Newest sudo Questions

Q&A for system and network administrators

Sudo redirected stdout file ownership

I am redirecting stdout from a sudo. However, the file ownership of the output file is the user who ran sudo, not the sudo target user. I'm logged in as 'root' for the command below: sudo -u ...

How to sudo another user without password

Parts of the configuration in my /etc/sudousers #includedir /etc/sudoers.d web ALL=NOPASSWD: ALL somebody ALL=NOPASSWD: ALL I have two non-super users granted with sudo-without passsword. Each of ...

Sudoers entry doesn't effect on script execution

I have added entry to the sudoers to allow execute a script without typing jdoe ALL=(ALL) NOPASSWD: /usr/bin/doveadm but when user jdoe is trying to execute /usr/bin/doveadm acl get -u jdoe@...

uninstalled cracklib-dicts, sudo gone, how to recover

I was trying to install the packer utility to build AWS AMI's. However it was conflicting with a builtin utility of the same name, which is part of the cracklib-dicts package. I used yum to remove ...

sudo not working on certain commands

I have a rather weird problem with sudo on Debian 8: user cannot execute some of commands in /etc/sudoers.d. I use Chef to distribute configurations, so all files are automatically generated. ...

Use SSH to copy remote files to local NAS drive

I'm looking to create a script that logs into a machine and pulls back files to a NAS server. The files will be put into a compressed file as it downloads. Because the script will be looking to ...

How to force sudo to use existing kerberos ticket?

Ok, so I'm using Windows Server 2012 as a Domain Controller. I've connected two Centos7 clients to the domain via samba. Authentication works as expected via SSH; however, when attempting to sudo, ...

can't login as root on a remote Redhat Server

I am currently working on a remote RedHat server(RHEL version 6.7 x86_64). I can login as a user by using userID and password which is provided by the server administrator. But when I try to login as ...

LDAP and sudo group

we have a lot of small servers (around 30) and different services in our company and just moved to LDAP for better user management. We managed to make all the necessary stuff work over LDAP: Login, ...

How to set the sudoers in centos desktop?

In centos6.8, even set the default desktop background need the root password, then I use sudo function in my company 500 laptops. james01 ALL=(ALL) NOPASSWD: sbin/route, /sbin/ifconfig, /bin/...

ssh -t -t sudo displays back my password

My problem is about executing sudo over SSH. I have tried various things, but non works. Here is my script: ssh my-host /bin/bash << EOF # some commands... sudo -u my-user -s -- << EOFF ...

Restrict Files from sudo User

(Developer here - relative novice in the sysadmin world). Does anyone know of a way that files can be restricted (no read, write, or execute access) from the sudo user? A little background on the ...

SaltStack: /etc/sudo: /bin/systemctl vs /usr/bin/systemctl

We use SaltStack for configuration management since some weeks. How to handle the distribution specific location of systemctl? On Ubuntu: /bin/systemctl On SuSE: /usr/bin/systemctl At the moment I ...

SUDO Keeps promting for password, when using SSSD with AD

Hi I am trying to setup SSSD to authenticate to AD on RHEL. I able able to login with my AD user and password and see my groups when I run id. But when I try to use sudo, it just keeps prompting for ...

sudo: pam_wheel(sudo:auth): unknown option

[ Background ] I have a Red Hat Enterprise Linux 6.8 machine running on Dell R720. This machine runs MicroStrategy 10 Intelligence server. There are some home-grown scripts to stop, start and ...

Confusing e-mail related to sudo

My system occasionally sends me this email. (My domain has been replaced with [DOMAIN] and my username has been replaced with [USERNAME].) Subject: *** SECURITY information for [DOMAIN] *** [DOMAIN]...

How do I allow a normal user to restart a supervisor group without password?

I am trying to allow a user in the group deployer to restart a supervisor group without a password; this is the content of my /etc/sudoers.d/deploy: %deployer ALL=(ALL:ALL) NOPASSWD:/usr/sbin/service ...

Configure email for incorrect sudo password

I can't find any information on mail_badpass specified in /etc/sudoers and whether this is configurable. I'd like to make the emails a bit more readable and hopefully add more information in there ...

Is there a way to configure sudo to not need to lookup group names / or speed up sssd group name resolution?

I've got a large number of Linux hosts that are connected using sssd to a windows active directory domain for user/group lookup. That mostly works fine except for one problem; sudo From what I'...

Controlling access to VMware vCloud and OpenStack Nova Compute VMs using LDAP

We are thinking of using LDAP based Identity and Access Management setup with VMware vCloud and OpenStack Nova Compute VMs. VMware vCloud and OpenStack Nova Compute VMs are self-serve in that the end-...

Fixing a duplicate in sources.list - Not sure what to delete

For a while I've been having this issue but I'm not too sure what to modify in /etc/apt/sources.list. Here is my sources.list file: ## Note, this file is written by cloud-init on first boot of an ...

Why am I unable to execute command as another user in CentOs?

On a remote server, it used to be the case that it was possible to execute a command as another user using the sudo -u command but lately, I have been unable to accomplish this. When I do I receive ...

How to Disable sudo contacting ldap searver

I have trouble when I execute a sudo command as non-root user I get this error sudo: ldap_start_tls_s(): Can't contact LDAP server. How can I disable sudo to use local file instead of ldap server. ...

sudo as a different user than the current one

My user has a terribly long password because I'm using home directory encryption. I don't want to type in this password whenever I'm using sudo neither do I want to get rid of the password prompt ...

visudo + how to enable user to delete any file under /var/log/http

I want to enable user - "Ertop" to delete any file or directory under /var/log/http by update the visudo I have redhat machine version 6.x user name is Ertop I set the following in visudo but not ...

Allow www-data to use another user - sudo or ssh

I would like to allow my PHP script (hosted with apache2) to execute commands with another user account. I don't want another website hosted on the server to be able to connect to that another user ...

sudo for any user to another user with same login name + string

Is it possible to allow any user to sudo as another user where target username is same as original username, but ending with a specific string? For example, if there are 100 users such as: bdole ...

I changed the owner of sudo. Is it possible to change it back to root?

Title says it all. I was copy-paste troubleshooting and I accidentally changed the owner of sudo from root to my username. No I can't sudo because: sudo: effective uid is not 0, is sudo installed ...

Sudo makemap permission denied [duplicate]

I'm trying to use the makemap hash command, but even as root it says Permission denied. Command i'm trying to run: sudo makemap hash /etc/mail/authinfo/gmail-auth < /etc/mail/authinfo/gmail-auth -...

Sudo inside for loop?

In a standard bash shell, I was trying to cat a file from several users' home directories which are on a root-squashed NFS mount so I couldn't just read them as root : sudo -u userA cat ~userA/blah ...

Permission denied when executing perl via sudo

Command: ssh user@testhost "sudo -u tester env PERL5LIB=/home/tester/perl5/lib/perl5 /home/tester/perl5/bin/testperl" Result: Can't locate testperl.pm: Permission denied at /home/mogile/perl5/...

Linux: set up for remote sysadmin

Every now and then I get the odd request to provide remote support, troubleshooting and/or performance tuning on Linux systems. Larger companies often already have well established procedures to ...

Running systemd-tty-ask-password-agent without sudo

We have user home directories that are automatically mounted via autofs through LDAP. Every time a user wants to cd into their home directory, we get an error message as follows: Please enter password ...

How can I allow a normal user to stop Postgresql on Ubuntu 16.04?

My user is 'peaagent'. I have tried visudo -f /etc/sudoers.d/peaagent with the following: peaagent ALL = (root) NOPASSWD: /bin/systemctl stop postgresql.service When I try stop Postgresql as ...

Parse error in sudoers file

I've created a user called kafka to whom I am trying to give a sudo access to run only /etc/init.d/kafka commands. I added the following entry to /etc/sudoers.d/kafka via Ansible: kafka ALL = ...

Ubuntu 16.04 Node/ NVM - cannot sudo gulp (where is the .profile for sudo)?

I have installed NVM on an ubuntu server so that it is easy to change node versions. The install is working fine, and I insert nvm use 5.12.0 in the users .profile so the default nvm is in play. I ...

Executing Vpopmail Command using a Web Application

I have implemented php with fastcgi and enabled suexec but when I run below command in using php: shell_exec("sudo /home/vpopmail/bin/vadddomain harizon.com password "); its not executing. When I ...

/dev/sdc1: unable to read superblock

Linux Ubuntu 14.04 (azure server) I was trying to backup /dev/sda1 drive so I executed the sudo dd if=/dev/sda1 of=/dev/sdc1 command. While executing the command is available, the space was ...

sudo: /usr/bin/systemctl vs /bin/systemctl

Up to now, we have two lines in our sudoers file, since systemctl is sometimes in /usr/bin and sometimes in /bin (depending on the linux distro): foo ALL = NOPASSWD: /usr/bin/systemctl restart ...

ipa users cannot sudo on some machines only, including the ipa server

I'm having trouble with freeipa on a few machines. It's been very frustrating to debug so far. Here's the details of the issue; How it manifests: The user can login just fine to any host, but on ...

How do I list virsh networks without sudo?

I noticed a strange behavior on one machine using Debian that I can't reproduce on another machine running Ubuntu. When listing virsh networks as an ordinary user, it shows an empty list: ~$ virsh ...

File in sudoers.d/ directory became corrupt, cannot delete it? pkexec not working (Azure VM)

So I've got an Azure VM where I wanted to copy a file into an /etc/sudoers.d/ folder. Obviously I've tested the file before copying it, however something weird must have happened when transferring it ...

effective uid is not 0, is sudo installed setuid root? [duplicate]

I am using a cloud server of godaddy & I don't have root password. My master user has root access through sudo. I was trying to create another user and set permission for a specific directory. I'...

Permission to read a specific file with sudo

For reasons, I need to read /root/.ssh/authorized_keys with a user who hasn't the right to read it. Obviously, I can't change the rights (nor the ACL) of the file, because ssh wouldn't like it. I ...

Error mounting ebs in amazon ec2

I have accidently changed permissions for my /etc/sudoers and /etc folders and thereby I am unable to access anything through sudo. After that I detached my ebs volume from the instance and attached ...

Ubuntu 16.04 lxc no tty present and no askpass program specified

I'm using Ubuntu 16.04 and lxc 2.0.7-0ubuntu1~16.04.1, I got this error sudo: no tty present and no askpass program specified in an unprivileged container( Ubuntu 16.04 amd64). This is my /dev ...

Why do some commands require su instead of just sudo to do? [duplicate]

I thought that running a command with sudo was identical to logging in as the root user and executing the command. However I have found a few commands that do not work with sudo but do work for su. ...

sudo -S sh -c “bash” <passwordfile returns immediately

I have a script which opens terminal windows and sends commands to them. Some of these had to run as root so I would send them this command sudo sh -c 'do_stuff && bash' This would run some ...

Can I manage sudoers from Open Directory?

I have configured Open Directory & integrated it with Microsoft Active Directory so that the users sync with Open Directory. Now I want to manage sudo commands from Open Directory. Is this ...

Sudoers in LDAP, sudoHost ALL except for few hosts

We have a Sudo Rule defined as follows: sudoHost: ALL sudoCommand: ALL Now we want to exclude few hosts from the sudoHost: ALL. How do we do that? ALL is inventory of 100s of hosts that changes ...
Translating... 0%