule

Hii Steve,
here is actual error .. i have checked env variables with diff command , all looks same only differances found in parameter LOGNAME,PS1,USER,HOME,prompt,PWD. Which is as per users, so it looks ok.

XXXX:XXXX> /appl/tsu/bin/sudo su - XYZadm
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
/appl/tsu/bin/sudo: 2 incorrect password attempts
XXXXX:XXXXX>
Ivan Krastev
Honored Contributor

Re: Problem with sudo authorisation rule

Try to run the same command under tusc to see more details. Possible PAM errors?

regards,
ivan
$t!$-
Advisor

Re: Problem with sudo authorisation rule

hii ivan,
i never used tusc...how should i use it to get relavent output in a file.
I have checked my system tusc is installed.
Dennis Handly
Acclaimed Contributor

Re: Problem with sudo authorisation rule

>how should I use it to get relevant output in a file.

tusc -fp -ea -o tusc.out /appl/tsu/bin/sudo su - XYZadm
Suraj K Sankari
Honored Contributor

Re: Problem with sudo authorisation rule

Hi,

Here you can find details of sudo and how to configure sudo.

see the below link

http://www.sudo.ws/sudo/man/sudoers.html

Suraj