HPE Community
Operating System - HP-UX
1753774 Members
6856 Online
108799 Solutions
New Discussion юеВ

Re: sudo problem

 
Arockia Jegan
Trusted Contributor

тАО08-30-2002 07:17 AM

тАО08-30-2002 07:17 AM

sudo problem

Hi,

I'm using Sudo version 1.6.2b1 on hpux 11.11 system. I have couple of users in the DBA group.

User_Alias DBADMIN = %dba
DBADMIN ALL = (oracle) ALL

Now one of the users is having problem when he runs the following command,

sudo -u oracle ksh

It prompts him to enter his own account password. But when he types his password it says,

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

#1) Respect the privacy of others.
#2) Think before you type.


Sorry, try again

He's entering the right password but it's giving this message. Even he changed the password and tried again. It didn't help.

In the syslog.log file it's showing

1 incorrect password attempt

But he's entering the right PASSWORD. Any ideas?
0 Kudos
Reply
6 REPLIES 6
Shannon Petry
Honored Contributor

тАО08-30-2002 07:37 AM

тАО08-30-2002 07:37 AM

Re: sudo problem

Did you also configure the command including the path to be an allowable command for that user?

I dont recall the documentation saying that you had to do this (it may have), but I know I have to list commands that users can use in an ACL.

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Arockia Jegan
Trusted Contributor

тАО08-30-2002 07:48 AM

тАО08-30-2002 07:48 AM

Re: sudo problem

I'm using DBADMIN ALL= (oracle) ALL

So they will be able to use all the commands. So I don't require to add the command alias
0 Kudos
Reply
Tom Maloy
Respected Contributor

тАО08-30-2002 08:06 AM

тАО08-30-2002 08:06 AM

Re: sudo problem

Sounds like you just recently added the DBADMIN entries.

I saw this problem when I had a user with their own individual entry AND when they were also in a group. There was some kind of conflict because the user was (effectively) in the file twice.

When I removed the individual entry, the problem was solved.

Besides being in the DBADMIN group, does your user have their own entry?
Carpe diem!
0 Kudos
Reply
Nick Wickens
Respected Contributor

тАО08-30-2002 08:24 AM

тАО08-30-2002 08:24 AM

Re: sudo problem

Do you have the following line in sudoers file ?

Runas_Alias oracle=oracle

I have to do this for Informix
Hats ? We don't need no stinkin' hats !!
0 Kudos
Reply
Arockia Jegan
Trusted Contributor

тАО08-30-2002 09:52 AM

тАО08-30-2002 09:52 AM

Re: sudo problem

Tom,

The user doesn't have his own individual entry. More than 10 users are in the dba group. They all are able to use sudo (sudo -u oracle ksh).

Another user of the dba group had the same issue. We changed his password and it worked fine with the new password.


Nick,

I don't have that line in the sudoers file. But I don't have any issue for other users. It's happening with only one user
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО08-30-2002 01:47 PM

тАО08-30-2002 01:47 PM

Re: sudo problem

Ask the user how many characters they type for their password. HP-UX login(older, untrusted versions) has an annoying habit of accepting more than 8 characters in a password, tossing the extras away and matching what's left. This is not how other authentication programs work (ie, sudo) where every character counts.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.