HPE Community
Operating System - HP-UX
1833458 Members
3257 Online
110052 Solutions
New Discussion

Unable to sudo to root on console (/dev/console) window

 
Ra Jose
Regular Advisor

‎01-17-2008 10:18 AM

‎01-17-2008 10:18 AM

Unable to sudo to root on console (/dev/console) window

Hello freinds,

We have sudo setup in our environment, so if user wants to become root, user has to
$ sudo su -
Then enter user's password.
This will put the user on root id. This works fine, if I open a ssh or telnet window to the server (IA or PA).
But if the user logs into MP and opens a console window, user will be presented to login. User enters login/pw info and is logged in. Now, on the console window, if you try to
sudo su -
it will error out. I am unable to figure out
why sudo su - works on regular telnet/ssh winow and does not work on console window.

Some out put I have given below -
$> sudo su -
Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt
Jan 17 13:16:29 f3e1qa11 sudo: rajose : 1 incorrect password attempt ; TTY=console ; PWD=/home/rajose ; USER=root ; COMMAND=/usr/bin/su -

$> tty
/dev/console

Anyone has noticed this? Any help is appreciated.

Thank you
Rajose
0 Kudos
13 REPLIES 13
Matti_Kurkela
Honored Contributor

‎01-17-2008 12:12 PM

‎01-17-2008 12:12 PM

Re: Unable to sudo to root on console (/dev/console) window

If you've logged on as a non-root user from the MP console, check your TERM environment variable and "stty -a" settings first.

Chances are, your TERM will be set to "dumb" and your intr, erase and kill characters are not what you'd expect. Like on ancient Teletypes, # will mean "delete character" and @ will be "kill (delete) entire line".

If your password contains these characters, you'll surely fail unless you fix these settings first.

So:

TERM=vt100 # or xterm or whatever you've got
stty intr ^C kill ^U erase ^? susp ^Z

MK
MK
0 Kudos
Ra Jose
Regular Advisor

‎01-18-2008 07:12 AM

‎01-18-2008 07:12 AM

Re: Unable to sudo to root on console (/dev/console) window

TERM is set to vt100 and all stty setting are right. The sudo still does not allow me to become root on console window.
0 Kudos
IT Response
Esteemed Contributor

‎01-30-2008 02:24 PM

‎01-30-2008 02:24 PM

Re: Unable to sudo to root on console (/dev/console) window

If it is a trusted system, this behavior can be changed by adding "timeout_timestamp=0" to the sudoers file(/opt/iexpress/sudo/etc/sudoers)
0 Kudos
Ra Jose
Regular Advisor

‎01-31-2008 08:05 AM

‎01-31-2008 08:05 AM

Re: Unable to sudo to root on console (/dev/console) window

Is it timeout_timestamp or timestamp_timeout,

In my sudoers file, I put it like this -
Defaults logfile=/var/adm/sudo.log, timeout_timestamp=0
The visudo did not recognize this parameter.
Then I chaged to timestamp_timeout=0, it
saved the file without errors.

I tried sudo su - on my console window,
it still says -
$ sudo su -
Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt
Jan 31 11:00:39 fex2 sudo: user : 1 incorrect password attempt ; TTY=console ; PWD= ; USER=root ; COMMAND=/usr/bin/su -
$ tty
/dev/console
$

Although I am giving correct user password, it
still does not change to root on console window. It is a trusted system.
0 Kudos
Torsten.
Acclaimed Contributor

‎01-31-2008 08:21 AM

‎01-31-2008 08:21 AM

Re: Unable to sudo to root on console (/dev/console) window

Question is not answered yet:

Does the password contain @ or #?

See Matti's post.

BTW, maybe I miss something here, but is there a basic difference between a plain "su -" and your command (why do you use sudo here)?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
OldSchool
Honored Contributor

‎01-31-2008 08:28 AM

‎01-31-2008 08:28 AM

Re: Unable to sudo to root on console (/dev/console) window

"BTW, maybe I miss something here, but is there a basic difference between a plain "su -" and your command (why do you use sudo here)?"

Torsten - lets him su from a user to root w/o knowing root's password. it *should* be (based on the error message) asking for the password of user "rajose".

I gotta admit, I've never tried this, or sudo from the console either
0 Kudos
Ra Jose
Regular Advisor

‎01-31-2008 08:34 AM

‎01-31-2008 08:34 AM

Re: Unable to sudo to root on console (/dev/console) window

well, the site here uses sudo. We are not
given root passwords. It is centrally maintained by security group. The sysadmins have been given access to root privilege via sudo.

So if I have to make modifications to the system, I change to root via sudo. This asks my user password and lets me into the system as root. All activities are logged. Once I am done, I exit out of this and become ordinary user.

The su - command does changes to root but asks for root pw which we don't know. Hence, sudo has this privilege.

I will double check once again the terminal settings to make sure the stty and my characters in password do not match.

Rajose.
0 Kudos
Torsten.
Acclaimed Contributor

‎01-31-2008 09:27 AM

‎01-31-2008 09:27 AM

Re: Unable to sudo to root on console (/dev/console) window

Got it, thanks.

IMHO it's time to check the password now.
No @ and # and no longer than 8 chars?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Ra Jose
Regular Advisor

‎01-31-2008 09:56 AM

‎01-31-2008 09:56 AM

Re: Unable to sudo to root on console (/dev/console) window

I checked password. It is <8 chars and
contain only alpha-numeric. I still get
error changing to root via sudo on console.

If anyone had sudo implementation, they can
probably try this.
Rajose.
0 Kudos
OldSchool
Honored Contributor

‎01-31-2008 10:23 AM

‎01-31-2008 10:23 AM

Re: Unable to sudo to root on console (/dev/console) window

well...i *did* try it on an older system (hpux 11.0 and sudo 1.6.8p5 and a green-screen console).

Logged in at the console using my personal id and ran "/usr/local/bin/sudo su -".

Accepted my password and logged me in as root....no issues..
0 Kudos
Ra Jose
Regular Advisor

‎01-31-2008 10:33 AM

‎01-31-2008 10:33 AM

Re: Unable to sudo to root on console (/dev/console) window

Thx Oldschool. Let me check the sudo version
and see if I can get the latest and try.
0 Kudos
Ra Jose
Regular Advisor

‎02-01-2008 01:35 PM

‎02-01-2008 01:35 PM

Re: Unable to sudo to root on console (/dev/console) window

The new version of sudo worked fine.
0 Kudos
Ra Jose
Regular Advisor

‎02-01-2008 01:50 PM

‎02-01-2008 01:50 PM

Re: Unable to sudo to root on console (/dev/console) window

The new version of sudo resolved the issue.
1.6.9p8 is the new version available on
HP's swdepot under security category

Rajose.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.