HPE Community
Operating System - HP-UX
1838469 Members
3065 Online
110126 Solutions
New Discussion

Re: Sudo Help

 
Anand Sreenivasan
Regular Advisor

‎05-19-2004 03:42 AM

‎05-19-2004 03:42 AM

Sudo Help

Hello All,
I am running HP11.00 UX. I have intially set one user to run our backup using SUDO and it was working fine. Last week , We had to apply patches on this box and this stopped working. When executed manually it will work with out any problems. What is the problem and Where can I get Latest sudo software and how can I check the version I am running. Thanks for all the help.
0 Kudos
Reply
15 REPLIES 15
Mel Burslan
Honored Contributor

‎05-19-2004 03:51 AM

‎05-19-2004 03:51 AM

Re: Sudo Help

to get the version of sudo you are running :

# sudo -V
Sudo version 1.6.3p5

latest wersion can be obtained from :

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.7p5/

HTH
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Victor Fridyev
Honored Contributor

‎05-19-2004 03:56 AM

‎05-19-2004 03:56 AM

Re: Sudo Help

Hi,

Please check whether the latest patches changed paths of backup commands and now they differ from the ones in /etc/sudoers file.

Good luck
Entities are not to be multiplied beyond necessity - RTFM
0 Kudos
Reply
Bharat Katkar
Honored Contributor

‎05-19-2004 04:00 AM

‎05-19-2004 04:00 AM

Re: Sudo Help

Yes it is definitely related with the PATH variable. If you can recollect the earlier PATH settings try setting it for this UPDATE as well.

It is not in proper PATH.

Hope that helps.
Regards,
You need to know a lot to actually know how little you know
0 Kudos
Reply
Anand Sreenivasan
Regular Advisor

‎05-19-2004 04:06 AM

‎05-19-2004 04:06 AM

Re: Sudo Help

This is the error message I am getting and It is not finding the default device. What could have changed and how can I fix it. Also , I dont want to include the device in the make_tape_recovery command. Thanks.

Wed May 19 12:22:08 EDT 2004
Make Tape recovery is in Progress...

** 0 - The Volume Group or Filesystem is Not included in the
System Recovery Archive
** 1 - The Volume Group or Filesystem is Partially included in the
System Recovery Archive
** 2 - The Volume Group or Filesystem is Fully included in the
System Recovery Archive

ERROR: Tape destination is not found on the system.No such file or
directory (errno = 2)
ERROR: Check tape device failed.
* Creating local directories for configuration files and archive.
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎05-19-2004 04:09 AM

‎05-19-2004 04:09 AM

Re: Sudo Help

what is the exact command that you use (with all the command line switches and everything) to run this make_recovery command ? What type of box is this one and what patch or set of patches did you apply to this box ?
This info may help figuring out your problem. Looks like it is not able to find your tape drive.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Anand Sreenivasan
Regular Advisor

‎05-19-2004 05:27 AM

‎05-19-2004 05:27 AM

Re: Sudo Help

This is the exact command which I run
sudo /opt/ignite/bin/make_tape_recovery -vI -x inc_entire=vg00 |tee -a $logfile

And this is the script which is being executed by the user
logfile=/usr/local/logs/maketape.log
date |tee $logfile
echo " Make Tape recovery is in Progress..."
sudo /opt/ignite/bin/make_tape_recovery -vI -x inc_entire=vg00 |tee -a $logfile
echo " Session Complete !! Please remove the tape. "
mailx -s "Tape Recovery log" unix_adm < $logfile

And this is my /etc/sudoers file
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
oper ALL=/usr/local/bin/ingxdev.maketape.sh,/opt/ignite/bin/make_tape_recovery

I am running HP UX11.00 on a N class and I applied these patches for Oracle 9i prerequesites.
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎05-19-2004 05:50 AM

‎05-19-2004 05:50 AM

Re: Sudo Help

please run this command :

ioscan -fnC tape

if there is a tape device which has been flagged as NO_HW, it may be your problem and you may need to get it fixed. I am sure at the time of patches, you reboot this machine and it is unwanted but expected possible outcome of the reboot that some hardware devices may not initialize at the boot time due to some h/w failure.

if everything is showing up as CLAIMED make sure that you have at least 1 tape drive with the driver file /dev/rmt/0m as this is the device your recovery image will be written onto. If you have this one as well, make sure that you have a writable (i.e. not write protected) tape in it.

if everything is cheking out fine, please post your "ioscan -fnC tape" command output here so that we can understand what else might be wrong
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Anand Sreenivasan
Regular Advisor

‎05-19-2004 05:54 AM

‎05-19-2004 05:54 AM

Re: Sudo Help

Here is the output of ioscan -fnC tape
ioscan -fnC tape
Class I H/W Path Driver S/W State H/W Type Description
=====================================================================
tape 0 0/6/0/1.3.0 stape CLAIMED DEVICE QUANTUM DLT8000
/dev/rmt/0m /dev/rmt/0mnb /dev/rmt/c7t3d0BESTn
/dev/rmt/0mb /dev/rmt/c7t3d0BEST /dev/rmt/c7t3d0BESTnb
/dev/rmt/0mn /dev/rmt/c7t3d0BESTb

Also, When this command is run as root , It works perfectly without any issues. Thanks.
0 Kudos
Reply
Scott J. Showalter
Frequent Advisor

‎05-19-2004 06:40 AM

‎05-19-2004 06:40 AM

Re: Sudo Help

Just wondering what the permissions on /usr/local/logs/maketape.log is? The tee command is after a pipe, I would have to do some testing, but it could be that the tee command isn't being run as part of the sudo command. The normal user may not have permissions to write to the log file. If it is being executed with sudo privileges, then you may need to specify the full path to tee and include it in the sudoers file.
In a world without fences, who needs Gates?
0 Kudos
Reply
Anand Sreenivasan
Regular Advisor

‎05-19-2004 06:48 AM

‎05-19-2004 06:48 AM

Re: Sudo Help

Actually the user do find tee in his path and it does not error out there. It always errors out at tape device not found. This is the profile for the user,
trap "" 2 3 15
PATH=/usr/bin:/etc:/usr/sbin:/usr/local/bin:/usr/ucb:$HOME/bin:/usr/bin/X11:/sbin:.
export PATH
#
if [ -s "$MAIL" ] # This is at Shell startup. In normal
then echo "$MAILMSG" # operation, the Shell checks
fi # periodically.
#
#Production Control Menu
PS3="SELECT FROM THE FOLLOWING OPTIONS: "
select choice in SYSBACK EXIT
do
case $choice in
SYSBACK)
sudo /usr/local/bin/ingxdev.maketape.sh
echo "Select from the following options:\n"
echo "\t\t[1] - Sysback\t[2] - Exit"
;;
EXIT)
exit
;;
esac
done

I tried commenting al this from the profile and then run this command
sudo /opt/ignite/bin/make_tape_recovery -vI -x inc_entire=vg00

This worked as it should. So I think something is messed up in the .profile and I do not know what it is.

0 Kudos
Reply
Mel Burslan
Honored Contributor

‎05-19-2004 07:02 AM

‎05-19-2004 07:02 AM

Re: Sudo Help

if all you are trying to do is not to let this user do anything but run this command or exit, clear the profile out of this menu/backup structure and move the commands into a shell script. make the script with 700 permissions and set this script as the username's shell (also include it in the /etc/shells)

As soon as the user logs in, it will hit this script. Provided your trap statements are properly placed, there won't be any way to escape out of the script and fall onto the command line.

trying to run something out of a profile is not a good practice to start with in my opinion.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Emil Velez
Honored Contributor

‎05-19-2004 03:22 PM

‎05-19-2004 03:22 PM

Re: Sudo Help


Why not use the restricted sam builder.

You can add the command to sam as a application to be run as root. Then use the restricted sam builder to give that user access to this and other system admin functionality to be launched and logged in sam. THis is a great supported function that not many people take advantage of.

Good luck
0 Kudos
Reply
Anand Sreenivasan
Regular Advisor

‎05-20-2004 12:46 AM

‎05-20-2004 12:46 AM

Re: Sudo Help

HOw do I use SAM builder ?? . Can you give me some links on this .
0 Kudos
Reply
Camel_1
Valued Contributor

‎06-22-2004 01:31 AM

‎06-22-2004 01:31 AM

Re: Sudo Help

run "sam -r"
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎06-22-2004 03:15 AM

‎06-22-2004 03:15 AM

Re: Sudo Help

Hi,

Can you post the script

/usr/local/bin/ingxdev.maketape.sh

You can use the following to actually find the tape device on the system instead of using the default 0mn device. It will use the first tape device otherwise uncomment the #TAPE and add the tape device you want to add.

TAPE=$(/usr/sbin/ioscan -funC tape |grep "[0-9]mn " |awk '{print $1}'|head -1)
#Uncomment out the following line and add your tape drive here manually
#TAPE=/dev/rmt/0mn

Use $TAPE in your make_tape_recovery script.

-Sri



You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.