Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sudo error on AIX 7.1
Operating Systems AIX Sudo error on AIX 7.1 Post 303041482 by System Admin 77 on Monday 25th of November 2019 02:08:02 PM
Old 11-25-2019
Thanks Neo for the reply.

here is the output

Code:
[root@LPAR]/>ls -ltr /opt/freeware/libexec/sudo/sudoers.so
ls: 0653-341 The file /opt/freeware/libexec/sudo/sudoers.so does not exist.
[root@LPAR]/>ls -ltr /opt/freeware/libexec/
total 0
drwxr-xr-x    3 root     system          256 Jul 11 2018  gcc
[root@LPAR]/>

--- Post updated at 02:35 PM ---

Thanks vbe for your reply. I see this "libssl.a" file only on this LPAR. I will take a look at the link.

But do you guys have any suggestion on installing sudo on AIX 7.1. like how you did in your environment. Till today, it was not really necessary.

--- Post updated at 02:46 PM ---

@neo

Sorry I was trying in different ways, actually uninstalled the below filesets

idsldap.clt32bit64.rte 6.4.0.19 ROOT DEINSTALL SUCCESS
idsldap.clt32bit64.rte 6.4.0.19 USR DEINSTALL SUCCESS
idsldap.clt64bit64.rte 6.4.0.19 ROOT DEINSTALL SUCCESS
idsldap.clt64bit64.rte 6.4.0.19 USR DEINSTALL SUCCESS
idsldap.msg64.en_US 6.4.0.19 USR DEINSTALL SUCCESS
idsldap.cltbase64.adt 6.4.0.19 USR DEINSTALL SUCCESS
idsldap.cltbase64.rte 6.4.0.19 ROOT DEINSTALL SUCCESS
idsldap.cltbase64.rte 6.4.0.19 USR DEINSTALL SUCCESS
idsldap.license64.rte 6.4.0.19 USR DEINSTALL SUCCESS




Thats why it says
[root@LPAR]/>ls -ltr /opt/freeware/libexec/sudo/sudoers.so
ls: 0653-341 The file /opt/freeware/libexec/sudo/sudoers.so does not exist.


otherwise it was there, please see information in my question.

--- Post updated at 03:08 PM ---

We're not using Active directory and ldap in our environment

which of these below files needs to be installed ?
Code:
-rw-r--r--    1 aixuser  staff       1572717 Nov 21 15:04 sudo-1.8.27-3.aix6.1.ppc.rpm
-rw-r--r--    1 aixuser  staff       2260604 Nov 21 16:12 sudo_ids-1.8.27-3.aix6.1.ppc.rpm

 

10 More Discussions You Might Find Interesting

1. AIX

Install sudo on AIX 5.3

I'm trying to install sudo on AIX 5.3. I don't have a compiler on my machine, so I was trying to find a binary. The one found at http://www.bullfreeware.com/listaix52.html that is supposed to work for 5.3 even though it was compiled on 5.2. The issue is I'm new to AIX and could not figure out how... (3 Replies)
Discussion started by: sphericon
3 Replies

2. AIX

Sudo error

I want give a user "sar" permission, so I modify the sudoers file: unix1 is the group for users can use sar command Cmnd_Alias RUN_SAR = /usr/sbin/sar User_Alias UNIX1_USERS = %unix1 UNIX1_USERS ALL = NOPASSWD:RUN_SAR However, when I run sar command, it shows: $ sar 1 4 sar: The... (1 Reply)
Discussion started by: rainbow_bean
1 Replies

3. UNIX for Advanced & Expert Users

sudo su error

Hello, I am logging to a server using username 'test'. I want to execute some commands as user test2. When I am trying to run `sudo su - test2 -c 'ls'` it gives error user 'test' is not allowed to run sudo in host. But when I login into the account 'test2' using sudo su - test2 all these... (6 Replies)
Discussion started by: karayan
6 Replies

4. AIX

AIX 5.3 sudo bootinfo

I am trying to understand why I get "0" returned when I run the command sudo bootinfo -r. I know bootinfo isn't really supported in versions higher then AIX 4.2. I also know that instead of bootinfo -r I could use lsattr -El sys0 -a realmem | awk '{print $2}' and produce the same output as ... (1 Reply)
Discussion started by: maverick9576
1 Replies

5. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

6. AIX

AIX 5.3 Using sudo to control smit

Does anyone have any experience using sudo to control smit on AIX 5.3? These are the smit commands that I want certain users to execute: # Cmnd alias specification Cmnd_Alias SMIT = /bin/smit hacmp, \ /bin/smit pxdam, \ /bin/smit cl_lsuser, \ /bin/smit cl_users, \ /bin/smit cl_passwd ... (5 Replies)
Discussion started by: tharrieswk
5 Replies

7. Cybersecurity

sudo - AIX - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo... (1 Reply)
Discussion started by: Daniel Gate
1 Replies

8. UNIX for Dummies Questions & Answers

Error in Sudo

Hi, I have installed sudo on Solaris 10 (sparc). When I try to add a user I get the following: -bash-3.00$ sudo addusr scarlet sudo sudo: /usr/local/etc/sudoers.d is owned by uid 2, should be 0 Password: I entered a password, thinking it was for the sudo user but it failed. Then I entered the... (3 Replies)
Discussion started by: Scarlet
3 Replies

9. AIX

AIX - remote shell (sudo) - signal 11 core system 50

Hi, I am running a remote shell from site A to site B, where both are AIX. The remote shell starts other application, and when it finishes, it returns to the site A. The problem is that I am receiving an error signal 11 and system core error 50 - segmentation fault. Does anyone know if there are... (6 Replies)
Discussion started by: brjohnsmith
6 Replies

10. Solaris

SUDO error in Solaris: auth.error] fork

I cannot solve the following error bellow. Can someone help me on this please? Mar 31 07:08:45 serverx sudo: fork Mar 31 07:18:50 serverx sudo: fork Mar 31 07:28:45 serverx sudo: fork Mar 31 07:38:47 serverx sudo: fork Mar 31 07:48:45 serverx sudo: fork Mar 31 07:58:45 serverx... (1 Reply)
Discussion started by: pangarano
1 Replies

LEARN ABOUT DEBIAN

lockout

LOCKOUT(1)							      lockout								LOCKOUT(1)

NAME

       lockout - avoid slacking and impose productivity and discipline on yourself

WARNING

       This program is VERY DANGEROUS.	If it fails, you may end up not knowing the root password to your own computer (in which case you need to
       boot into single-user mode).  There are no known reports of this actually happening, but we don't know how stupid you are.  Also, you
       should probably not run this on a multi-user system.

SYNOPSIS

	lockout lock HhMm | Hh | Mm
	lockout lock HH:MM
	lockout lock HH:MMam | HH:MMpm
	lockout lock HHam | HHpm
	lockout lock

	lockout unlock [force]

	lockout status

DESCRIPTION

       Lockout is a tool that imposes discipline on you so that you get some work done.  For example, lockout can be used to install a firewall
       that does not let you browse the Web.  Lockout changes the root password for a specified duration; this prevents you from secretly ripping
       down the firewall and then browsing the Web anyway.  In case of an emergency, you can reboot your computer to undo the effects of lockout
       and to restore the original root password.

       Obviously, lockout lock and lockout unlock can only be run by root.  lockout status can be run by any user.

       lockout without any parameters shows a brief help message.

       lockout lock takes one optional parameter.  If no parameter is given, you are dropped in interactive mode and asked for the duration of the
       lock or the time at which the lock should be lifted.  You can also supply this as a parameter on the command line.  Lockout understands
       various time formats.  You can specify a delay, e.g., 3h (3 hours), 1h30m (1 hour and 30 minutes), or 90m (1 hour and 30 minutes), or you
       can specify absolute time, e.g., 2pm, 2:30am, 15:30, etc.  You will be asked to confirm the time at which lockout will unlock your system.
       If you type "yes", lockout executes /etc/lockout/lock.sh and changes the root password to something completely random.  /etc/lock-
       out/lock.sh is a shell script that you write.  It takes measures to make sure you stop slacking.  For example, it could install a firewall
       that prevents outgoing connections to port 80.  See the "EXAMPLES" section below.

       lockout unlock takes an optional force parameter.  Without any parameters, lockout lock will check whether it is time to unlock the system
       and, if so, executes /etc/lockout/unlock.sh, which is a shell script that you write.  It should undo the effects of /etc/lockout/lock.sh,
       executed when the system was locked.  If you pass the force parameter to lockout unlock, lockout will forcibly unlock your system, whether
       it was really time for that or not.  lockout unlock should be called every minute by cron.  See "CONFIGURATION".

       lockout status will print out the time at which the system is going to be unlocked.

CONFIGURATION

       /etc/cron.d/lockout must contain the following two entries:

	   */1 * * * *	       root    /usr/bin/lockout unlock >/dev/null 2>&1
	   @reboot	       root    /usr/bin/lockout unlock force >/dev/null 2>&1

       The examples that follow assume you are using sudo(8) and you have a file, /etc/lockout/sudoers.normal which is the normal /etc/sudoers
       file, and /etc/lockout/sudoers.lock, which is the /etc/sudoers file when lockout locks your computer.  This example also assumes you are
       using iptables(8).  /var/lib/iptables/active should contain your default firewall rules, and /var/lib/iptables/work should contain the
       firewall rules that enforce discipline.	See below for an example.

       /etc/lock/lock.sh imposes discipline.  For example:

	   #!/bin/sh
	   /etc/init.d/iptables load work
	   cp /etc/lockout/sudoers.lock /etc/sudoers
	   /etc/init.d/sudo stop
	   /etc/init.d/sudo start

       /etc/lock/unlock.sh undoes these effects.  For example:

	   #!/bin/sh
	   /etc/init.d/iptables restart
	   cp /etc/lockout/sudoers.normal /etc/sudoers
	   /etc/init.d/sudo stop
	   /etc/init.d/sudo start

       Your /var/lib/iptables/work may look something like this:

	   *filter
	   :INPUT ACCEPT [1047:99548]
	   :FORWARD ACCEPT [0:0]
	   :OUTPUT ACCEPT [1104:120792]

	   # allow incoming packets from localhost, ntp,
	   # and existing connections
	   -A INPUT -i lo -j ACCEPT
	   -A INPUT -p udp -m udp --source-port ntp -m state --state ESTABLISHED -j ACCEPT
	   -A INPUT -m state --state ESTABLISHED -j ACCEPT
	   -A INPUT -p tcp -j DROP
	   -A INPUT -p udp -j DROP

	   # allow outgoing connections for email and DNS
	   -A OUTPUT -d 127.0.0.1/8 -j ACCEPT
	   -A OUTPUT -p tcp -m tcp --dport smtp -j ACCEPT
	   -A OUTPUT -p tcp -m tcp --dport domain -j ACCEPT
	   -A OUTPUT -p udp -m udp --dport domain -j ACCEPT
	   -A OUTPUT -j DROP
	   COMMIT

EXAMPLES

	   lockout lock 2h30m	[locks out for 2h and 30m]
	   lockout lock 90m	[locks out for 1h and 30m]
	   lockout lock 3pm	[locks out until 3pm]
	   lockout lock 3:20am	[locks out until 3:20am]
	   lockout lock 15:20	[locks out until 3:20pm]

	   lockout status	[shows when the system is going to be unlocked]

FILES

       /etc/lockout/lock.sh: executed when running lockout lock

       /etc/lockout/unlock.sh: executed when running lockout unlock

SEE ALSO

       usermod(8), iptables(8), passwd(1), cron(8), crontab(1)

BUGS

       Arguably, a program that changes the root password to something random with the possibility of never recovering the original password might
       be considered a bug by itself.  Other than that, no known bugs.

AUTHOR

       Thomer M. Gil, http://thomer.com/lockout/

lockout 							    2004-09-08								LOCKOUT(1)
All times are GMT -4. The time now is 10:27 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy