Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Can't sudo Using Group Permission
Operating Systems Solaris Can't sudo Using Group Permission Post 302486851 by rjlohman on Monday 10th of January 2011 12:35:00 PM
Old 01-10-2011
Can't sudo Using Group Permission
All:

I'm having a problem with sudo on Solaris 5.10 that is giving me fits (and BTW, I'm a Linux admin by trade...).

The issue is that I have a number of users (myself included) that cannot sudo to root to complete user admin tasks. Assuming the user is jdoe, and the group with the elevated permissions is called useradmins, here is what the configurations look like (sorry - had to change the details due to confidentiality stuff...):

/etc/passwd entry:
jdoe:x:26199:26199::/home/jdoe:/usr/bin/bash

/etc/group entries:
useradmins::15:user1,user2,user3,user4,user5,user6,user7
useradmins::15:user8,user9,jdoe,user10
jdoe::26199:

Relevant section of /usr/local/etc/sudoers
# All unix users in the sysadmin group get to run what eveah
%useradmins ALL=(ALL) ALL

And some command line fun and games:
[root@solbox ~]# id jdoe
uid=26199(jdoe) gid=26199(jdoe)
[root@solbox ~]# groups jdoe
jdoe useradmins

Some things of interest...

> Yes, there are two useradmins groups, both with the same gid. I found some postings from the Google that reference a line-length limit, and that some people have overcome this by creating a second entry for the group. We're at roughly 260 chars on the first line of the file, so I'm not sure why there are two entries.
> I suspect the issue surrounds the id and groups commands. groups shows me as a member of my own personal group, as well as a member of the useradmins group. id, on the other hand shows no useradmins membership.
> When I tried a truss -f id jdoe, I don't see anything in the output that leads me to see anything returning an error code. There are numerous door_info and door_call calls which are a complete enigma to me, but each returns a 0 (presumably, success?)

Any help is appreciated.
 

10 More Discussions You Might Find Interesting

1. Solaris

entry in /etc/group too long - problem using sudo with %group

hi folks, I've been googling for quite some time, but still can't find anything near it...my problem is the following: for useradministration in our company we are using ssh/sudo, now whenever I try to add users (we have quite a number of users) with useradd -G groupname for secondary group I... (4 Replies)
Discussion started by: poli
4 Replies

2. UNIX for Dummies Questions & Answers

group permission

I have an executable that had permissions set to 700. I changed this to 770 and added a user to the group in an attempt to allow that userds to run the file. Obviously this didnt work or I wouldnt be here. Do I need to cause the group file to be re-read and if so how, or am I misunderstanding... (6 Replies)
Discussion started by: thumper
6 Replies

3. UNIX for Dummies Questions & Answers

Sudo permission issue

folks; How can i give a group a sudo permission to execute only some command "like start/stop Apache", so every user in that group can sudo to use this as himself, i mean when he tries to sudo, he will be asked for a password (and make it so he must use his own NT password not a generic one) then... (6 Replies)
Discussion started by: Katkota
6 Replies

4. Shell Programming and Scripting

Find all files with group read OR group write OR user write permission

I need to find all the files that have group Read or Write permission or files that have user write permission. This is what I have so far: find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}' It shows me all files where group read = true, group write = true... (5 Replies)
Discussion started by: shunter63
5 Replies

5. Solaris

sudo permission

HI friends can i know how to assign sudo permission to normal user in solaris, and if not i want to assign few commands like format,user creation to normal user, i want to share few permission to normal user towork like a root in $ prompt. (2 Replies)
Discussion started by: kurva
2 Replies

6. Solaris

sudo for permission kill -HUP

Hi, I'm trying to provide "/usr/bin/kill -HUP" command to one of the user using sudo file. I have configured sudo as following: $cat /etc/sudoers User_Alias AA=conadmin Cmnd_Alias KILL1=/usr/bin/kill -HUPAA ALL=NOPASSWD:KILL1 When I login as the user and execute 'sudo -l' command, it... (2 Replies)
Discussion started by: mohzub
2 Replies

7. UNIX for Dummies Questions & Answers

grant sudo permission

Hi all, I have to grant sudo permission to a user. I have searched online and find that /etc/sudoers file needs to be changed with visudo command. As i am new to linux, this is not clear to me. Can anybody take an example and show me how exactly this done. Thanks in advance! (2 Replies)
Discussion started by: lramsb4u
2 Replies

8. Solaris

Sudo Privileges & Sudoers Group

I'm looking for some suggestions to accomplish what a specific user needs, without adding them to the "sudoers" group. I have X user, that is requesting to be able to change file permissions on items owned by others and search directories where X user doesn't have access. I'm open to any... (2 Replies)
Discussion started by: Nvizn
2 Replies

9. Solaris

Adding user with Sudo permission in solaris 9

How can I add user with Sudo permission in solaris 9 ? I'm new in Solaris (2 Replies)
Discussion started by: ahmednoaman
2 Replies

10. SuSE

How to add a new user to sudo group in openSuse 12.3?

Hi All, I have created a openSUSE 12.3 VM in my VirtualBox. I have created one user and added that user to my group. Is there any command by which I can add that user to sudoers user group like we do in ubuntu? #sudo adduser user1 sudo I checked the /etc/groups file, but there is no sudo... (1 Reply)
Discussion started by: sanzee007
1 Replies

LEARN ABOUT FREEBSD

audit_user

AUDIT_USER(5)						      BSD File Formats Manual						     AUDIT_USER(5)

NAME

     audit_user -- events to be audited for given users

DESCRIPTION

     The audit_user file specifies which audit event classes are to be audited for the given users.  If specified, these flags are combined with
     the system-wide audit flags in the audit_control(5) file to determine which classes of events to audit for that user.  These settings take
     effect when the user logs in.

     Each line maps a user name to a list of classes that should be audited and a list of classes that should not be audited.  Entries are of the
     form:

	   username:alwaysaudit:neveraudit

     In the format above, alwaysaudit is a set of event classes that are always audited, and neveraudit is a set of event classes that should not
     be audited.  These sets can indicate the inclusion or exclusion of multiple classes, and whether to audit successful or failed events.  See
     audit_control(5) for more information about audit flags.

     Example entries in this file are:

	   root:lo,ad:no
	   jdoe:-fc,ad:+fw

     These settings would cause login/logout and administrative events that are performed on behalf of user ``root'' to be audited.  No failure
     events are audited.  For the user ``jdoe'', failed file creation events are audited, administrative events are audited, and successful file
     write events are never audited.

IMPLEMENTATION NOTES

     Per-user and global audit preselection configuration are evaluated at time of login, so users must log out and back in again for audit
     changes relating to preselection to take effect.

     Audit record preselection occurs with respect to the audit identifier associated with a process, rather than with respect to the UNIX user or
     group ID.	The audit identifier is set as part of the user credential context as part of login, and typically does not change as a result of
     running setuid or setgid applications, such as su(1).  This has the advantage that events that occur after running su(1) can be audited to
     the original authenticated user, as required by CAPP, but may be surprising if not expected.

FILES

     /etc/security/audit_user

SEE ALSO

     login(1), su(1), audit(4), audit_class(5), audit_control(5), audit_event(5)

HISTORY

     The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
     2004.  It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.

AUTHORS

     This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc.  Addi-
     tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.

     The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.

BSD
								  January 4, 2008							       BSD
All times are GMT -4. The time now is 09:39 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy