GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- sudo needs passwords?
Operating System - HP-UX
1847663
Members
3157
Online
110265
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2003 10:27 AM
07-31-2003 10:27 AM
sudo needs passwords?
I just installed the lastest sudo and was attempting a test to give a non root user the ability to run the useradd command when it prompted me for a password. (It also lectured me) It didn't like the passwords I tried, (both the user's password, and the root password) and now it won't let me try again, it just says that user is not allowed to execute that command. I need sudo to let this user execute useradd without prompting for a password.
I'm digging into the documentation but if anyone can explain it first I'd appreciate it.
I'm digging into the documentation but if anyone can explain it first I'd appreciate it.
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2003 10:36 AM
07-31-2003 10:36 AM
Re: sudo needs passwords?
Oh and yes I did set the sudoers file to nopassword. Here's my entry:
acountor server5=NOPASSWD:/usr/bin/finadd2,/usr/bin/useradd
acountor server5=NOPASSWD:/usr/bin/finadd2,/usr/bin/useradd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2003 11:09 AM
07-31-2003 11:09 AM
Re: sudo needs passwords?
Should server5 be ALL ?
acountor ALL=NOPASSWD:/usr/bin/finadd2,/usr/bin/useradd
you can create a
Cmnd_Alias ACCOUNTER=/usr/bin/finadd2,/usr/bin/useradd
then do this
acountor ALL=NOPASSWD:ACCOUNTER
acountor ALL=NOPASSWD:/usr/bin/finadd2,/usr/bin/useradd
you can create a
Cmnd_Alias ACCOUNTER=/usr/bin/finadd2,/usr/bin/useradd
then do this
acountor ALL=NOPASSWD:ACCOUNTER
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2003 12:07 PM
07-31-2003 12:07 PM
Re: sudo needs passwords?
This gets curiouser and curiourer. My mistake was in defining /usr/bin/useradd in my sudoers file. As all good unix admins know, useradd is in /usr/sbin. Then when I tried to test it, I correctly used /usr/sbin/useradd, but it failed because it wasn't in the sudoers files, /usr/bin/useradd was instead.
So you ask, why did you put /usr/bin/useradd in the sudoers file? Because I copied the entry out of the sudoers file of another near identical server that had sudo set up exactly as we need it by my predecessor. What's curious is that it works on the first machine despite the fact that it's defined as /usr/bin/useradd and not /usr/sbin/useradd in the sudoers file. The script that then uses sudo and useradd correctly references the path to useradd as /usr/sbin. Despite the fact that it's incorrect in sudoers, it still works.
Could the fact that the script that calls useradd is also given root access via sudo (its the file in my example above: /usr/bin/finadd2) mean that despite the fact that it's incorrect in visudoers, it still has access to useradd because the script (finadd2) is being run as root, and useradd is correctly referenced within the script? (/usr/sbin/useradd)? So a typo from 5 years ago went unnoticed because the belt and suspenders unix admin gave rights to useradd in two different ways, and despite the fact that one shouldn't work, the other way did work and therefore no one noticed?
Can anyone follow this convoluted logic? Does anyone care? Convince me I'm right or wrong for easy points!
So you ask, why did you put /usr/bin/useradd in the sudoers file? Because I copied the entry out of the sudoers file of another near identical server that had sudo set up exactly as we need it by my predecessor. What's curious is that it works on the first machine despite the fact that it's defined as /usr/bin/useradd and not /usr/sbin/useradd in the sudoers file. The script that then uses sudo and useradd correctly references the path to useradd as /usr/sbin. Despite the fact that it's incorrect in sudoers, it still works.
Could the fact that the script that calls useradd is also given root access via sudo (its the file in my example above: /usr/bin/finadd2) mean that despite the fact that it's incorrect in visudoers, it still has access to useradd because the script (finadd2) is being run as root, and useradd is correctly referenced within the script? (/usr/sbin/useradd)? So a typo from 5 years ago went unnoticed because the belt and suspenders unix admin gave rights to useradd in two different ways, and despite the fact that one shouldn't work, the other way did work and therefore no one noticed?
Can anyone follow this convoluted logic? Does anyone care? Convince me I'm right or wrong for easy points!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2003 12:47 PM
07-31-2003 12:47 PM
Re: sudo needs passwords?
So a typo from 5 years ago went unnoticed because the belt and suspenders unix admin gave rights to useradd in two different ways, and despite the fact that one shouldn't work, the other way did work and therefore no one noticed?
I'd say that the use of fully qualified path names are what let this go unnoticed for so long, and that you very niftily deduced the root of your problem.
my $0.02
mark
I'd say that the use of fully qualified path names are what let this go unnoticed for so long, and that you very niftily deduced the root of your problem.
my $0.02
mark
the future will be a lot like now, only later
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2003 01:08 PM
07-31-2003 01:08 PM
Re: sudo needs passwords?
I guess I'm looking for some royalty with serious sudo credability to swear and affirm that by using sudo to give a low level no rights account access to run a script that is owned by root, then root owned commands like useradd that are called within that script are also available whether or they are also in the sudoers file.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2026 Hewlett Packard Enterprise Development LP