Sudo is not woking on my centos7.3

Post by **TrevorH** » 2017/08/10 08:38:58

Well that has nothing to do with the current problem but I would never recommend turning it off completely. To re-enable it you will need to edit the /etc/sysconfig/selinux file and set it to permissive then touch /.autorelabel and reboot to force a full filesystem relabel of all files. When that's done, edit the same file again and set it to enforcing and repeat.

xq10907 · Post by **xq10907** » 2017/08/10 09:53:03

finished selinux configuration,yes sudo is not working still,the weird thing is that even i set nopasswd for test user,sudo is asking password again

Code: Select all

[root@ark-centos-smb4 ~]# grep test /etc/sudoers
test ALL=(ALL) NOPASSWD: ALL

suspect authentication setting affect sudo behavior? see 2017-08-10_024724.png
Thanks

xq10907 · Post by **xq10907** » 2017/08/17 07:23:43

funny,root user is also refused by system

Code: Select all

[root@ark-centos-smb4 ~]# sudo ls /root
root is not allowed to run sudo on ark-centos-smb4.  This incident will be reported.

Post by **TrevorH** » 2017/08/17 08:15:41

Are you using visudo to edit your sudoers file?

xq10907 · Post by **xq10907** » 2017/08/17 08:29:27

yes i believe that's what i always did,and /etc/sudoers has no error

Code: Select all

[root@ark-centos-smb4 ~]# visudo -c
/etc/sudoers: parsed OK
/etc/sudoers.d/arkgrp-users: parsed OK

another question how can i recover centos? it seems doesn't supply the option at boot

Post by **TrevorH** » 2017/08/17 08:53:41

There should be a "rescue" kernel on the grub menu but otherwise you have to boot the installation media and use the rescue option off the "Troubleshooting" menu.

xq10907 · Post by **xq10907** » 2017/08/17 09:01:29

ok let's focus on sudo,rescue seems complicated...
thanks

Post by **TrevorH** » 2017/08/17 09:29:56

Check /var/log/secure and /var/log/messages for clues perhaps.

xq10907 · Post by **xq10907** » 2017/08/18 05:04:25

collected contents of /var/log/messages, /var/log/secure during running sudo command as test user, the useful info seems limited...

Code: Select all

[root@ark-centos-smb4 ~]# su - test
Last login: Thu Aug 17 20:37:56 PDT 2017 on pts/0
[test@ark-centos-smb4 ~]$ sudo ls
[sudo] password for test:
test is not in the sudoers file.  This incident will be reported.

/var/log/messages content:

Code: Select all

Aug 17 22:01:21 ark-centos-smb4 nslcd[988]: [901466] <group/member="root"> ldap_result() failed: Operations error: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
Aug 17 22:01:21 ark-centos-smb4 nslcd[988]: [901466] <group/member="root"> ldap_result() failed: Operations error: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece

/var/log/secure result:

Code: Select all

Aug 17 22:02:15 ark-centos-smb4 sudo:    test : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/test ; USER=root ; COMMAND=/bin/ls

xq10907 · Post by **xq10907** » 2017/08/22 01:51:46

figured out,sudo only has ldap in name service setting, see following

Code: Select all

[root@ark-centos-smb4 /]# grep sudo /etc/nsswitch.conf
sudoers:        ldap

since i have sssd configued so change to following to let sudo working for local users,domain users

Code: Select all

 [root@ark-centos-smb4 ~]# grep sudo /etc/nsswitch.conf
#sudoers:       ldap
sudoers:    files sss ldap

CentOS

Sudo is not woking on my centos7.3

Re: Sudo is not woking on my centos7.3

Re: Sudo is not woking on my centos7.3

Re: Sudo is not woking on my centos7.3

Re: Sudo is not woking on my centos7.3

Re: Sudo is not woking on my centos7.3

Re: Sudo is not woking on my centos7.3

Re: Sudo is not woking on my centos7.3

Re: Sudo is not woking on my centos7.3

Re: Sudo is not woking on my centos7.3

Re: Sudo is not woking on my centos7.3