HPE Community
Operating System - HP-UX
1829625 Members
1871 Online
109992 Solutions
New Discussion

Re: sudo weirdness - working for 1 user, not for other?

 
Emils Klotins
Occasional Advisor

‎08-21-2005 10:14 PM

‎08-21-2005 10:14 PM

sudo weirdness - working for 1 user, not for other?

HP-UX 11.11, all the latest patches installed, after apps install.
- sudo 1.6.8p9

I have 1 user for whom sudo works, and another for whom it says "Sorry, try again". Is HPUX sudoers format different somehow??

/etc/sudoers:
# cat /etc/sudoers
Host_Alias THIS=ferro
Cmnd_Alias DB=/bin/su - oracle
root THIS=ALL
%dba THIS=ALL
%admins THIS=ALL
%ccdev THIS=DB
#

user1 is in group ccdev,
he can succesfully do a: sudo su - oracle

user2 is in group admins, but:

$ sudo su -
Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt
$

Yes, the passwords are entered correctly, tried it several times.
0 Kudos
12 REPLIES 12
Jannik
Honored Contributor

‎08-21-2005 10:25 PM

‎08-21-2005 10:25 PM

Re: sudo weirdness - working for 1 user, not for other?

you have typed:
sudo su -
this is the command to su to root the command should be:
sudo su - oracle

for more information look into your /var/adm/syslog file it will read permission denied.
jaton
0 Kudos
Emils Klotins
Occasional Advisor

‎08-21-2005 10:28 PM

‎08-21-2005 10:28 PM

Re: sudo weirdness - working for 1 user, not for other?

That is not so.

user2 is in group admins, admins is defined in sudoers as:

%admins THIS=ALL

which, in my understanding means I should be able to do "sudo su -" on its own too.

That's at least the way it works on AIX & Linux.
0 Kudos
Gopi Sekar
Honored Contributor

‎08-22-2005 12:05 AM

‎08-22-2005 12:05 AM

Re: sudo weirdness - working for 1 user, not for other?


%admins THIS=ALL

means people who belong to admins group can execute any command by sudo. so try running any other command with sudo, see whether it works.

Regards,
Gopi
Never Never Never Giveup
0 Kudos
Rick Garland
Honored Contributor

‎08-22-2005 01:16 AM

‎08-22-2005 01:16 AM

Re: sudo weirdness - working for 1 user, not for other?

For the first user, the info was input correctly into the sudoers file by using the 'visudo' command.

For the other user, the info was input into the sudoers file using the 'vi sudoers' command.

Any changes to the sudoers file must be accomplished using the 'visudo' command.
0 Kudos
Emils Klotins
Occasional Advisor

‎08-22-2005 01:33 AM

‎08-22-2005 01:33 AM

Re: sudo weirdness - working for 1 user, not for other?

Thanks for the tips, so far I am out of luck still, though:

1/ I only edit sudoers file with visudo (and there are no other users with root access currently).

2/ other commands are unavailable to user2 either, not only "su -"

$ sudo ls /bin
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:

0 Kudos
Gopi Sekar
Honored Contributor

‎08-22-2005 01:43 AM

‎08-22-2005 01:43 AM

Re: sudo weirdness - working for 1 user, not for other?


then the problem is more likely with your configuration. try to be more liberal in your configuration to find out the problem. try giving like: %admins ALL=ALL and see whether it works for the user2.

Regards,
Gopi
Never Never Never Giveup
0 Kudos
Emils Klotins
Occasional Advisor

‎08-22-2005 01:47 AM

‎08-22-2005 01:47 AM

Re: sudo weirdness - working for 1 user, not for other?

Thank you, tried that. No luck atm on:

%admins ALL=ALL

neither on:

user2 ALL=ALL

0 Kudos
Emils Klotins
Occasional Advisor

‎08-22-2005 01:51 AM

‎08-22-2005 01:51 AM

Re: sudo weirdness - working for 1 user, not for other?

Btw, syslog says that it is:

ferro sudo: : 1 incorrect password attempt ; TTY=pts/2 ;....
0 Kudos
Rick Garland
Honored Contributor

‎08-22-2005 02:10 AM

‎08-22-2005 02:10 AM

Re: sudo weirdness - working for 1 user, not for other?

What kind of passwd does user2 have? Is it very cryptic with special characters? How does it differ from user1?

Try changing the passwd to something simple (only for this test). Then test the sudo access.




0 Kudos
Gopi Sekar
Honored Contributor

‎08-22-2005 02:12 AM

‎08-22-2005 02:12 AM

Re: sudo weirdness - working for 1 user, not for other?


which password you are trying it with ? is it user's password or root password? i believe it has to be user's password.

try this:
user2 ALL=NOPASSWD: ALL

Never Never Never Giveup
0 Kudos
Emils Klotins
Occasional Advisor

‎08-22-2005 06:10 PM

‎08-22-2005 06:10 PM

Re: sudo weirdness - working for 1 user, not for other?


Thanks everybody for the input!

The password question led me to the right answer.

I had let HP-UX generate a password for me, however, according system policy it generated a 10 char password, which sudo does not seem to understand.

I tried it with a 6 char password, and it works now.
0 Kudos
Emils Klotins
Occasional Advisor

‎08-22-2005 06:21 PM

‎08-22-2005 06:21 PM

Re: sudo weirdness - working for 1 user, not for other?

solution: system password was too long for sudo
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.