Login or Register to Ask a Question and Join Our Community


AIX

Sudo issue

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Sudo issue
# 1  
Old 09-11-2014
Sudo issue
Hello!

I have this weird issue that started lately.
I'm login as normal user lets call it "guy" and I type the command:
Code:
sudo cat /etc/passwd

what happens next is this reply in the command line:
I'm not getting any prompt to enter password. (I don't have the "nopasswd" see the attachment image for the output:

How can I fix this? it was working before, the last thing that happen is a bad shutdown.

Thanks a lot
Sudo issue-aixjpg
Last edited by rbatte1; 09-11-2014 at 06:42 AM.. Reason: Added CODE tags, capital letters and apostrophes
# 2  
Old 09-11-2014
The first part of the message is the greeting banner for new sudo users. To me it seems that the configuration file for "sudo" (per default "/etc/sudoers") is not accessible for some reason (which might include corruptness).

Log in as root and check this file. Try a "visudo" as root and check the contents of the fle, then save it back.

I hope this helps.

bakunin
# 3  
Old 09-11-2014
Hi bakunin,
and thanks for your reply.

The sudoers file is OK I tried to save it again didn't help also I tried to copy it from another working aix7 machine also didn't help.
Last edited by rbatte1; 09-11-2014 at 06:44 AM.. Reason: Spelling and capital letters
# 4  
Old 09-11-2014
Can you share the contents of /etc/sudoers? I suspect that there is a misconfiguration somewhere which means that the rules are invalid and the default is to refuse.

Please wrap code and data input/output in CODE tags, like this:-
Quote:
[CODE]This is my code[/CODE]
to produce the following (fixed character width, space respected):-
Code:
This is my code

Not only does it make posts far easier to read, but CODE and ICODE sections respect multiple space and have fixed width characters, which is important for easily seeing input/output requirements.





Thanks, in advance,
Robin
# 5  
Old 09-11-2014
[code] dffd

---------- Post updated at 05:06 AM ---------- Previous update was at 05:01 AM ----------

sorry this is the whole file

Code:
 
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Runas alias specification

# User privilege specification
root	ALL=(ALL) ALL
yossi1	ALL=ALL
yossi   ALL = ALL
alex	AIX = ALL
XXX	AIX53DEV = ALL
XXXSudoWithPass		ALL = ALL
XXXSudoWithoutPass	ALL=(ALL) NOPASSWD: ALL



### XXX TEAM ###
logon ALL=(ALL)		ALL
logon4 ALL=(ALL)	ALL
logon5 ALL=(ALL)	ALL
logon9 ALL=(ALL)	NOPASSWD: ALL
logon28 ALL=(ALL)	ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel	ALL=(ALL) ALL

# Same thing without a password
# %wheel	ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
prod    ALL = NOPASSWD: /usr/bin/rpm,/bin/cp,/bin/mkdir,/bin/rm,/bin/chmod,/usr/bin/mv
s       ALL = NOPASSWD: /usr/bin/rpm,/bin/cp,/bin/mkdir,/bin/rm,/bin/chmod,/usr/bin/mv
devyoav  ALL= NOPASSWD: /usr/bin/rpm,/bin/cp,/bin/mkdir,/bin/rm,/bin/chmod,/usr/bin/mv,/usr/bin/smitty
devtXXX ALL=(ALL) ALL
XXX ALL=(ALL) ALL
XXX_1 ALL=(ALL) ALL

---------- Post updated at 05:15 AM ---------- Previous update was at 05:06 AM ----------

my problem is with the user logon
# 6  
Old 09-11-2014
It does seem rather permissive at first glance. Maybe I'm just paranoid, but you have Fourteen accounts that can do whatever they like and a further three with restricted access, however all of them could edit replace the sudoers file and therefore do whatever they like too. If they can chmod, they can make it world writeable, edit it and then set the permissions back. With mv and cp, they can simply overwrite the sudoers file, or any file, such as /etc/passwd or /etc/security/passwd even.

Entries in this file should be very carefully considered and grant just the bare minimum required to do the job. if there are partial commands that you want to allow, e.g. cp in some directories but not in others, then you would be better to script up what they are allowed and grant them sudo privileges to run your script. Make sure that your script is secure from tampering too!

Developers just love having access to everything because it makes things easy, but security is like birth control - it gets in the way, but if your are caught out it can be very expensive to manage the impact. Smilie



That said, I don't immediately see anything syntactically wrong. You don't have a user guy defined though, so I will do some testing with others.

I don't suppose you were logged in or sued to an account not listed were you?



Robin
Last edited by rbatte1; 09-11-2014 at 07:24 AM.. Reason: Final question
# 7  
Old 09-11-2014
Thanks Robin,
this environment is for testing only thats why we dont care about permissions.
if you are saying that nothing wrong with the file, so what else can cause the issue with the sudo command? for the example i do sudo command in a user name "logon" i dont get any prompt to enter credentials and then i get the error that you see in the attached picture in the first post...
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Sudo access issue

Hi, I have given access to user mwadmin in shudders file as : mwadmin ALL:NOPASSWD:/www/* /usr/* /opt/* However, not able to execute below command: sudo mkdir -p /usr/test password for mwadmin: Sorry, user mwadmin is not allowed to execute '/bin/mkdir -p /usr/test' as root. ... (4 Replies)
Discussion started by: saurau
4 Replies

2. Linux

Sudo issue

Dear All, I wanted to execute sqlplus using another user instead of oracle user. I have given user AA sudo permissions in such a way that it can execute all oracle related files. when i try the below command from user AA ,it is not working. sudo -u oracle sh -c sqlplus Error 6... (1 Reply)
Discussion started by: jegaraman
1 Replies

3. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error. Command: sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh Error: sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies

4. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi All, I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing "sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies

5. AIX

issue with cd command on sudo

Hi admins, I have installed sudo in aix 5.3 and configured sudoers file.Every command is working fine with sudo except cd . If i give sudo cd /etc/security it returns nothing.There is no pwd change and no any error messages. sudo -l command returns all executables including cd. sudo ls... (8 Replies)
Discussion started by: newaix
8 Replies

6. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

7. UNIX for Dummies Questions & Answers

sudo login issue

I logged in through ssh, but can't re-login as root. sudo login Arch login: root Password: Login incorrect Arch login: But I am sure my password is right. Why? But on local tty1, this works. (2 Replies)
Discussion started by: vistastar
2 Replies

8. Shell Programming and Scripting

Issue in passing passwd to login into a sudo account

Hi Gurus, I have small issue... I used to pass the passwd for sudo commands like below, gzcat ~/passwd.gz | sudo su - <villin> >> eof ------ ----- ------ eof And it was able to login into "villin" sudo account successfully. But now, I'm using the same in another script for the... (2 Replies)
Discussion started by: raghu.iv85
2 Replies

9. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies

10. UNIX for Dummies Questions & Answers

Sudo permission issue

folks; How can i give a group a sudo permission to execute only some command "like start/stop Apache", so every user in that group can sudo to use this as himself, i mean when he tries to sudo, he will be asked for a password (and make it so he must use his own NT password not a generic one) then... (6 Replies)
Discussion started by: Katkota
6 Replies
Login or Register to Ask a Question