Operating System - HP-UX
1838928 Members
2786 Online
110131 Solutions
New Discussion

Re: sudo user password does not work

 
Glenn Mitchell_2
Frequent Advisor

sudo user password does not work

OS: HPUX 11.11
System: 9000/N4000 Trusted System
Problem: User password is not recognised when a sudo command is executed.
Sudo software was installed using default configuration and default paths/logging. A test user was created using SAM and placed in a group called DEV. /etc/sudoers was edited with visudo with the following entry:

%DEV =kill -9

A process (top) was started under root. The test user logged in and tried to kill -9 the PID of the top process without success. When the test user executed the command "sudo kill -9 " he was asked for a password. His user password would not work not would the root password.

Questions:
1. Does sudo work on a trusted system?
2. What OS services and configurations need to be enabled to allow the user passwords to be recognised?
3. How do I change the sudo greeting message when sudo commands are executed?
Thank you for your help.
9 REPLIES 9
Muthukumar_5
Honored Contributor

Re: sudo user password does not work

Configuration of "%DEV =kill -9" will not work there. Try as,

visudo
=NOPASSWD : /usr/bin/kill -9

And try on command line as,
sudo kill -9 now

Refer this too,
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=692212
Easy to suggest when don't know about the problem!
Glenn Mitchell_2
Frequent Advisor

Re: sudo user password does not work

Thank you for your reply. But...
'Still no joy.
I used visudo to edit the /etc/sudoers file to modify the call as suggested but the sudo program still asks for a password even with NOPASSWD specified. Could the trusted system configuration be preventing the sudo program from processing the request?
Sridhar Bhaskarla
Honored Contributor

Re: sudo user password does not work

Hi Glenn,

Our 'sudo' works with trusted systems. However, we compile it in house with --with-pam option.

Do the following

#cd /wherever_sudo_is/bin
#ldd sudo

See if you see something like /usr/lib/libpam.1 => /usr/lib/libpam.1.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Sridhar Bhaskarla
Honored Contributor

Re: sudo user password does not work

Sorry, I didn't answer your last question. Your 'sudoers' file should have "no lecture" turned on to ignore the message as below.

Defaults !lecture

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Glenn Mitchell_2
Frequent Advisor

Re: sudo user password does not work

The following is displayed:

# ldd sudo
/usr/lib/libc.2 => /usr/lib/libc.2
/usr/lib/libdld.2 => /usr/lib/libdld.2
/usr/lib/libc.2 => /usr/lib/libc.2
/usr/lib/libsec.2 => /usr/lib/libsec.2
/usr/lib/libm.2 => /usr/lib/libm.2
#
Sridhar Bhaskarla
Honored Contributor

Re: sudo user password does not work

Means your sudo is not compiled with PAM. If compiled with PAM authentication, it will mask off trusted, shadow, regular password registry. One more test

sudo -V |grep -i -e "password" -e "authenticat"

And post the output.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Glenn Mitchell_2
Frequent Advisor

Re: sudo user password does not work

Thank you. The sudo version I'm using is 1.6.8p1


# sudo -V | grep -i -e "password" -e "authenticat"
Authentication methods: 'passwd'
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Require users to authenticate by default
Authentication timestamp timeout: 5 minutes
Password prompt timeout: 5 minutes
Number of tries to enter a password: 3
Incorrect password message: Sorry, try again.
Path to authentication timestamp dir: /var/run/sudo
Default password prompt: Password:
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
#
Glenn Mitchell_2
Frequent Advisor

Re: sudo user password does not work

I recompiled sudo with PAM and it now works both with and without password entry (per individual lines in the /etc/sudoers file). We are pleased with the security functionality this program gives - allowing our DBAs to execute application code needing root privilages - without giving them the password. We also like the audit trail it leaves behind.
Thank you for your help!
Emils Klotins
Occasional Advisor

Re: sudo user password does not work

Right!

I have just started on HP-UX, and have had 2 systems to install.

On the initial one, I didn't notice HP supplied sudo on one of the install disks, so I got sudo provided by http://gatekeep.cs.utah.edu/hppd/hpux/ HP-UX software place.

On the 2nd system, I got sudo from the HP supplied packages.

So, the HP INSTALL DISKS SUPPLIED SUDO WON'T WORK OUT OF BOX. The one from gatekeep will.

Ironic.