Operating System - HP-UX
1839310 Members
2946 Online
110138 Solutions
New Discussion

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

 
SOLVED
Go to solution
Narendra Uttekar
Regular Advisor

sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Hi,

I have installed the sudo binary depot version 1.8.5p3 on HP-UX 11.31 itanium server. I configured the sudo access and try to execute the sudo command i am getting error as below,

 

$ /usr/local/bin/sudo -l


sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory
sudo: fatal error, unable to load plugins

 

But i am able to see the file /usr/local/libexec/sudoers.so as below,

 

-rwxr-xr-x   1 root       root        855252 Aug 20 11:41 /usr/local/libexec/sudoers.so

 

Please let me know what could be the problem and how to fix it.

 

Thanks,

Narendra

 

 

22 REPLIES 22
Dennis Handly
Acclaimed Contributor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

>I am able to see the file /usr/local/libexec/sudoers.so

 

Does this user have read and execute permission to all directories in the path to sudoers.so?

What does "file /usr/local/libexec/sudoers.so" show?

Narendra Uttekar
Regular Advisor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Hi Dennis,

Yes the user is having read and execute permission to all directories in the path to sudoers.so.

 

file /usr/local/libexec/sudoers.so
/usr/local/libexec/sudoers.so:  ELF-32 shared object file - IA64

 

Thanks,

Narendra

 

Dennis Handly
Acclaimed Contributor
Solution

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

>Yes the user is having read and execute permission to all directories in the path to sudoers.so.

 

Hmm.

What does "ldd /usr/local/libexec/sudoers.so" show?

Narendra Uttekar
Regular Advisor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Hi Dennis,

Please find the output of "ldd /usr/local/libexec/sudoers.so" as below,

 

ldd /usr/local/libexec/sudoers.so

/usr/local/libexec/sudoers.so:
        libpam.so.1 =>  /usr/lib/hpux32/libpam.so.1
        libintl.so =>   /usr/lib/hpux32/libintl.so
        libiconv.so =>  /usr/lib/hpux32/libiconv.so
        Unable to find library 'libz.so'.

 

Thanks,

Narendra

Narendra Uttekar
Regular Advisor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Hi Dennis,

Thanks for your help after creating the soft link to library 'libz.so' problem was fixed.

 

Thanks,

Narendra

Dennis Handly
Acclaimed Contributor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

>after creating the soft link to library 'libz.so' problem was fixed.

 

I'm glad you figured it out.  It would have been nicer if it mentioned libz.so in the first place.

chetan morey
Advisor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Hi Friends,

 

I am also tring to install sudo.

After insatlling 1) libiconv-1.14-ia64-11.23.depot 2) gettext-0.18.1.1-ia64-11.23.depot 3)/zlib-1.2.6-ia64-11.23.depot

this suporting deport I also recieved same error.

So I created soft link as sudoers.so -> /usr/lib/hpux32/libz.so . But still I am getting error as

sudo: /usr/local/libexec/sudoers.so: No such file or directory
sudo: fatal error, unable to load plugins

 

Please help me out.

Dennis Handly
Acclaimed Contributor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

>So I created soft link as sudoers.so -> /usr/lib/hpux32/libz.so . But still I am getting error as
>sudo: /usr/local/libexec/sudoers.so: No such file or directory

 

Why do you want to point sudoers.so to libz.so?

chetan morey
Advisor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Hi,

 

I am unable to create softlink.Please suggest for softlink.

 

nagrst:/>ldd /usr/local/libexec/sudoers.so

/usr/local/libexec/sudoers.so:
        libpam.so.1 =>  /usr/lib/hpux32/libpam.so.1
        libintl.so =>   /usr/local/lib/hpux32/libintl.so
        libiconv.so =>  /usr/local/lib/hpux32/libiconv.so
        Unable to find library 'libz.so'.

Dennis Handly
Acclaimed Contributor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

>I am unable to create softlink.

 

Do you have libz installed, that's the softlink target.

ldd probably wants it in /usr/local/lib/hpux32/.

chetan morey
Advisor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

lib is already install:

swlist|grep lib
  libiconv                              1.14           libiconv

 

In privous post Narendra created soft link and then he resolved the issue.

Same way, I want to create link.But I am not sure for souce and destination, to create link. 

Matti_Kurkela
Honored Contributor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

>lib is already install:

>swlist|grep lib
 > libiconv                              1.14           libiconv

 

That's libiconv, not libz.

 

Libiconv handles character encodings and conversions between them, libz handles .gz format compression and decompression. You cannot replace one with the other. Soft links only help if a program is looking for an existing library in a wrong place: if the library is completely missing, creating a soft link to another library that has different functionality is not going to work.


The name "libz" is the name of the library file (e.g. libz.so, or with a version number like libz.so.1.2.3), but the programming project that produced it is named "zlib". So the name of a depot that contains libz.so might be either "libz" or "zlib".

MK
chetan morey
Advisor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Hi,

 

I installed same: zlib                                  1.2.7          zlib

 

Now, its showing new error,

$ /usr/local/bin/sudo su -
sudo: unable to stat /usr/local/etc/sudoers: No such file or directory
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Matti_Kurkela
Honored Contributor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

> sudo: unable to stat /usr/local/etc/sudoers: No such file or directory
> sudo: no valid sudoers sources found, quitting

 

This means the main configuration file of sudo does not exist. You should create it.

 

> sudo: unable to initialize policy plugin

This is apparently related to new features of sudo, maybe to LDAP-based sudo configuration? Anyway, the "policy plugin" should not be necessary for basic sudo functionality.

 

 

By the way, the use of "sudo su -" is an obsolete way to become root through sudo. "sudo -i" achieves exactly the same thing, without chaining through the "su" command.

 

(Old versions of sudo did not have the -i option, so "sudo su -" was used: it means "run command 'su -' as root". The "su -" part rebuilds the environment so that the session would get exactly the same environment as when logging in as root. As a side effect, sudo outputs one log message about this transition, and "su -" causes another log message, telling that root became root through sudo. In a busy system with multiple admins, this may make it harder to track who did what. In my opinion, "sudo -i" is a better way.)

 

To allow user "chetan" to use "sudo -i" to become root, your /usr/local/bin/sudo should contain this rule:

chetan ALL=(root) /sbin/sh

 

If you want to allow the obsolete "sudo su -", you could use this rule instead:

chetan ALL=(root) /usr/bin/su -

 

If you want to allow running any commands as any user through sudo (thus allowing each command that is run as root to be logged), you could use this rule:

chetan ALL=(ALL) ALL

This rule would allow doing things like:

$ whoami
chetan

$ sudo vi /etc/rc.config.d/netconf
<edit /etc/rc.config.d/netconf as root>

$ whoami
chetan

$ sudo -u oracle lsnrctl start
<run "lsnrctl start" as user "oracle">

 (In some high-security environments, it is mandatory to use sudo like this, instead of running a shell as root.)

 

MK
chetan morey
Advisor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Hi All,

 

I copied sudoers.samle to sudoers.Also changed permision to 777

 

nagrst:/usr/local/etc>ll
total 32
-rwxrwxrwx   1 root       sys           2851 Mar  4 15:35 sudoers
-r--r-----   1 root       root          2849 Feb 18 15:22 sudoers.sample
nagrst:/usr/local/etc>

 

 

Also I edited /usr/local/etc/sudoers file for chetan user,

 

## User privilege specification
##
chetan ALL=(ALL) ALL

 

Now new error is coming:

$ /usr/local/bin/sudo su -
sudo: /usr/local/etc/sudoers is world writable
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

 

Please suggest

 

 

Matti_Kurkela
Honored Contributor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

> sudo: /usr/local/etc/sudoers is world writable

 

Don't make the sudoers file world writable.

 

Since sudo runs as root always (it is a setuid root program), it will have no problem reading the file anyway. It checks the permissions of the sudoers file to make sure unauthorized users cannot modify it. If there are too much permissions, the sudo command will ignore the sudoers file.

 

The permissions should be similar to your sudoers.sample file, i.e. -r--r-----.

 

You should be using the "visudo" command to edit the sudoers file: it will automatically maintain the correct permissions, and will check the syntax of the sudoers file after any edits before replacing the active sudoers file with the edited version.

MK
chetan morey
Advisor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Hi All,

 

while using sudo it is asking for password,

$ /usr/local/bin/sudo su -
Password:

 

As suggested,

I edited sudoers file,

 

nagrst:/usr/local/etc>ll
total 32
-r--------   1 root       sys           2869 Mar  5 15:01 sudoers
-r--r-----   1 root       root          2849 Feb 18 15:22 sudoers.sample
nagrst:/usr/local/etc>visudo sudoers
sh: visudo:  not found.
nagrst:/usr/local/etc>whereis visudo
visudo: /usr/local/sbin/visudo /usr/local/share/man/man1m/visudo.1m
nagrst:/usr/local/etc>/usr/local/sbin/visudo sudoers
usage: visudo [-chqsV] [-f sudoers]
nagrst:/usr/local/etc>vi sudoers

 

 

## User privilege specification
##
#root ALL=(ALL) ALL
chetan ALL=(ALL)ALL

 

Please suggest to avoid password.

 

Matti_Kurkela
Honored Contributor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

> nagrst:/usr/local/etc>/usr/local/sbin/visudo sudoers

 

Try: "sudo /usr/local/sbin/visudo" without any other parameters. Or run "/usr/local/sbin/visudo" as root, without any parameters.

 

 

> Please suggest to avoid password.

 

Note that by default, sudo is asking for your *regular* password, not the root password. And if you run several sudo commands within a configurable time, only the first sudo command will ask for your password: the later commands will remember that a password was already asked recently, and will allow access without asking again.

 

If you want to allow your regular account (e.g. "chetan") to run any commands as root without requiring a password at all, the syntax would be:

 

chetan ALL = (ALL) NOPASSWD: ALL

 

But if you do that, make sure that your regular account has a strong password.

MK
chetan morey
Advisor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Hi All,

 

As per new requirement I installed

sudo-ldap                             1.8.6p7        Provide limited super-user privileges to specific users

 

But while switching to sudo following error is coming:

$ /usr/local/bin/sudo su -
sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory
sudo: fatal error, unable to load plugins

 

refering to previous,

$ ldd /usr/local/libexec/sudoers.so

/usr/local/libexec/sudoers.so:
        libpam.so.1 =>  /usr/lib/hpux32/libpam.so.1
        Unable to find library 'libldap.so.2'.

 

I downloaded, LDAPUX_B.05.01_HP-UX_B.11.31_IA_PA.depot.

 

Is it right deport to install? its size is 152MB.

 

 

 

Matti_Kurkela
Honored Contributor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Without knowing where you got the sudo-ldap depot, I cannot verify its requirements.

 

However, your LDAPUX is very likely the right depot. Please read the installation instructions carefully, as I think the LDAPUX depot has certain pre-requisites regarding patch levels. (I know the LDAPUX depot comes originally from software.hp.com, so that's where you can find the installation instructions too.)

 

The LDAPUX depot is a dual-architecture depot (*_IA_PA.depot), so it contains software for both PA-RISC and Itanium versions of HP-UX. That's why it's so big. The swinstall will automatically choose the appropriate contents for your hardware.

 

By running a command like "swlist -l file -s /full/path/to/LDAPUX_B.05.01_HP-UX_B.11.31_IA_PA.depot |grep libldap.so", you could see if the depot contains the requested library or not.

MK
chetan morey
Advisor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

Thanks Dennis Handly and Matti Kurkela for your support.

Now I am able to switch from normal user to root user using sudo.

 

As a next part I want to give limited root previlageous to a perticular user.

I am using following link for the same. 

 

http://www.sudo.ws/sudo/sudo.man.html#x504c5547494e53

 

 In link it show to edit perticular file like /etc/sudo.conf  file

 

 

But there is no such file generated.

 

Please suggest.

Matti_Kurkela
Honored Contributor

Re: sudo: unable to dlopen /usr/local/libexec/sudoers.so: No such file or directory.

The pathname in the link you posted assumes sudo is installed along with the OS, like it is done with most Linuxes today. But you're apparently using a package that installs to /usr/local, as a third-party add-on. So the pathname is probably /usr/local/etc/sudo.conf instead.

 

You should make sure that your $MANPATH environment variable includes /usr/local/man (see /etc/MANPATH and edit if necessary), then you should be able to run "man sudo" on your system. The man page creation process usually replaces the standard paths in the manpage text with the appropriate custom paths if the installation has been customized; so if you run "man sudo" the displayed man page should tell you the correct location of the sudo.conf file for your sudo installation.

 

But you might not even need sudo.conf unless you need special sudo plugins (a new feature). You should be reading the "sudoers" man page first: http://www.sudo.ws/sudo/sudoers.man.html

 

Note: the sudoers man page is very long, as the writer describes the file format in exacting detail, starting from individual configuration elements and building up. You may want to skip to the end, read the EXAMPLES section first to get a general idea of what the sudoers configuration will look like, and then read the rest of the man page to get the full understanding.

MK