Page 1 of 3

Unable to sudo

Posted: 2010/06/02 20:09:22
by prince_mallow
Hello everyone,

I am trying to implement a new policy for our server in that we should no longer login as root but rather sudo when we need certain commands. However the guides online don't cover everything which is leading to a very frustrating time.

Where I am at now
I created a User and was able to make sshkeys for this user

What I am unable to do is make this user be able to sudo

Code: Select all

sudo cd /root/
Password:<root password>
Sorry, try again.
Password:<user password>
Sorry, try again.
Password:<sshkey password>
Sorry, try again.
sudo: 3 incorrect password attempts

and have him access other places on the server such as
/root/ - Permission Denied

I added the following in the sudoer file

Code: Select all

user ALL=(root) ALL

after a long read but still no avail (which btw is there a need to restart some sort of sudo daemon, I restarted the whole server since I couldn't find one)

:-(

Unable to sudo

Posted: 2010/06/02 20:22:48
by gerald_clark
Did you use visudo?

Re: Unable to sudo

Posted: 2010/06/02 20:25:48
by prince_mallow
gerald_clark wrote:
Did you use visudo?


Yes I did, but I only saved it, i'm not sure if I was suppose to pass it through something to parse and look at it before saving.

Re: Unable to sudo

Posted: 2010/06/02 20:59:32
by pschaff
visudo is supposed to parse the file on exit and check for syntax errors. See "man visudo".

Your problem seems to be with the password authentication (it should use the user password, and not ssh key phrase) and not sudo itself. Can you log on as that user with the password?

Re: Unable to sudo

Posted: 2010/06/02 21:06:28
by prince_mallow
pschaff wrote:
visudo is supposed to parse the file on exit and check for syntax errors. See "man visudo".

Your problem seems to be with the password authentication (it should use the user password, and not ssh key phrase) and not sudo itself. Can you log on as that user with the password?


I disabled the ability to log in though password authentication but I re-enabled it and tried to make sure and I successfully logged on as the user without the keys.

Re: Unable to sudo

Posted: 2010/06/02 21:11:19
by pschaff
Hmmm - don't know if that might break sudo. Did you try the sudo with password authentication enabled?

Re: Unable to sudo

Posted: 2010/06/02 21:18:38
by prince_mallow
pschaff wrote:
Hmmm - don't know if that might break sudo. Did you try the sudo with password authentication enabled?


Nope, I still have the same errors of not having the right password

Re: Unable to sudo

Posted: 2010/06/02 21:20:55
by pschaff
That seems to be a contradiction. If you did not try it, how do you know that is not the problem?

Re: Unable to sudo

Posted: 2010/06/02 21:22:55
by prince_mallow
I'm sorry I don't understand?

I reenabled the password authentication to try what you suggested and then did sudo and I got the same

sudo cd /root/
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
Sorry, try again.
sudo: 3 incorrect password attempts

Re: Unable to sudo

Posted: 2010/06/02 21:25:06
by prince_mallow
If it helps I created the user doing this:


1. ssh to your server as root
2. Create a user: /usr/sbin/useradd user
3. Expire ther user immediately: /usr/bin/chage -d 0 user
4. Set blank password: /usr/sbin/usermod -p "" user
5. If you want to set the user's password:

* su user
* passwd




and I changed the /etc/securetty to only have console and vc/1 not commented