Online Expert Day - HPE Data Storage - Live Now
April 24/25 - Online Expert Day - HPE Data Storage - Live Now
Read more
cancel
Showing results for 
Search instead for 
Did you mean: 

sudo problem

SOLVED
Go to solution
DeafFrog
Valued Contributor

sudo problem

here's what /usr/local/etc/sudoers file for machine looks like :
Cmnd_Alias ADMINS=/usr/sbin/useradd
root ALL=NOPASSWD:ALL
%sysadmin ALL=NOPASSWD:ALL
%oper ALL=NOPASSWD:ALL
~
user1 root=NOPASSWD:ADMINS

But here's what i am getting ....
$ whoami
user1
$ /usr/sbin/useradd -g general -m user2
Permission Denied
....i have tried googling ...but not working.

FrogIsDeaf
21 REPLIES
Patrick Wallek
Honored Contributor

Re: sudo problem

You have to actually use the 'sudo' command in order to get permissions.

$ sudo /usr/sbin/useradd -g general -m user2
Avinash20
Honored Contributor

Re: sudo problem

You need to use sudo before /usr/bin/useradd
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Avinash20
Honored Contributor

Re: sudo problem

/opt/sudo/bin/sudo /usr/sbin/useradd [options]
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Avinash20
Honored Contributor

Re: sudo problem

Also refer to the following thread

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=997812

Please assign points to this threads !!
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
DeafFrog
Valued Contributor

Re: sudo problem

Thanks Patrick ,

$ /usr/local/bin/sudo /usr/sbin/useradd -g general -m user2

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
..................and the passwd is correct.
FrogIsDeaf
Avinash20
Honored Contributor

Re: sudo problem

Try less than 8 char password
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Patrick Wallek
Honored Contributor

Re: sudo problem

What password are you using?

The password you use is the password of the ID you are logged in as. In this case the password of user1.
DeafFrog
Valued Contributor

Re: sudo problem

Thanks Avinash and Patrick ,

I ahve tried both the passwd , for uer1 and root .not the mesasage is
Last successful login for user1: Tue Mar 3 18:17:31 oman-4 2009
Last unsuccessful login for user1: Tue Mar 3 18:46:50 oman-4 2009 on pts/0
user1 is not allowed to run sudo on mwdev1. This incident will be reported.
.....the system is trusted.
FrogIsDeaf
Avinash20
Honored Contributor

Re: sudo problem

You have not defined the parameter in visudo correctly.
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Avinash20
Honored Contributor

Re: sudo problem

user1 root = NOPASSWD :/usr/bin/useradd

Try and let me know
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Avinash20
Honored Contributor

Re: sudo problem

Also ensure to check what privileges you are having via
sudo -l
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Tingli
Esteemed Contributor

Re: sudo problem

I am not sure....

It seems that you don't need to use password for the whole thing.

Maybe you can try:

sudo -u root -c "/usr/sbin/useradd -g general -m user2"
DeafFrog
Valued Contributor

Re: sudo problem

Dear Avinash ,

I have always assigned points , you can look into profile.I think i have to get the user1 account enabled in sudo now .....there's the message......Last unsuccessful login for user1: Tue Mar 3 18:46:50 xyz-4 2009 on pts/0
user1 is not allowed to run sudo on xyz. This incident will be reported.
FrogIsDeaf
DeafFrog
Valued Contributor

Re: sudo problem

Tingli : your suggested command showed problem in syntax
Avinash : after , user1 root = NOPASSWD :/usr/bin/useradd : problem persists
FrogIsDeaf
Tingli
Esteemed Contributor

Re: sudo problem

Take away the "-u root".

Also, did you create the sudoers file by visudo, which will check the syntax of the file?
Avinash20
Honored Contributor

Re: sudo problem

Refer
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=997812
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
DeafFrog
Valued Contributor

Re: sudo problem

Yes Tingli , i have created that via visudo ,
i have alredy posted above the content of that file above .
here's o/p of sudo -v
/usr/local/bin/sudo -v
Sorry, user user1 may not run sudo on xyz.
FrogIsDeaf
DeafFrog
Valued Contributor

Re: sudo problem

Avinash ,the thread you posted suggested restricted sam as option.But there has to be a solution to this , i have tried setting up RBACK also ...may be towmarrow will be a good day
FrogIsDeaf
Avinash20
Honored Contributor

Re: sudo problem

"the thread you posted suggested restricted sam as option"

I wanted you to check only the first two notes in the thread
"Light travels faster than sound. That's why some people appear bright until you hear them speak."
Heironimus
Honored Contributor
Solution

Re: sudo problem

I think your sudoers entry is incorrect. You probably want something like this:

user1 ALL=(root) NOPASSWD: ADMINS



Another option would be to set up restricted SAM access for user1, but I don't really know much about that.
DeafFrog
Valued Contributor

Re: sudo problem

Thank you Heironimus ! your solution worked out.
Efforts by Avinash and Tingli were also of great help ,Thanks a lot man.
Solution : user1 ALL=(root) NOPASSWD: ADMINS , was the correct entry that needs to be put in to the /usr/local/sbin/visudo file.
FrogIsDeaf