01-10-2011
Can't sudo Using Group Permission
All:
I'm having a problem with sudo on Solaris 5.10 that is giving me fits (and BTW, I'm a Linux admin by trade...).
The issue is that I have a number of users (myself included) that cannot sudo to root to complete user admin tasks. Assuming the user is jdoe, and the group with the elevated permissions is called useradmins, here is what the configurations look like (sorry - had to change the details due to confidentiality stuff...):
/etc/passwd entry:
jdoe:x:26199:26199::/home/jdoe:/usr/bin/bash
/etc/group entries:
useradmins::15:user1,user2,user3,user4,user5,user6,user7
useradmins::15:user8,user9,jdoe,user10
jdoe::26199:
Relevant section of /usr/local/etc/sudoers
# All unix users in the sysadmin group get to run what eveah
%useradmins ALL=(ALL) ALL
And some command line fun and games:
[root@solbox ~]# id jdoe
uid=26199(jdoe) gid=26199(jdoe)
[root@solbox ~]# groups jdoe
jdoe useradmins
Some things of interest...
> Yes, there are two useradmins groups, both with the same gid. I found some postings from the Google that reference a line-length limit, and that some people have overcome this by creating a second entry for the group. We're at roughly 260 chars on the first line of the file, so I'm not sure why there are two entries.
> I suspect the issue surrounds the id and groups commands. groups shows me as a member of my own personal group, as well as a member of the useradmins group. id, on the other hand shows no useradmins membership.
> When I tried a truss -f id jdoe, I don't see anything in the output that leads me to see anything returning an error code. There are numerous door_info and door_call calls which are a complete enigma to me, but each returns a 0 (presumably, success?)
Any help is appreciated.
10 More Discussions You Might Find Interesting
1. Solaris
hi folks,
I've been googling for quite some time, but still can't find anything near it...my problem is the following:
for useradministration in our company we are using ssh/sudo, now whenever I try to add users (we have quite a number of users) with useradd -G groupname for secondary group I... (4 Replies)
Discussion started by: poli
4 Replies
2. UNIX for Dummies Questions & Answers
I have an executable that had permissions set to 700. I changed this to 770 and added a user to the group in an attempt to allow that userds to run the file. Obviously this didnt work or I wouldnt be here.
Do I need to cause the group file to be re-read and if so how, or am I misunderstanding... (6 Replies)
Discussion started by: thumper
6 Replies
3. UNIX for Dummies Questions & Answers
folks;
How can i give a group a sudo permission to execute only some command "like start/stop Apache", so every user in that group can sudo to use this as himself, i mean when he tries to sudo, he will be asked for a password (and make it so he must use his own NT password not a generic one) then... (6 Replies)
Discussion started by: Katkota
6 Replies
4. Shell Programming and Scripting
I need to find all the files that have group Read or Write permission or files that have user write permission.
This is what I have so far:
find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}'
It shows me all files where group read = true, group write = true... (5 Replies)
Discussion started by: shunter63
5 Replies
5. Solaris
HI friends can i know how to assign sudo permission to normal user in solaris, and if not i want to assign few commands like format,user creation to normal user, i want to share few permission to normal user towork like a root in $ prompt. (2 Replies)
Discussion started by: kurva
2 Replies
6. Solaris
Hi,
I'm trying to provide "/usr/bin/kill -HUP" command to one of the user using sudo file. I have configured sudo as following:
$cat /etc/sudoers
User_Alias AA=conadmin
Cmnd_Alias KILL1=/usr/bin/kill -HUPAA ALL=NOPASSWD:KILL1
When I login as the user and execute 'sudo -l' command, it... (2 Replies)
Discussion started by: mohzub
2 Replies
7. UNIX for Dummies Questions & Answers
Hi all,
I have to grant sudo permission to a user.
I have searched online and find that /etc/sudoers file needs to be changed with visudo command. As i am new to linux, this is not clear to me. Can anybody take an example and show me how exactly this done.
Thanks in advance! (2 Replies)
Discussion started by: lramsb4u
2 Replies
8. Solaris
I'm looking for some suggestions to accomplish what a specific user needs, without adding them to the "sudoers" group. I have X user, that is requesting to be able to change file permissions on items owned by others and search directories where X user doesn't have access. I'm open to any... (2 Replies)
Discussion started by: Nvizn
2 Replies
9. Solaris
How can I add user with Sudo permission in solaris 9 ? I'm new in Solaris (2 Replies)
Discussion started by: ahmednoaman
2 Replies
10. SuSE
Hi All,
I have created a openSUSE 12.3 VM in my VirtualBox. I have created one user and added that user to my group.
Is there any command by which I can add that user to sudoers user group like we do in ubuntu?
#sudo adduser user1 sudo
I checked the /etc/groups file, but there is no sudo... (1 Reply)
Discussion started by: sanzee007
1 Replies
LEARN ABOUT LINUX
normality
normality(5) File Formats Manual normality(5)
NAME
normality - definition of what types of normalities different users may have.
SYNOPSIS
/etc/normality
DESCRIPTION
The normality configuration file has a rather simple syntax, as shown in the diagram in the next section. Some things to remember is that
the normality file's influence is inversely proportional to the user's cluefulness and that, in certain cirumstances, modification of the
normality file can and will be considered immoral.
NORMALITY GRAMMAR
<normality file> := <normality file> <line> |
;
<line> := <normality type> ': ' <userlist> |
<normality type> '! ' <userlist> |
<normality type> '= ' <normality tags> |
<comment>
<normality type> := [A-Z][a-zA-Z0-9]+
<userlist> := <username> ', ' <userlist> ';0 |
<username> ';0
<normality tags> := <normality tag> ', ' <normality tags> ';0 |
<normality tag> ';0
<normality tag> := 'marriage' |
'love-relation' |
'nice-job' |
'money' |
'spare-time' |
'friends' |
'no-pager' |
'vacation'
<comment> := '#' .* '0
SEMANTICS
It is expected that you specify all normality types before you start assigning (or disassigning) users to (or from) them. That is so the
system can do an easier consistency check of the specification.
Let's say that we have a system with three normality types, foo, bar and gazonk and two users, cucumber and onion.
Now, a line like "foo! onion;" would exclude onion from having any of the real-life things specified by the foo type, even if that (or
those) things appear in another normality type. So, the disallow syntax overrides the allow syntax (specified by "<type>: <username>...").
There is always an implicit type named ``all'', that contains all normality tags.
For all system administrators, you have an implicit rule, "all! asr".
EXAMPLES
# Normality file for a sad system
# Our users are onion, cucumber, jdoe, jrl and washu
animetype= love-relation, nice-job, friends, spare-time;
notworst= love-relation, nice-job, friends;
sysadm= friends;
# All normality types we will use are declared
# Now let's do the magic stuff...
all: jdoe, jrl;
animetype: washu;
sysadm: cucumber;
all! onion;
# Now, this is fairly easy, OK?
WARNINGS AND BUGS
This file messes with the real world, so a bit of caution is recommended. Newer versions of the chastise(3) library function modifies this
file on-the-fly.
Has a tendecy to create small discontinuities in the velvet of reality whenever there are syntax errors in the normality file.
AUTHOR
This sick idea was put down in *roff format by Ingvar Mattsson, as a contribution to the alt.sysadmin.recovery man page collection.
4th Berkeley Distribution Release 0.001 alpha normality(5)