Sponsored Content
Operating Systems Solaris Sudo Not working on Solaris 10 Post 302949014 by SolarisRSA on Monday 6th of July 2015 03:26:48 AM
Old 07-06-2015
Sudo Not working on Solaris 10

Hi All, im a bit new to Solaris 10 iv been working on Redhat and cant seem to get the sudo working on Solaris 10Smilie

Iv installed the below packages via pkgadd command:

The below script I wrote to add the user and edit the sudoers file so that the ccsadmin user can execute the commands listed.

 echo "WARNING this script will add user CCSADMIN and Modify permissions to M&R user this server, with predefined passwords, The script will delay for 10secs before it will start
 to create accounts"
 echo "############################## `sleep 5`############################"
 echo "Now adding and Modifying Users"
 useradd -d /export/home/ccsadmin -m -s /bin/bash -c "CCS user for Compliance Scanning" ccsadmin
 groupadd ccsadmin
 mkdir /export/home/ccsadmin/.ssh
 cd /export/home/ccsadmin
 chown -R ccsadmin:ccsadmin .
 chmod 700 /export/home/ccsadmin/.ssh
 touch /export/home/ccsadmin/.ssh/authorized_keys
 echo "ssh-dss AAAAB3NzaC1kc3MAAACAabEQZiLgxkqz+a3RNl6xI4l26R8fVtzK74bbcVQjTTDwIjz08+aoyPmdiSe7HoO2wKuy/MlWATP0dgtmtGsr755Aj98xg09bm1OwajSbtN2OBBWvq9HvSIdq/yi02SFKQXnxtp1mlSuqueoTLJiO7aceCysEcixRV9VD2lOnljMAAAAVALhTIYQmRkAXJhO+eYM4rm6TieYTAAAAgCWLg+2v16Br7re0IbZHc3juja4Wv6PNKekFmOz/r/1yR9X3S1vFiqlTnhHndRzmgwmPUIH6S1u1szSWC6ldRRyliydt5suot7uvxoAw7qT58r4hVbTl3/q5twCJWfW7xMzKyAwRy6Ssxg4LsxMZd2VClpJZGBqwj1E19Xa9CPyQAAAAgFyj/qnT1CyahPWGppgtL3TbyelZr9/NMvT86xfsVOjwM6rowXLp3mepMDN77IL71/6tQYj5qcHxynFlwBZK5cPqu7YdYpB6Ss23Z0kBzUwEolZaQXesZ/4p7AkhDKjk+md31cpqFpXdpYEgdXGy6TCUJ200vrB1xFtb6aVeMar8 CCS dsa-key-20110210" >> /export/home/ccsadmin/.ssh/authorized_keys
 echo "ssh-dss AAAAB3NzaC1kc3MAAACBAMdMrR0Pq7qhn0MI00ZJjCtsJ8rvAWMz7iaBjHZfs78Iy4SIkYS/rOXfZN+YhBlB9WGYmRVnbdEHe/w8zE4wYtRCiF7Xcyh9xFpK0bxJiKFDeQMLDdyiCGpkx85oyy/w466iWNNIzTTiZAE1pOe6KFf6IlNBGJfl4dMe0xlSluKNAAAAFQC+sGFXibhXHT8dKdIr7GX+13pl3QAAAIEAw9f4bs0AMsWN3gYbD4rdrg40Xlop559BW/G6SVcQ9KtS8QZAV2UbbceJnuESAacPUqQVB3NJGi34QuWrVMfOd4plpzi5sK8uyl0lqHGqZODC9uXQxmaKtNoZEcdfoD1v3nvFDiZxFiBDJpvRrmjLTrnVjL7pBQvqmLNMZDRlGvEAAACADqys82qDYpcPifGf2NLl5kuyHz0JpKz+qdI57sOX3dUDFyzLCaPAAG23vd+LRb9PPfNLvJ988t5B+M4kKD91WbNUz3AL0S20j15h6WAMFYpTdkO4k/4391XY28DLs5lxUNGgQEbrIdZqLp5vKPL59gzFRwLDzZjAPa3g4KtD65A= TripWire nCircle" >> /export/home/ccsadmin/.ssh/authorized_keys
 chmod 644 /export/home/ccsadmin/.ssh/authorized_keys
 chown -R ccsadmin:ccsadmin /export/home/ccsadmin/.ssh/authorized_keys
 sleep 3
 echo "Adjusting CCSADMIN Sudoers file"
 cp /usr/local/etc/sudoers /usr/local/etc/sudoers.backup
 echo '#######################'>> /usr/local/etc/sudoers
 echo '## Adding ccsadmin and relevant command permissions'>> /usr/local/etc/sudoers
 NVCMDS, NOEXEC: /usr/bin/find, /usr/bin/uptime, /usr/bin/uname, /usr/sbin/dig, /usr/bin/cat, /usr/sbin/ifconfig, /usr/bin/date, /usr/bin/grep, /usr/bin/who, /usr/bin/ypwhich, /us
 r/bin/ps,  /usr/bin/ls, /usr/bin/who, /usr/bin/id, /usr/bin/strings, /usr/bin/file, /usr/sbin/df, /usr/bin/cksum, /usr/bin/runat, /usr/bin/pkginfo, /usr/sbin/patchadd, /usr/bin/n
 etstat, /usr/bin/rpcinfo, /usr/sbin/sysdef, /usr/sbin/routeadm, /usr/sbin/ndd, /usr/bin/mdb, /usr/bin/egrep, /usr/sbin/eeprom, /usr/bin/ulimit -a, /usr/sbin/pkgchk, /usr/bin/svcs
 , /usr/bin/ls, /usr/bin/cut' >> /usr/local/etc/sudoers
 echo '## End of ccsadmin entry'>> /usr/local/etc/sudoers
 echo '#######################'>> /usr/local/etc/sudoers
 exit $?    #Exit with status 0 (successful. To check this, do echo $? after script execute

This is the Standard Sudoers File

 root@tcipidc01 # cat /usr/local/etc/sudoers
 # sudoers file.
 # This file MUST be edited with the 'visudo' command as root.
 # See the sudoers man page for the details on how to write a sudoers file.
 # Host alias specification
 # User alias specification
 # Cmnd alias specification
 # Defaults specification
 Defaults logfile=/var/log/sudo.log
 # Runas alias specification
 # User privilege specification
 root    ALL=(ALL) ALL
 ccsadmin        ALL=(ALL) ALL
 hillsro         ALL=(ALL) ALL
 # Uncomment to allow people in group wheel to run all commands
 # %wheel        ALL=(ALL)       ALL
 %sysadmin  ALL=(ALL) ALL
 # Same thing without a password
 # %wheel        ALL=(ALL)       NOPASSWD: ALL
 %sysadmin  ALL=(ALL) ALL
 # Samples
 # %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
 # %users  localhost=/sbin/shutdown -h now
 root@tcipidc01 #

After the script edit the sudoers file it looks like this below:

 [root@THC-A-01_NET0 08:48:36 /]#cat /usr/local/etc/sudoers
 ## sudoers file.
 ## This file MUST be edited with the 'visudo' command as root.
 ## Failure to use 'visudo' may result in syntax or file permission errors
 ## that prevent sudo from running.
 ## See the sudoers man page for the details on how to write a sudoers file.
 ## Host alias specification
 ## Groups of machines. These may include host names (optionally with wildcards),
 ## IP addresses, network numbers or netgroups.
 # Host_Alias    WEBSERVERS = www1, www2, www3
 ## User alias specification
 ## Groups of users.  These may consist of user names, uids, Unix groups,
 ## or netgroups.
 # User_Alias    ADMINS = millert, dowdy, mikef
 ## Cmnd alias specification
 ## Groups of commands.  Often used to group related commands together.
 # Cmnd_Alias    PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
 #                           /usr/bin/pkill, /usr/bin/top
 ## Defaults specification
 ## You may wish to keep some of the following environment variables
 ## when running commands via sudo.
 ## Locale settings
 # Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
 ## Run X applications through sudo; HOME is used to find the
 ## .Xauthority file.  Note that other programs use HOME to find
 ## configuration files and this may lead to privilege escalation!
 # Defaults env_keep += "HOME"
 ## X11 resource path settings
 ## Desktop path settings
 # Defaults env_keep += "QTDIR KDEDIR"
 ## Allow sudo-run commands to inherit the callers' ConsoleKit session
 # Defaults env_keep += "XDG_SESSION_COOKIE"
 ## Uncomment to enable special input methods.  Care should be taken as
 ## this may allow users to subvert the command being run via sudo.
 ## Uncomment to enable logging of a command's output, except for
 ## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
 # Defaults log_output
 # Defaults!/usr/bin/sudoreplay !log_output
 # Defaults!/usr/local/bin/sudoreplay !log_output
 # Defaults!/sbin/reboot !log_output
 ## Runas alias specification
 ## User privilege specification
 root ALL=(ALL) ALL
 ## Uncomment to allow members of group wheel to execute any command
 # %wheel ALL=(ALL) ALL
 ## Same thing without a password
 ## Uncomment to allow members of group sudo to execute any command
 # %sudo ALL=(ALL) ALL
 ## Uncomment to allow any user to run sudo if they know the password
 ## of the user they are running the command as (root by default).
 # Defaults targetpw  # Ask for the password of the target user
 # ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
 ## Read drop-in files from /usr/local/etc/sudoers.d
 ## (the '#' here does not indicate a comment)
 #includedir /usr/local/etc/sudoers.d
 ## Adding ccsadmin and relevant command permissions
 ccsadmin ALL=(ALL) SETENV: NOPASSWD: SECURITY, NETWORKING, SOFTWARE, SERVICES, LOCATE, STORAGE, DELEGATING, PROCESSES, DRIVERS, !SU, !ACTIVEADMCMDS, !SYSADMCMD, ADMINCMD, ENVCMDS, NOEXEC: /usr/bin/find, /usr/bin/uptime, /usr/bin/uname, /usr/sbin/dig, /usr/bin/cat, /usr/sbin/ifconfig, /usr/bin/date, /usr/bin/grep, /usr/bin/who, /usr/bin/ypwhich, /usr/bin/ps,  /usr/bin/ls, /usr/bin/who, /usr/bin/id, /usr/bin/strings, /usr/bin/file, /usr/sbin/df, /usr/bin/cksum, /usr/bin/runat, /usr/bin/pkginfo, /usr/sbin/patchadd, /usr/bin/netstat, /usr/bin/rpcinfo, /usr/sbin/sysdef, /usr/sbin/routeadm, /usr/sbin/ndd, /usr/bin/mdb, /usr/bin/egrep, /usr/sbin/eeprom, /usr/bin/ulimit -a, /usr/sbin/pkgchk, /usr/bin/svcs, /usr/bin/ls, /usr/bin/cut
 ## End of ccsadmin entry
 ## Adding ccsadmin and relevant command permissions
 ccsadmin ALL=(ALL) SETENV: NOPASSWD: SECURITY, NETWORKING, SOFTWARE, SERVICES, LOCATE, STORAGE, DELEGATING, PROCESSES, DRIVERS, !SU, !ACTIVEADMCMDS, !SYSADMCMD, ADMINCMD, ENVCMDS, NOEXEC: /usr/bin/find, /usr/bin/uptime, /usr/bin/uname, /usr/sbin/dig, /usr/bin/cat, /usr/sbin/ifconfig, /usr/bin/date, /usr/bin/grep, /usr/bin/who, /usr/bin/ypwhich, /usr/bin/ps,  /usr/bin/ls, /usr/bin/who, /usr/bin/id, /usr/bin/strings, /usr/bin/file, /usr/sbin/df, /usr/bin/cksum, /usr/bin/runat, /usr/bin/pkginfo, /usr/sbin/patchadd, /usr/bin/netstat, /usr/bin/rpcinfo, /usr/sbin/sysdef, /usr/sbin/routeadm, /usr/sbin/ndd, /usr/bin/mdb, /usr/bin/egrep, /usr/sbin/eeprom, /usr/bin/ulimit -a, /usr/sbin/pkgchk, /usr/bin/svcs, /usr/bin/ls, /usr/bin/cut
 ## End of ccsadmin entry

Please advise on how I can get the ccsadmin user to run the sudo commands.


Last edited by jim mcnamara; 07-06-2015 at 12:31 PM..

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

sudo chmod not working

now running mac os x 10.53 and sudo chmod comes back with : operation not permitted. sample file: -rwxr-xr-x+ 1 1000 com.apple.monitor_all_services 276592 Jun 8 2007 342345.tif i am running as root. (1 Reply)
Discussion started by: Movomito
1 Replies

2. Shell Programming and Scripting

Sudo command not working with cron job.

Hello, I have written a script that has a sudo command to change file permissions within it. When I run the script manually, the sudo command inside of it works fine. When the script is run through crontab I get the error "cron: not found". It the same user profile that I am using... (6 Replies)
Discussion started by: WhotheWhat
6 Replies

3. UNIX for Dummies Questions & Answers

sudo apt-get install build-essential not working

it asks for password and then following is displayed Reading package lists... Done Building dependency tree Reading state information... Done E: Couldn't find package build-essential what should i do to install g++ compiler? (4 Replies)
Discussion started by: sparkle
4 Replies

4. Shell Programming and Scripting

sudo + ulimit not working ?

When I use sudo with ulimit there is an error but if I use ulimit without sudo there is no error. In bash: user1@debian:~$ sudo -u user2 -H ulimit -S -c unlimited sudo: ulimit: command not found user1@debian:~$ user1@debian:/home/user1$ ulimit -S -c unlimited user1@debian:/home/user1$... (3 Replies)
Discussion started by: cyler
3 Replies

5. Shell Programming and Scripting

sudo chmod not working through script

Legends, I am trying sudo chmod from one shell to different machine. but getting the error. Please let me know if there is any way to do this. A#pk} for i in Bl1 Brl1 >> do >> echo $i >> ssh $i sudo chmod 755 /etc/services >> done Bl1 Password: bash: sudo: command not found ... (2 Replies)
Discussion started by: sdosanjh
2 Replies

6. Shell Programming and Scripting

sudo inside a here document not working

Have a sudo statement inside of a here document. It prompts me for a password, but doesnt wait for me to enter my password. Is there a way I can use the command without sudo or anyway that I can enter the password correctly? Eg : while read remotehost do ssh -t $2@$remotehost <<REMOTE... (13 Replies)
Discussion started by: mnanavati
13 Replies

7. Red Hat

sudo is not working properly

This is the first time for using sudo for me. # visudo ## Allows people in group admin to run all commands %admin ALL=(ALL) ALL # groupadd admin # useradd temp # usermod -a -G admin temp # id temp uid=506(temp) gid=506(temp) groups=506(temp),507(admin) # #sudo... (5 Replies)
Discussion started by: getrue
5 Replies

8. Shell Programming and Scripting

sudo su - user not working

Hi All, I need your expertise to solve my problem, my account has permission to make sudo and su but when I try to switch user in a shell, it does not work with following message: "Sorry, user jmbeltra is not allowed to execute '/usr/bin/su -c echo HELLO THERE - oracle' as root on dbbr1k01" I... (4 Replies)
Discussion started by: Axtel
4 Replies

9. Shell Programming and Scripting

How to automatically run commands after SSH and SUDO not working?

I'm working on a script to SSH and SUDO as (sap user sidadm) then automatically run commands that the sidadm user can run such as R3trans -v, tp, etc.. I can SSH without password and SUDO.. but the commands don't run after I SSH and SUDO to the sidadm user...here is the commands that I've... (2 Replies)
Discussion started by: icemanj
2 Replies

10. Solaris

Sudo not working on LDAP client machine

Hi, I have configured ldap manually on solaris 10/11 machine with below entries: # ldapclient list |grep sudo NS_LDAP_SERVICE_SEARCH_DESC= sudoers:ou=SUDOers,dc=exm,dc=ple,dc=com # cat /etc/nsswitch.conf |grep -i sudo sudoers: files ldap # But groups available in LDAP server... (8 Replies)
Discussion started by: Sridaran
8 Replies
All times are GMT -4. The time now is 12:56 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy