I've got a Solaris 10 host with two zones. When I'm working with sudo on the host, everything is great. Within the zones I had to edit the .profile to include the /usr/local/whatever directory the sudo executable is in. Then, it all worked fine. Sudo grants permissions and the command is performed. But, there's a nasty error message that appears after every use of sudo. See the code below.
Code:
-bash-3.2$ sudo -V
Sudo version 1.8.5p2
Sudoers policy plugin version 1.8.5p2
Sudoers file grammar version 41
Sudoers I/O plugin version 1.8.5p2
-bash-3.2$ sudo cp /etc/skel/.profile /export/home/whatever
Password:
sudo: unable to open /usr/local/var/lib/sudo/<user-id>/4: Read-only file system
-bash-3.2$
Also, and this maybe unrelated, on the host using sudo asks for the password once every few minutes. On the zones, sudo requires the password every time.
DustinT,
Is your zone a full root are spare root? I build mostly build full root zones. To get sudo to work there is a extra step that need to be done. For some reason the linked files that sudo needs become broken, when you build a zone. Do the below command in the zone.
Code:
# ldd /usr/local/bin/sudo
If there are any broken links then you have to fix them. Also make sure you add your user to the the sysadmin group. Below I have a link to a blog post with a how-to on what I mentioned above.
DustinT,
Is your zone a full root are spare root? I build mostly build full root zones. To get sudo to work there is a extra step that need to be done. For some reason the linked files that sudo needs become broken, when you build a zone. Do the below command in the zone.
Code:
# ldd /usr/local/bin/sudo
If there are any broken links then you have to fix them. Also make sure you add your user to the the sysadmin group. Below I have a link to a blog post with a how-to on what I mentioned above.
---------- Post updated at 11:15 AM ---------- Previous update was at 11:14 AM ----------
Quote:
Originally Posted by hergp
In a sparse zone, /usr is usually mounted read-only.
To have a writeable /usr/local/var, you can define a loopback mount in the zone configuration
Code:
zonecfg -z myzone
add fs
set dir=/usr/local/var
set special=/zones/myzone/usr/local/var
set type=lofs
end
verify
commit
exit
You have to create /zones/myzone/usr/local/var in the global zone first, of course.
I'm not sure I understand the context of how this all fits together. What would be the ramifications of making this change?
---------- Post updated at 11:38 AM ---------- Previous update was at 11:15 AM ----------
Ok, I took another stab at the documentation and figured out what you meant. I think this is the right aproach but when I tried it I had some problems.
Code:
-bash-3.2$ sudo zonecfg -z myzone
Password:
zonecfg:myzone> add fs
zonecfg:myzone:fs> set dir=/usr/local/var
zonecfg:myzone:fs> set special=/zones/myzone/usr/local/var
zonecfg:myzone:fs> set type=lofs
zonecfg:myzone:fs> end
zonecfg:myzone> verify
zonecfg:myzone> commit
zonecfg:myzone> exit
-bash-3.2$ zoneadm -z myzone boot
zoneadm: zone 'myzone': only a privileged user may boot a zone.
-bash-3.2$ sudo zoneadm -z myzone boot
could not verify fs /usr/local/var: could not access /zones/myzone/usr/local/var: No such file or directory
zoneadm: zone myzone failed to verify
-bash-3.2$
Quote:
Originally Posted by hergp
In a sparse zone, /usr is usually mounted read-only.
To have a writeable /usr/local/var, you can define a loopback mount in the zone configuration
Code:
zonecfg -z myzone
add fs
set dir=/usr/local/var
set special=/zones/myzone/usr/local/var
set type=lofs
end
verify
commit
exit
You have to create /zones/myzone/usr/local/var in the global zone first, of course.
DustinT,
Sorry that my fix didn't work. Every time I make a zone I have to do that step. What hergp is trying tohave you do is a loop back, which is done in sparse zones a lot. I don't use these.
What I would like you to do now is compare your sudo setting on your global zone which works to the zone which doesn't work.
Code:
ls -l /usr/local/sbin/visudo
---x--x--x 1 root root 249604 Nov 18 01:09 visudo
ls - /usr/local/bin/sudo
---s--x--x 1 root root 249604 Nov 18 01:09 /usr/local/bin/sudo
id
uid=2708(bitlord) gid=2001(users) groups=14(sysadmin)
tldr; after SRU patches applied on newly created boot environment, reboot with ability to log into global zone but unable to "fully" log into non-global-zones.
Without going into much detail here's what we did;
1) Activated new boot environment with latest SRU patches from Oracle
2)... (1 Reply)
Hi All
Kindly let me know how can I move Solaris 10 OS running update 10 on physical machine to another machine solaris zone running Solaris 10 update 11 (2 Replies)
Hi there,
I'm sorry in advance if my question seems stupid, but I can't figure out myself.
I was wondering. Is it possible to install a Solaris program on an Open Solaris or Open Indiana operating system?
After searching the web for a long time, it seems that Open Solaris was released by... (7 Replies)
Hello,
I'm running rhel6 64bit. Accidentally I ran % chmod -R 777 /etc and after that I have a problem to do 'su' or 'sudo'. When I did sudo it complained that /etc/sudoers has 777 while it should be 0440. I changed that and also restored right permission for:
-rw-r--r-- 1 root root 1966 May 19... (2 Replies)
Hi All,
I have installed Solaris 10 on my AMD 64 3000+ system. I was playing with grub commands eeprom and bootadm commands. I screwed my boot-file and now am unable to boot the system. Gets error msg as "panic: cannot open /kernel/amd64/unix". I booted the system is filesafe and tried update the... (2 Replies)
Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks!
When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error:
exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Hi Everyone,
I have installed open solaris 10 on one of the x86 machines available but inspite of configuring the IP i am unable to access the machine through the network.
Can anyone please help me wih the settings required to access the machine across the network.Its really Urg..Any help is... (13 Replies)
HI All,
Is it possible to configure SUDO in non-global zones in a solaris 10 env?
If yes, can you please provide the steps to configure.
Thanks in advance.
Regards,
Sagar. (2 Replies)
Hi Guys
I am using this version of Linux box (as shown below). I am unable to send email from the box. But I am not getting any errors while sending email. :mad:
Any idea what could be the reason? What entry should I check? :confused:
$ uname -a
Linux machine-name 2.4.21-144-smp4G #1... (6 Replies)
