Newest sudo Questions

Q&A for system and network administrators

Sudoers in LDAP, sudoHost ALL except for few hosts

We have a Sudo Rule defined as follows: sudoHost: ALL sudoCommand: ALL Now we want to exclude few hosts from the sudoHost: ALL. How do we do that? ALL is inventory of 100s of hosts that changes ...

/dev/sdc1: unable to read superblock

Linux Ubuntu 14.04 (azure server) I was trying to backup /dev/sda1 drive so I executed the sudo dd if=/dev/sda1 of=/dev/sdc1 command. While executing the command is available, the space was ...

How to force sudo to use existing kerberos ticket?

Ok, so I'm using Windows Server 2012 as a Domain Controller. I've connected two Centos7 clients to the domain via samba. Authentication works as expected via SSH; however, when attempting to sudo, ...

Is there a way to configure sudo to not need to lookup group names / or speed up sssd group name resolution?

I've got a large number of Linux hosts that are connected using sssd to a windows active directory domain for user/group lookup. That mostly works fine except for one problem; sudo From what I'...

Running systemd-tty-ask-password-agent without sudo

We have user home directories that are automatically mounted via autofs through LDAP. Every time a user wants to cd into their home directory, we get an error message as follows: Please enter password ...

Can I manage sudoers from Open Directory?

I have configured Open Directory & integrated it with Microsoft Active Directory so that the users sync with Open Directory. Now I want to manage sudo commands from Open Directory. Is this ...

Executing Vpopmail Command using a Web Application

I have implemented php with fastcgi and enabled suexec but when I run below command in using php: shell_exec("sudo /home/vpopmail/bin/vadddomain harizon.com password "); its not executing. When I ...

How to Disable sudo contacting ldap searver

I have trouble when I execute a sudo command as non-root user I get this error sudo: ldap_start_tls_s(): Can't contact LDAP server. How can I disable sudo to use local file instead of ldap server. ...

Sudo makemap permission denied [duplicate]

I'm trying to use the makemap hash command, but even as root it says Permission denied. Command i'm trying to run: sudo makemap hash /etc/mail/authinfo/gmail-auth < /etc/mail/authinfo/gmail-auth -...

Why do some commands require su instead of just sudo to do? [duplicate]

I thought that running a command with sudo was identical to logging in as the root user and executing the command. However I have found a few commands that do not work with sudo but do work for su. ...

Is there a way in Linux where one non root user can check if another non root user is using OpenSSL or not without sudo permission?

Consider this scenario where User-A and User-B are both non-root user are running inside a server. User-A is running different Program P1 (pid-2814),P2(pid-2815) whereas User-B is running different ...

Composer works as Common User but not root

When I run 'composer' as a common user, composer runs just fine. However if I run 'sudo composer' I receive a command not found message. When I enter 'sudo /usr/local/bin/composer' it works just fine. ...

Fixing a duplicate in sources.list - Not sure what to delete

For a while I've been having this issue but I'm not too sure what to modify in /etc/apt/sources.list. Here is my sources.list file: ## Note, this file is written by cloud-init on first boot of an ...

Linux: set up for remote sysadmin

Every now and then I get the odd request to provide remote support, troubleshooting and/or performance tuning on Linux systems. Larger companies often already have well established procedures to ...

sudo -S sh -c “bash” <passwordfile returns immediately

I have a script which opens terminal windows and sends commands to them. Some of these had to run as root so I would send them this command sudo sh -c 'do_stuff && bash' This would run some ...

Sudo inside for loop?

In a standard bash shell, I was trying to cat a file from several users' home directories which are on a root-squashed NFS mount so I couldn't just read them as root : sudo -u userA cat ~userA/blah ...

Controlling access to VMware vCloud and OpenStack Nova Compute VMs using LDAP

We are thinking of using LDAP based Identity and Access Management setup with VMware vCloud and OpenStack Nova Compute VMs. VMware vCloud and OpenStack Nova Compute VMs are self-serve in that the end-...

sudo: pam_wheel(sudo:auth): unknown option

[ Background ] I have a Red Hat Enterprise Linux 6.8 machine running on Dell R720. This machine runs MicroStrategy 10 Intelligence server. There are some home-grown scripts to stop, start and ...

How to register user on ejabberd using php code?

I am trying to register user on ejabberd linux server. I am using below php code <?php $username = 'hello'; $password = 'hello'; $node = 'my ip'; exec('sudo -S ejabberd /usr/sbin/...

How can I allow a normal user to stop Postgresql on Ubuntu 16.04?

My user is 'peaagent'. I have tried visudo -f /etc/sudoers.d/peaagent with the following: peaagent ALL = (root) NOPASSWD: /bin/systemctl stop postgresql.service When I try stop Postgresql as ...

File in sudoers.d/ directory became corrupt, cannot delete it? pkexec not working (Azure VM)

So I've got an Azure VM where I wanted to copy a file into an /etc/sudoers.d/ folder. Obviously I've tested the file before copying it, however something weird must have happened when transferring it ...

How do I list virsh networks without sudo?

I noticed a strange behavior on one machine using Debian that I can't reproduce on another machine running Ubuntu. When listing virsh networks as an ordinary user, it shows an empty list: ~$ virsh ...

LDAP and sudo group

we have a lot of small servers (around 30) and different services in our company and just moved to LDAP for better user management. We managed to make all the necessary stuff work over LDAP: Login, ...

Permission denied when executing perl via sudo

Command: ssh user@testhost "sudo -u tester env PERL5LIB=/home/tester/perl5/lib/perl5 /home/tester/perl5/bin/testperl" Result: Can't locate testperl.pm: Permission denied at /home/mogile/perl5/...

sudo: /usr/bin/systemctl vs /bin/systemctl

Up to now, we have two lines in our sudoers file, since systemctl is sometimes in /usr/bin and sometimes in /bin (depending on the linux distro): foo ALL = NOPASSWD: /usr/bin/systemctl restart ...

Allow www-data to use another user - sudo or ssh

I would like to allow my PHP script (hosted with apache2) to execute commands with another user account. I don't want another website hosted on the server to be able to connect to that another user ...

Error mounting ebs in amazon ec2

I have accidently changed permissions for my /etc/sudoers and /etc folders and thereby I am unable to access anything through sudo. After that I detached my ebs volume from the instance and attached ...

SaltStack: /etc/sudo: /bin/systemctl vs /usr/bin/systemctl

We use SaltStack for configuration management since some weeks. How to handle the distribution specific location of systemctl? On Ubuntu: /bin/systemctl On SuSE: /usr/bin/systemctl At the moment I ...

Failed getting release file while run debootstrap with sudo [migrated]

if I run debootstrap in with sudo i get the following output: I: Retrieving InRelease I: Failed to retrieve InRelease I: Retrieving Release E: Failed getting release file http://de.archive.ubuntu....

Use SSH to copy remote files to local NAS drive

I'm looking to create a script that logs into a machine and pulls back files to a NAS server. The files will be put into a compressed file as it downloads. Because the script will be looking to ...

Confusing e-mail related to sudo

My system occasionally sends me this email. (My domain has been replaced with [DOMAIN] and my username has been replaced with [USERNAME].) Subject: *** SECURITY information for [DOMAIN] *** [DOMAIN]...

effective uid is not 0, is sudo installed setuid root? [duplicate]

I am using a cloud server of godaddy & I don't have root password. My master user has root access through sudo. I was trying to create another user and set permission for a specific directory. I'...

I changed the owner of sudo. Is it possible to change it back to root?

Title says it all. I was copy-paste troubleshooting and I accidentally changed the owner of sudo from root to my username. No I can't sudo because: sudo: effective uid is not 0, is sudo installed ...

Configure email for incorrect sudo password

I can't find any information on mail_badpass specified in /etc/sudoers and whether this is configurable. I'd like to make the emails a bit more readable and hopefully add more information in there ...

visudo + how to enable user to delete any file under /var/log/http

I want to enable user - "Ertop" to delete any file or directory under /var/log/http by update the visudo I have redhat machine version 6.x user name is Ertop I set the following in visudo but not ...

can't login as root on a remote Redhat Server

I am currently working on a remote RedHat server(RHEL version 6.7 x86_64). I can login as a user by using userID and password which is provided by the server administrator. But when I try to login as ...

Parse error in sudoers file

I've created a user called kafka to whom I am trying to give a sudo access to run only /etc/init.d/kafka commands. I added the following entry to /etc/sudoers.d/kafka via Ansible: kafka ALL = ...

Ansible-galaxy not working with sudo

I'm having problems instaling plugins with ansible-galaxy. I've tried 3 things: Instaling without sudo: ansible-galaxy install sfromm.epel [WARNING]: - sfromm.epel was NOT installed successfully: ...

ipa users cannot sudo on some machines only, including the ipa server

I'm having trouble with freeipa on a few machines. It's been very frustrating to debug so far. Here's the details of the issue; How it manifests: The user can login just fine to any host, but on ...

How can I ensure auditability and least privilege based on AWS users inside an EC2 image?

I'm interning at a company which runs in an AWS environment and is starting to look into locking down user privileges, so I'm looking into ways to secure EC2 instances. Specifically, I want to find a ...

SUDO Keeps promting for password, when using SSSD with AD

Hi I am trying to setup SSSD to authenticate to AD on RHEL. I able able to login with my AD user and password and see my groups when I run id. But when I try to use sudo, it just keeps prompting for ...

Sudoers entry doesn't effect on script execution

I have added entry to the sudoers to allow execute a script without typing jdoe ALL=(ALL) NOPASSWD: /usr/bin/doveadm but when user jdoe is trying to execute /usr/bin/doveadm acl get -u jdoe@...

CentOS 7 Virsh - Allow Non Sudo Users to Interface with QEMU / KVM / Virtual Machines

Is there a way to allow non sudo users access to KVM QEMU virtual machines in CentOS 7? I want to allow a non-root user to manage KVM guest virtual machines without having sudo access. Mainly, I'd ...

Why am I unable to execute command as another user in CentOs?

On a remote server, it used to be the case that it was possible to execute a command as another user using the sudo -u command but lately, I have been unable to accomplish this. When I do I receive ...

ssh -t -t sudo displays back my password

My problem is about executing sudo over SSH. I have tried various things, but non works. Here is my script: ssh my-host /bin/bash << EOF # some commands... sudo -u my-user -s -- << EOFF ...

How to set the sudoers in centos desktop?

In centos6.8, even set the default desktop background need the root password, then I use sudo function in my company 500 laptops. james01 ALL=(ALL) NOPASSWD: sbin/route, /sbin/ifconfig, /bin/...

Ubuntu 16.04 Node/ NVM - cannot sudo gulp (where is the .profile for sudo)?

I have installed NVM on an ubuntu server so that it is easy to change node versions. The install is working fine, and I insert nvm use 5.12.0 in the users .profile so the default nvm is in play. I ...

Allowing PHP to run specific bash script with root permissions

I have a php script calling a bash script like this: <?php $result = exec('sudo /bin/bash /var/www/my_bash_script.sh /var/www/vhosts/testsite/htdocs/'); var_dump($result); ?> This is ...

How do I allow a normal user to restart a supervisor group without password?

I am trying to allow a user in the group deployer to restart a supervisor group without a password; this is the content of my /etc/sudoers.d/deploy: %deployer ALL=(ALL:ALL) NOPASSWD:/usr/sbin/service ...

Restrict Files from sudo User

(Developer here - relative novice in the sysadmin world). Does anyone know of a way that files can be restricted (no read, write, or execute access) from the sudo user? A little background on the ...
Translating... 0%