Unable to sudo

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
prince_mallow
Posts: 14
Joined: 2010/06/02 19:58:51

Unable to sudo

Postby prince_mallow » 2010/06/02 20:09:22

Hello everyone,

I am trying to implement a new policy for our server in that we should no longer login as root but rather sudo when we need certain commands. However the guides online don't cover everything which is leading to a very frustrating time.

Where I am at now
I created a User and was able to make sshkeys for this user

What I am unable to do is make this user be able to sudo

Code: Select all

sudo cd /root/
Password:<root password>
Sorry, try again.
Password:<user password>
Sorry, try again.
Password:<sshkey password>
Sorry, try again.
sudo: 3 incorrect password attempts

and have him access other places on the server such as
/root/ - Permission Denied

I added the following in the sudoer file

Code: Select all

user ALL=(root) ALL

after a long read but still no avail (which btw is there a need to restart some sort of sudo daemon, I restarted the whole server since I couldn't find one)

:-(

gerald_clark
Posts: 10604
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Unable to sudo

Postby gerald_clark » 2010/06/02 20:22:48

Did you use visudo?

prince_mallow
Posts: 14
Joined: 2010/06/02 19:58:51

Re: Unable to sudo

Postby prince_mallow » 2010/06/02 20:25:48

gerald_clark wrote:
Did you use visudo?


Yes I did, but I only saved it, i'm not sure if I was suppose to pass it through something to parse and look at it before saving.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Unable to sudo

Postby pschaff » 2010/06/02 20:59:32

visudo is supposed to parse the file on exit and check for syntax errors. See "man visudo".

Your problem seems to be with the password authentication (it should use the user password, and not ssh key phrase) and not sudo itself. Can you log on as that user with the password?

prince_mallow
Posts: 14
Joined: 2010/06/02 19:58:51

Re: Unable to sudo

Postby prince_mallow » 2010/06/02 21:06:28

pschaff wrote:
visudo is supposed to parse the file on exit and check for syntax errors. See "man visudo".

Your problem seems to be with the password authentication (it should use the user password, and not ssh key phrase) and not sudo itself. Can you log on as that user with the password?


I disabled the ability to log in though password authentication but I re-enabled it and tried to make sure and I successfully logged on as the user without the keys.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Unable to sudo

Postby pschaff » 2010/06/02 21:11:19

Hmmm - don't know if that might break sudo. Did you try the sudo with password authentication enabled?

prince_mallow
Posts: 14
Joined: 2010/06/02 19:58:51

Re: Unable to sudo

Postby prince_mallow » 2010/06/02 21:18:38

pschaff wrote:
Hmmm - don't know if that might break sudo. Did you try the sudo with password authentication enabled?


Nope, I still have the same errors of not having the right password

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Unable to sudo

Postby pschaff » 2010/06/02 21:20:55

That seems to be a contradiction. If you did not try it, how do you know that is not the problem?

prince_mallow
Posts: 14
Joined: 2010/06/02 19:58:51

Re: Unable to sudo

Postby prince_mallow » 2010/06/02 21:22:55

I'm sorry I don't understand?

I reenabled the password authentication to try what you suggested and then did sudo and I got the same

sudo cd /root/
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
Sorry, try again.
sudo: 3 incorrect password attempts

prince_mallow
Posts: 14
Joined: 2010/06/02 19:58:51

Re: Unable to sudo

Postby prince_mallow » 2010/06/02 21:25:06

If it helps I created the user doing this:


1. ssh to your server as root
2. Create a user: /usr/sbin/useradd user
3. Expire ther user immediately: /usr/bin/chage -d 0 user
4. Set blank password: /usr/sbin/usermod -p "" user
5. If you want to set the user's password:

* su user
* passwd




and I changed the /etc/securetty to only have console and vc/1 not commented


Return to “CentOS 4 - Server Support”

Who is online

Users browsing this forum: No registered users and 2 guests