[lug] sudoers Failure Q

stimits at comcast.net stimits at comcast.net
Mon Jul 10 16:04:00 MDT 2017


I think you found something...wheel is not listed. However, my user is in "/etc/group", and I've not manually edited anything. Earlier I did use usermod to add to other groups (such as dialout and modem for use with some serial UARTs going to embedded hardware)...and those match the group file...I have no idea why it is ignoring the file now (it should be read on every single sudo command, not just at login...plus that user and group have existed together since the creation of the operating system...at no time has this user ever not been in wheel). I'll try adding the user to wheel even though the user is already there...then maybe the groups command will work.
 
Rebooting and trying in a few minutes...
 
----- Original Message -----From: Jeffrey S. Haemer <jeffrey.haemer at gmail.com>To: Boulder (Colorado) Linux Users Group -- General Mailing List <lug at lug.boulder.co.us>Sent: Mon, 10 Jul 2017 21:40:55 -0000 (UTC)Subject: Re: [lug] sudoers Failure Q



If you run groups(1), does it say you're in wheel?If you add just your own login, as a plain user, to the sudoers file, does that let you in?


(That is, is it a problem related to groups or to wheel, or is it a problem with sudo-ing in general? Just trying to narrow down the problem.)

Could it be an SELinux problem? (Oh argh.) This is what my RHEL 7 box says:

$ ls -lZ /etc/sudoers-r--r-----. root root system_u:object_r:etc_t:s0       /etc/sudoers$ ls -lZ /usr/bin/sudo---s--x--x. root root system_u:object_r:sudo_exec_t:s0 /usr/bin/sudo


Is /etc/sudoers being read? Last access is "ls -ulrt /etc/sudoers" , though you may have to touch the file as root, then sleep for a minute before trying. (Maybe it's looking in the wrong place.)


If you're on the console, instead of a terminal, can you sudo? (Is it set to prohibit sudo from a terminal?)
After you su, to become root, can you sudo? (Perhaps sudo just hates you.)

More grasping at straws, but who knows?





On Mon, Jul 10, 2017 at 2:13 PM, <stimits at comcast.net> wrote:

Hi,
 
The addition to wheel was added during install. Since then I've logged out and back in many times. It just seems like the config is being ignored. The file was never edited, and only viewed with visudo to see what was in it (no changes made). Permissions of "/etc/sudoers" should be correct, it is (seems like a bug in the installer or sudo):
-r--r-----. 1 root root 3245 Jun  1 05:08 /etc/sudoers


 
----- Original Message -----From: Stephen Queen <svqueen at gmail.com>To: Boulder (Colorado) Linux Users Group -- General Mailing List <lug at lug.boulder.co.us>Sent: Mon, 10 Jul 2017 19:47:47 -0000 (UTC)Subject: Re: [lug] sudoers Failure Q

Just a quick stab, once the user was added to the wheel group, did you log out in then back in? /etc/group is only processed at login.

On Mon, Jul 10, 2017 at 1:30 PM, <stimits at comcast.net> wrote:

Hi,
 
I've gone ahead and installed Fedora 25 (KDE spin) since my F23 home is gone and I needed F25 upgrade anyway. However, I seem to have run into an sudo bug. My user is in wheel group, and sudoers file allows ALL for %wheel. The user was set as administrator during install. I can "su -" and become root, but no matter what, any sudo from my user results in this:
myname is not in the sudoers file.  This incident will be reported.
 
This is absolutely wrong...the user is in wheel, the wildcard %wheel should allow this. Is there a known Fedora 25 install bug for this, or some trick needed to authorize sudo beyond wheel membership in F25 which was not required in F23? FYI, permissions on "/usr/bin/sudo" are:
---s--x--x. 1 root root 147360 Jun  1 05:11 /usr/bin/sudo* 
Thanks!
_______________________________________________

Web Page:  http://lug.boulder.co.us

Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety






_______________________________________________

Web Page:  http://lug.boulder.co.us

Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

-- 



Jeffrey Haemer <jeffrey.haemer at gmail.com>720-837-8908 [cell], @goyishekop [twitter]


פרייהייט? דאס איז יאַנג דינען וואָרט!








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20170710/65879635/attachment.html>


More information about the LUG mailing list