Newest sudo Questions

Q&A for system and network administrators

Controlling access to VMware vCloud and OpenStack Nova Compute VMs using LDAP

We are thinking of using LDAP based Identity and Access Management setup with VMware vCloud and OpenStack Nova Compute VMs. VMware vCloud and OpenStack Nova Compute VMs are self-serve in that the end-...

How can I allow a normal user to stop Postgresql on Ubuntu 16.04?

My user is 'peaagent'. I have tried visudo -f /etc/sudoers.d/peaagent with the following: peaagent ALL = (root) NOPASSWD: /bin/systemctl stop postgresql.service When I try stop Postgresql as ...

LDAP and sudo group

we have a lot of small servers (around 30) and different services in our company and just moved to LDAP for better user management. We managed to make all the necessary stuff work over LDAP: Login, ...

Error mounting ebs in amazon ec2

I have accidently changed permissions for my /etc/sudoers and /etc folders and thereby I am unable to access anything through sudo. After that I detached my ebs volume from the instance and attached ...

ipa users cannot sudo on some machines only, including the ipa server

I'm having trouble with freeipa on a few machines. It's been very frustrating to debug so far. Here's the details of the issue; How it manifests: The user can login just fine to any host, but on ...

Sudo makemap permission denied [duplicate]

I'm trying to use the makemap hash command, but even as root it says Permission denied. Command i'm trying to run: sudo makemap hash /etc/mail/authinfo/gmail-auth < /etc/mail/authinfo/gmail-auth -...

/dev/sdc1: unable to read superblock

Linux Ubuntu 14.04 (azure server) I was trying to backup /dev/sda1 drive so I executed the sudo dd if=/dev/sda1 of=/dev/sdc1 command. While executing the command is available, the space was ...

Why do some commands require su instead of just sudo to do? [duplicate]

I thought that running a command with sudo was identical to logging in as the root user and executing the command. However I have found a few commands that do not work with sudo but do work for su. ...

Ubuntu 16.04 lxc no tty present and no askpass program specified

I'm using Ubuntu 16.04 and lxc 2.0.7-0ubuntu1~16.04.1, I got this error sudo: no tty present and no askpass program specified in an unprivileged container( Ubuntu 16.04 amd64). This is my /dev ...

Is there a way to configure sudo to not need to lookup group names / or speed up sssd group name resolution?

I've got a large number of Linux hosts that are connected using sssd to a windows active directory domain for user/group lookup. That mostly works fine except for one problem; sudo From what I'...

Fixing a duplicate in sources.list - Not sure what to delete

For a while I've been having this issue but I'm not too sure what to modify in /etc/apt/sources.list. Here is my sources.list file: ## Note, this file is written by cloud-init on first boot of an ...

File in sudoers.d/ directory became corrupt, cannot delete it? pkexec not working (Azure VM)

So I've got an Azure VM where I wanted to copy a file into an /etc/sudoers.d/ folder. Obviously I've tested the file before copying it, however something weird must have happened when transferring it ...

visudo + how to enable user to delete any file under /var/log/http

I want to enable user - "Ertop" to delete any file or directory under /var/log/http by update the visudo I have redhat machine version 6.x user name is Ertop I set the following in visudo but not ...

Running systemd-tty-ask-password-agent without sudo

We have user home directories that are automatically mounted via autofs through LDAP. Every time a user wants to cd into their home directory, we get an error message as follows: Please enter password ...

SaltStack: /etc/sudo: /bin/systemctl vs /usr/bin/systemctl

We use SaltStack for configuration management since some weeks. How to handle the distribution specific location of systemctl? On Ubuntu: /bin/systemctl On SuSE: /usr/bin/systemctl At the moment I ...

Sudoers in LDAP, sudoHost ALL except for few hosts

We have a Sudo Rule defined as follows: sudoHost: ALL sudoCommand: ALL Now we want to exclude few hosts from the sudoHost: ALL. How do we do that? ALL is inventory of 100s of hosts that changes ...

Why am I unable to execute command as another user in CentOs?

On a remote server, it used to be the case that it was possible to execute a command as another user using the sudo -u command but lately, I have been unable to accomplish this. When I do I receive ...

SUDO Keeps promting for password, when using SSSD with AD

Hi I am trying to setup SSSD to authenticate to AD on RHEL. I able able to login with my AD user and password and see my groups when I run id. But when I try to use sudo, it just keeps prompting for ...

Is there a way in Linux where one non root user can check if another non root user is using OpenSSL or not without sudo permission?

Consider this scenario where User-A and User-B are both non-root user are running inside a server. User-A is running different Program P1 (pid-2814),P2(pid-2815) whereas User-B is running different ...

How to set the sudoers in centos desktop?

In centos6.8, even set the default desktop background need the root password, then I use sudo function in my company 500 laptops. james01 ALL=(ALL) NOPASSWD: sbin/route, /sbin/ifconfig, /bin/...

Ansible-galaxy not working with sudo

I'm having problems instaling plugins with ansible-galaxy. I've tried 3 things: Instaling without sudo: ansible-galaxy install sfromm.epel [WARNING]: - sfromm.epel was NOT installed successfully: ...

Executing Vpopmail Command using a Web Application

I have implemented php with fastcgi and enabled suexec but when I run below command in using php: shell_exec("sudo /home/vpopmail/bin/vadddomain harizon.com password "); its not executing. When I ...

Configure email for incorrect sudo password

I can't find any information on mail_badpass specified in /etc/sudoers and whether this is configurable. I'd like to make the emails a bit more readable and hopefully add more information in there ...

Parse error in sudoers file

I've created a user called kafka to whom I am trying to give a sudo access to run only /etc/init.d/kafka commands. I added the following entry to /etc/sudoers.d/kafka via Ansible: kafka ALL = ...

CentOS 7 Virsh - Allow Non Sudo Users to Interface with QEMU / KVM / Virtual Machines

Is there a way to allow non sudo users access to KVM QEMU virtual machines in CentOS 7? I want to allow a non-root user to manage KVM guest virtual machines without having sudo access. Mainly, I'd ...

Allow www-data to use another user - sudo or ssh

I would like to allow my PHP script (hosted with apache2) to execute commands with another user account. I don't want another website hosted on the server to be able to connect to that another user ...

Sudo inside for loop?

In a standard bash shell, I was trying to cat a file from several users' home directories which are on a root-squashed NFS mount so I couldn't just read them as root : sudo -u userA cat ~userA/blah ...

Sudoers entry doesn't effect on script execution

I have added entry to the sudoers to allow execute a script without typing jdoe ALL=(ALL) NOPASSWD: /usr/bin/doveadm but when user jdoe is trying to execute /usr/bin/doveadm acl get -u jdoe@...

ssh -t -t sudo displays back my password

My problem is about executing sudo over SSH. I have tried various things, but non works. Here is my script: ssh my-host /bin/bash << EOF # some commands... sudo -u my-user -s -- << EOFF ...

Linux: set up for remote sysadmin

Every now and then I get the odd request to provide remote support, troubleshooting and/or performance tuning on Linux systems. Larger companies often already have well established procedures to ...

How do I allow a normal user to restart a supervisor group without password?

I am trying to allow a user in the group deployer to restart a supervisor group without a password; this is the content of my /etc/sudoers.d/deploy: %deployer ALL=(ALL:ALL) NOPASSWD:/usr/sbin/service ...

Use SSH to copy remote files to local NAS drive

I'm looking to create a script that logs into a machine and pulls back files to a NAS server. The files will be put into a compressed file as it downloads. Because the script will be looking to ...

uninstalled cracklib-dicts, sudo gone, how to recover

I was trying to install the packer utility to build AWS AMI's. However it was conflicting with a builtin utility of the same name, which is part of the cracklib-dicts package. I used yum to remove ...

I changed the owner of sudo. Is it possible to change it back to root?

Title says it all. I was copy-paste troubleshooting and I accidentally changed the owner of sudo from root to my username. No I can't sudo because: sudo: effective uid is not 0, is sudo installed ...

Permission denied when executing perl via sudo

Command: ssh user@testhost "sudo -u tester env PERL5LIB=/home/tester/perl5/lib/perl5 /home/tester/perl5/bin/testperl" Result: Can't locate testperl.pm: Permission denied at /home/mogile/perl5/...

Restrict Files from sudo User

(Developer here - relative novice in the sysadmin world). Does anyone know of a way that files can be restricted (no read, write, or execute access) from the sudo user? A little background on the ...

can't login as root on a remote Redhat Server

I am currently working on a remote RedHat server(RHEL version 6.7 x86_64). I can login as a user by using userID and password which is provided by the server administrator. But when I try to login as ...

Can I manage sudoers from Open Directory?

I have configured Open Directory & integrated it with Microsoft Active Directory so that the users sync with Open Directory. Now I want to manage sudo commands from Open Directory. Is this ...

How to force sudo to use existing kerberos ticket?

Ok, so I'm using Windows Server 2012 as a Domain Controller. I've connected two Centos7 clients to the domain via samba. Authentication works as expected via SSH; however, when attempting to sudo, ...

sudo: pam_wheel(sudo:auth): unknown option

[ Background ] I have a Red Hat Enterprise Linux 6.8 machine running on Dell R720. This machine runs MicroStrategy 10 Intelligence server. There are some home-grown scripts to stop, start and ...

Confusing e-mail related to sudo

My system occasionally sends me this email. (My domain has been replaced with [DOMAIN] and my username has been replaced with [USERNAME].) Subject: *** SECURITY information for [DOMAIN] *** [DOMAIN]...

Ubuntu 16.04 Node/ NVM - cannot sudo gulp (where is the .profile for sudo)?

I have installed NVM on an ubuntu server so that it is easy to change node versions. The install is working fine, and I insert nvm use 5.12.0 in the users .profile so the default nvm is in play. I ...

sudo for any user to another user with same login name + string

Is it possible to allow any user to sudo as another user where target username is same as original username, but ending with a specific string? For example, if there are 100 users such as: bdole ...

Configuring Debian for multiple web apps and admins

I became a single admin for a Debian server on VPS with two web apps running. First web app, let's call it "niceone", is in /srv/niceone, and there is user niceone whose home directory /srv/niceone is....

How to Disable sudo contacting ldap searver

I have trouble when I execute a sudo command as non-root user I get this error sudo: ldap_start_tls_s(): Can't contact LDAP server. How can I disable sudo to use local file instead of ldap server. ...

Permission to read a specific file with sudo

For reasons, I need to read /root/.ssh/authorized_keys with a user who hasn't the right to read it. Obviously, I can't change the rights (nor the ACL) of the file, because ssh wouldn't like it. I ...

effective uid is not 0, is sudo installed setuid root? [duplicate]

I am using a cloud server of godaddy & I don't have root password. My master user has root access through sudo. I was trying to create another user and set permission for a specific directory. I'...

How do I list virsh networks without sudo?

I noticed a strange behavior on one machine using Debian that I can't reproduce on another machine running Ubuntu. When listing virsh networks as an ordinary user, it shows an empty list: ~$ virsh ...

sudo: /usr/bin/systemctl vs /bin/systemctl

Up to now, we have two lines in our sudoers file, since systemctl is sometimes in /usr/bin and sometimes in /bin (depending on the linux distro): foo ALL = NOPASSWD: /usr/bin/systemctl restart ...

sudo -S sh -c “bash” <passwordfile returns immediately

I have a script which opens terminal windows and sends commands to them. Some of these had to run as root so I would send them this command sudo sh -c 'do_stuff && bash' This would run some ...
Translating... 0%