Unable to sudo

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Unable to sudo

Postby pschaff » 2010/06/03 00:11:51

So, did you verify that you can log in as a user, with the password set, using the password, on one of the securetty devices? Can you then, without changing anything else, use sudo?

It would be best to get things working first, before all the security changes, then make incremental changes and test.

prince_mallow
Posts: 14
Joined: 2010/06/02 19:58:51

Re: Unable to sudo

Postby prince_mallow » 2010/06/03 13:53:38

pschaff wrote:
So, did you verify that you can log in as a user, with the password set, using the password, on one of the securetty devices? Can you then, without changing anything else, use sudo?

It would be best to get things working first, before all the security changes, then make incremental changes and test.


Yes I logged in as a user with the password set and using the password.
As to the securetty devices, I use ssh/putty and I have the tty/1 enabled only and I can log into that with a password no problem.
But I am still unable to sudo

(This is a Virtual Private Server btw, so I guess I don't have strait access to the console)

I've never been able to sudo with this user even before I set the security measures, I just don't know which setting needs to be modified in order to let him in. I am willing to make a completely new user if it would make things easier to analyze and see where things are going wrong..

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Unable to sudo

Postby pschaff » 2010/06/03 14:02:24

Creating another new user might be worth a try. I am unable to see where you are going wrong. Putting an entry in /etc/sudoers like

Code: Select all

pschaff    ALL=(ALL)       ALL
with visudo works for me. Doesn't matter if it is a local login or via ssh with a key, as long as I give the correct user password when prompted by sudo.

Since you belatedly mention a VPS - are you sure it is true CentOS? Have you read the following?
Other Voices
When CentOS Is Not CentOS
Broken Virtual Server

Please read How to provide information about your system and show the results of ./getinfo.sh package.

prince_mallow
Posts: 14
Joined: 2010/06/02 19:58:51

Re: Unable to sudo

Postby prince_mallow » 2010/06/03 14:06:42

is this the best way to make a new user?

1. ssh to your server as root
2. Create a user: /usr/sbin/useradd user
3. Expire ther user immediately: /usr/bin/chage -d 0 user
4. Set blank password: /usr/sbin/usermod -p "" user
5. If you want to set the user's password:

* su user
* passwd

gerald_clark
Posts: 10595
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: Unable to sudo

Postby gerald_clark » 2010/06/03 14:24:00

As root:
passwd user

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Unable to sudo

Postby pschaff » 2010/06/03 14:35:25

Agree. So that makes the abbreviated procedure:

Code: Select all

1. ssh to your server as root
2. create a user: /usr/sbin/useradd user
3. passwd user

prince_mallow
Posts: 14
Joined: 2010/06/02 19:58:51

Re: Unable to sudo

Postby prince_mallow » 2010/06/03 19:01:19

Oh sorry I didn't see those links before
Alas I do not have a real Centos
uname -r
2.6.18-028stab064.7

If your kernel version looks likes this 2.6.18-92.1.13.el5.028stab059.6 you have custom-made kernel, usually from a virtualization project. This is not a standard CentOS kernel, so you are not running a real CentOS.

The rpm -qv & -av return results

Oh here we go, It's the Parallels Virtualization One...

root@xxxxx [~/support]# less /tmp/basedata.X16208
== BEGIN uname -rmi ==
2.6.18-028stab064.7 i686 i386
== END uname -rmi ==

== BEGIN rpm -q centos-release ==
centos-release-4-8
== END rpm -q centos-release ==

== BEGIN getenforce ==
Disabled
== END getenforce ==


----------------------------------------------------


here's what I did
/usr/sbin/useradd userx
passwd userx

visudo
Under where it says "root ALL=(ALL) ALL"
userx ALL=(ALL) ALL

root@server # su userx
{it doesn't ask for a password}

userx@server # su root
Bash: /bin/su: Permission denied


userx@server [/root]# sudo root
Password: (userx pass)
Sorry, try again.
Password: (userx pass)
Sorry, try again.
Password: (userx pass)
Sorry, try again.
sudo: 3 incorrect password attempts

scratching my head in frustration

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Unable to sudo

Postby pschaff » 2010/06/03 19:10:11

prince_mallow wrote:
...
root@server # su userx
{it doesn't ask for a password}
...
scratching my head in frustration

Me too. Grasping at straws, but what happens if instead of "su userx" as root you do

Code: Select all

ssh userx@server

OR

ssh userx@localhost

Log in with the password, and if that works, then try sudo. If it doesn't work, then the problem is with basic authentication and not related directly to sudo.

prince_mallow
Posts: 14
Joined: 2010/06/02 19:58:51

Re: Unable to sudo

Postby prince_mallow » 2010/06/03 19:27:12

Well this is weird

root@server [~]# ssh userx@server
Password:
Password:
Password:
userx@server's password:
Permission denied, please try again.
userx@server's password:
Received disconnect from xx.xxx.xxx.xxx: 2: Too many authentication failures for userx


What does this mean?

prince_mallow
Posts: 14
Joined: 2010/06/02 19:58:51

Re: Unable to sudo

Postby prince_mallow » 2010/06/03 20:21:14

Modified /etc/ssh/sshd_config

added to Allow users the userx

This allowed me to log in via ssh as userx via

ssh userx@server

but sudo root returns the same
sorry, try again
3 incorrect password attempts


Return to “CentOS 4 - Server Support”

Who is online

Users browsing this forum: No registered users and 1 guest