Full Discussion: Sudo error on AIX 7.1
Operating Systems AIX Sudo error on AIX 7.1 Post 303041491 by System Admin 77 on Monday 25th of November 2019 04:51:59 PM
Old 11-25-2019
Update: Re-installed sudo in the same way.





Code:
[root@AIXLPAR]/>ls -ltr /opt/freeware/libexec/sudo/sudoers.so
-rw-r--r--    1 root     system      2262416 Sep 12 06:26 /opt/freeware/libexec/sudo/sudoers.so



[root@AIXLPAR]/>which sudo
/usr/bin/sudo
[root@AIXLPAR]/>/usr/bin/sudo -V
Sudo version 1.8.27
Configure options: --prefix=/opt/freeware --sbindir=/opt/freeware/sbin --libdir=/opt/freeware/lib --mandir=/opt/freeware/man --with-logging=syslog --with-logfac=auth --with-pam --with-pam-login --with-env-editor --with-ignore-dot --with-aixauth --with-tty-tickets --with-ldap --with-ldap-conf-file=/opt/freeware/etc/openldap/ldap.conf
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so:     0509-022 Cannot load module /opt/freeware/lib/libldap.a(libldap-2.4.so.2).
        0509-150   Dependent module /opt/freeware/lib/libssl.a(libssl.so) could not be loaded.
        0509-152   Member libssl.so is not found in archive
        0509-022 Cannot load module /opt/freeware/libexec/sudo/sudoers.so.
        0509-150   Dependent module /opt/freeware/lib/libldap.a(libldap-2.4.so.2) could not be loaded.
sudo: fatal error, unable to load plugins
[root@AIXLPAR]/>

--- Post updated at 05:51 PM ---

@Neo

please see the below output

Code:
[root@AIXLPAR]/>ls -l /opt/freeware/libexec/sudo/
total 10000
-rw-r--r--    1 root     system         1008 Sep 12 06:26 group_file.la
-rw-r--r--    1 root     system       480311 Sep 12 06:26 group_file.so
-rw-r--r--    1 root     system          990 Sep 12 06:26 libsudo_util.la
lrwxrwxrwx    1 root     system           21 Nov 25 16:41 libsudo_util.so -> libsudo_util.so.0.0.0
lrwxrwxrwx    1 root     system           21 Nov 25 16:41 libsudo_util.so.0 -> libsudo_util.so.0.0.0
-rwxr-xr-x    1 root     system      1422797 Sep 12 06:26 libsudo_util.so.0.0.0
-rw-r--r--    1 root     system          953 Sep 12 06:27 sudo_noexec.la
-rw-r--r--    1 root     system       474192 Sep 12 06:27 sudo_noexec.so
-rw-r--r--    1 root     system         1018 Sep 12 06:26 sudoers.la
-rw-r--r--    1 root     system      2262416 Sep 12 06:26 sudoers.so
-rw-r--r--    1 root     system         1020 Sep 12 06:27 system_group.la
-rw-r--r--    1 root     system       449242 Sep 12 06:27 system_group.so
[root@AIXLPAR]/>

Code:
[root@AIXLPAR]/>lslpp -l | grep -i "ldap"
[root@AIXLPAR]/>rpm -qa | grep -i "ldap"
openldap-2.4.45-1.ppc
[root@AIXLPAR]/>

 

10 More Discussions You Might Find Interesting

1. AIX

Install sudo on AIX 5.3

I'm trying to install sudo on AIX 5.3. I don't have a compiler on my machine, so I was trying to find a binary. The one found at http://www.bullfreeware.com/listaix52.html that is supposed to work for 5.3 even though it was compiled on 5.2. The issue is I'm new to AIX and could not figure out how... (3 Replies)
Discussion started by: sphericon
3 Replies

2. AIX

Sudo error

I want give a user "sar" permission, so I modify the sudoers file: unix1 is the group for users can use sar command Cmnd_Alias RUN_SAR = /usr/sbin/sar User_Alias UNIX1_USERS = %unix1 UNIX1_USERS ALL = NOPASSWD:RUN_SAR However, when I run sar command, it shows: $ sar 1 4 sar: The... (1 Reply)
Discussion started by: rainbow_bean
1 Replies

3. UNIX for Advanced & Expert Users

sudo su error

Hello, I am logging to a server using username 'test'. I want to execute some commands as user test2. When I am trying to run `sudo su - test2 -c 'ls'` it gives error user 'test' is not allowed to run sudo in host. But when I login into the account 'test2' using sudo su - test2 all these... (6 Replies)
Discussion started by: karayan
6 Replies

4. AIX

AIX 5.3 sudo bootinfo

I am trying to understand why I get "0" returned when I run the command sudo bootinfo -r. I know bootinfo isn't really supported in versions higher then AIX 4.2. I also know that instead of bootinfo -r I could use lsattr -El sys0 -a realmem | awk '{print $2}' and produce the same output as ... (1 Reply)
Discussion started by: maverick9576
1 Replies

5. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

6. AIX

AIX 5.3 Using sudo to control smit

Does anyone have any experience using sudo to control smit on AIX 5.3? These are the smit commands that I want certain users to execute: # Cmnd alias specification Cmnd_Alias SMIT = /bin/smit hacmp, \ /bin/smit pxdam, \ /bin/smit cl_lsuser, \ /bin/smit cl_users, \ /bin/smit cl_passwd ... (5 Replies)
Discussion started by: tharrieswk
5 Replies

7. Cybersecurity

sudo - AIX - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo... (1 Reply)
Discussion started by: Daniel Gate
1 Replies

8. UNIX for Dummies Questions & Answers

Error in Sudo

Hi, I have installed sudo on Solaris 10 (sparc). When I try to add a user I get the following: -bash-3.00$ sudo addusr scarlet sudo sudo: /usr/local/etc/sudoers.d is owned by uid 2, should be 0 Password: I entered a password, thinking it was for the sudo user but it failed. Then I entered the... (3 Replies)
Discussion started by: Scarlet
3 Replies

9. AIX

AIX - remote shell (sudo) - signal 11 core system 50

Hi, I am running a remote shell from site A to site B, where both are AIX. The remote shell starts other application, and when it finishes, it returns to the site A. The problem is that I am receiving an error signal 11 and system core error 50 - segmentation fault. Does anyone know if there are... (6 Replies)
Discussion started by: brjohnsmith
6 Replies

10. Solaris

SUDO error in Solaris: auth.error] fork

I cannot solve the following error bellow. Can someone help me on this please? Mar 31 07:08:45 serverx sudo: fork Mar 31 07:18:50 serverx sudo: fork Mar 31 07:28:45 serverx sudo: fork Mar 31 07:38:47 serverx sudo: fork Mar 31 07:48:45 serverx sudo: fork Mar 31 07:58:45 serverx... (1 Reply)
Discussion started by: pangarano
1 Replies
pam_ssh_agent_auth(8)							PAM						     pam_ssh_agent_auth(8)

PAM_SSH_AGENT_AUTH
       This module provides authentication via ssh-agent.  If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
       the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.

SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys /etc/sudoers: Defaults env_keep += "SSH_AUTH_SOCK" This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in /etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can either be local, or forwarded. Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry. ARGUMENTS
file=<path to authorized_keys> Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below) allow_user_owned_authorized_keys_file A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically whenever the expansions %h or ~ are used. debug A flag which enables verbose logging sudo_service_name=<service name you compiled sudo to use> (when compiled with --enable-sudo-hack) Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER. This defaults to "sudo". EXPANSIONS
~ -- same as in shells, a user's Home directory Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file %h -- User's Home directory Automatically enables allow_user_owned_authorized_keys_file %H -- The short-hostname %u -- Username %f -- FQDN EXAMPLES
in /etc/pam.d/sudo "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" The default .ssh/authorized_keys file in a user's home-directory "auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys" Same as above. "auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys" If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'. "auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file" On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself. "auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys" On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root. v0.8 2009-08-09 pam_ssh_agent_auth(8)

Featured Tech Videos

All times are GMT -4. The time now is 05:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy