Thursday, January 13, 2011

sudo denied - what is missing?

I did the following:

  • Added user to sys group. (usermod -g sys liveuser)

  • Verified user in sys group (I had to log out and log in to see changes in terminal even though I was seeing users and groups in the GUI tool)

  • Used su mode to edit the sudoers file via visudo (:wq once verified) file to give %sys (user group) various permissions including the DELEGATING command group that includes, among others, the permission to run usr/sbin/visudo (%sys ALL = SOFTWARE, DELEGATING, .... etc)

  • Verified that file was successfully edited

  • Exited su mode and tried to run visudo.

No success. Still says liveuser is not privileged to run visudo as root. Scanned several articles and the man file and could not find anything else. What is missing?? Thanks

  • Did you try to logout and login again? This is required to become a member of the group you added your user to.

    From Bob
  • This leads me to believe that 'visudo' is not really in the group that you think it is (NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS). Have you checked to ensure that /usr/sbin/visudo is a real file (not a symlink)?

    I'm on CentOS 5, but the configuration should be very similar. My configuration for DELEGATING is:

    ## Delegating permissions
    Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
    

    If this is Fedora Core 10, as the tag suggests, try changing the user to group 'wheel' and un-commenting the line that says:

    ## Allows people in group wheel to run all commands
    %wheel  ALL=(ALL)       ALL
    

    If that works, then sudo is working properly. As another user recommends, when logged in as 'liveuser', you still need to run:

    sudo visudo
    
    From Joe
  • Exited su mode and tried to run visudo

    Does this mean you typed visudo or sudo visudo to invoke visudo? If the former, use the latter.

    If the latter, you may modify the liveuser so that the privileged group is their primary group. I'm sorry, that's a bit of a sort in the dark, but worth a try for debugging.

    From msanford
  • Have you attempted this command?

    Are you trying:

    sudo visudo

    or

    sudo /user/sbin/visudo

    This makes a difference.

  • Looks like this question was transferred from SO so I am unable to edit it. Anyhow, the error I was making was that I did not use the proper syntax: "sudo visudo". Instead after exiting su, I was just typing visudo. It is always the smallest error! Anyhow, thank you all for the helpful responses.

    Bill Weiss : Link your accounts (in the "accounts" tab of your profile page) and you'll be able to edit and mark an answer.
    From

0 comments:

Post a Comment