Login or Register to Ask a Question and Join Our Community


Solaris

Sudo without password Solaris 11.2

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Sudo without password Solaris 11.2
# 1  
Old 10-27-2014
Sudo without password Solaris 11.2
Hi guys,

I have the strangest issue... might be a huge oversight.. who knows!! Smilie

I am trying to configure a user to use sudo with no password, here is my sudoers configuration file

Code:
root@isha:~# egrep -v "^$|^#" /etc/sudoers
root ALL=(ALL) ALL
%wheel ALL=(ALL) NOPASSWD: ALL
root@isha:~#

I login with user "kenneth", which is on the wheel group, but it requires password...

Code:
kenneth@isha:~$ id -a 
uid=100(kenneth) gid=10(staff) groups=10(staff),100(wheel)
kenneth@isha:~$ roles
root
kenneth@isha:~$ sudo -n su -
sudo: a password is required

so I check creating a new user called "ragnor", adding it to wheel as well, I added it to the root role too just in case, (I thought that was the cause at some point) but it works flawlessly..Smilie

Code:
ragnor@isha:~$ id -a 
uid=101(ragnor) gid=10(staff) groups=10(staff),100(wheel)
ragnor@isha:~$ roles
root
ragnor@isha:~$ sudo su - 
Oracle Corporation      SunOS 5.11      11.2    June 2014
You have new mail.
root@isha:~#

I also tried commenting out the "root ALL=(ALL) ALL" on sudoers, same results.

Any ideas?

Thanks.
# 2  
Old 10-28-2014
What is that -n you used when passing the command for kenneth?
# 3  
Old 10-28-2014
It is basically a way of showing the error

Code:
     -n          The -n (non-interactive) option prevents sudo
                 from prompting the user for a password.  If a
                 password is required for the command to run,
                 sudo will display an error message and exit.

Without the -n this would be the result

Code:
kenneth@isha:~$ sudo su - 
Password:

# 4  
Old 10-28-2014
I think your /etc/sudoers should work.
Check that your sudo command really opens /etc/sudoers:
Code:
truss -f -t open sudo -l

(need to run this as root)
This User Gave Thanks to MadeInGermany For This Post:
akame
# 5  
Old 10-28-2014
Hi,

I can't truss sudo -- edit: (you did say run this as root Smiliem, as root it did open /etc/sudoers )

Code:
kenneth@isha:~$ truss -f -t open sudo -l
truss: cannot trace set-id or unreadable object file: /usr/bin/sudo

However if it was not using /etc/sudoers it would not work for "ragnor".
There is an easy way of showing it is indeed reading the /etc/sudoers config file

Code:
root@isha:~# egrep -v "^$|^#" /etc/sudoers
root ALL=(ALL) ALL
%wheel ALL=(ALL) NOPASSWD: ALL
kenneth ALL=(ALL) NOPASSWD: /usr/bin/su
root@isha:~# exit
logout
kenneth@isha:~$ sudo -l 
User kenneth may run the following commands on this host:
    (ALL) NOPASSWD: ALL
    (ALL) NOPASSWD: /usr/bin/su
    (ALL) ALL
kenneth@isha:~$

This must have something to do with RBAC.... root being a role and not a user.. not sure.

---------- Post updated at 01:41 AM ---------- Previous update was at 01:32 AM ----------

Ok found it...

When a user is specified during installation a few things happen, it gets the "root" role and so on, but it also creates the following file

Code:
root@isha:/# cat /etc/sudoers.d/svc-system-config-user
kenneth ALL=(ALL) ALL

So sudo was hitting this rule before hitting the NOPASSWD one.., removing that file did the magic.. funny one.

Thanks for you help guys.
Last edited by akame; 10-28-2014 at 09:47 PM..
# 6  
Old 10-29-2014
AFAIK the roles belong to RBAC, and sudo works without RBAC.
That means sudo should work even without the root role.
--
BTW positive logic is shorter:
Code:
grep '^[^#]' /etc/sudoers

This User Gave Thanks to MadeInGermany For This Post:
akame
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Sudo asked for root password .

i have tried to use a sudo command from a user level . but instead of asking for user password it asked for root password . how should i go about it . james@opensuse:/etc> sudo ifconfig root's password: And i wish to ask how should i allow a list of command to be allowed to used for a... (4 Replies)
Discussion started by: lobsang
4 Replies

2. UNIX for Dummies Questions & Answers

Sudo -s without password prompt

hi, i have a requirement where i need to sudo to another user in the shell script.suppose consider user A and B, first user A calls a shell script and then i need to sudo to user B which executes another shell script inside the earlier one. also this needs to be automated like while sudo'ing to... (3 Replies)
Discussion started by: krk
3 Replies

3. Red Hat

Sudo + Nohup = no password?

Little confused here When i go to run sudo nohup ./script.ksh & I dont get asked for a password. It starts a process ID, I can see it when i do a ps -ef | grep script. But I dont get an output file from my script, so its not doing anything. What gives? does it have to do the "&" ? ... (4 Replies)
Discussion started by: nitrobass24
4 Replies

4. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

5. Shell Programming and Scripting

password in sudo script

salmo allikm warhmat allah wabrakato i want to do script with sudo like sudo su and want to put password in the script not get from user because i to made it startup when booting and i don't know how put in script for sudo thanks (5 Replies)
Discussion started by: pua06
5 Replies

6. Shell Programming and Scripting

password getting displayed using sudo

Hi While doing the following command password is gettin dispalyed : ssh <host> "sudo command ; exit" .... while i type my password for 2nd its gettin displayed ... i tried stty -echo and stty echo ... still i am havin problem..:confused: (1 Reply)
Discussion started by: ningy
1 Replies

7. AIX

Sudo ask for password

Hello I have a partition with Aix 5.3 and I install sudo I put the commands that I want to use x user and I put the option that donkask for password. But when I run with this user and I try to run that commands. ask me for a password. I put this line for no ask for password with that... (2 Replies)
Discussion started by: lo-lp-kl
2 Replies

8. Shell Programming and Scripting

sudo command with password

Hello everybody, Say I forgot my root password (shit happens, no?) and I'd like to brutally try 100 possibilities to delete a file using sudo. How can I make a script that tries all the passwords? The following doesn't work. Do you have a clue? foo:~$ cat test sudo rm dummy <<< 'password' echo... (1 Reply)
Discussion started by: chebarbudo
1 Replies

9. Shell Programming and Scripting

verify sudo password

edited and removed (0 Replies)
Discussion started by: mdpalow
0 Replies

10. Linux

sudo, root password

Hi all.. I'm secering a RH 2.1 server, with gnome (not my choice...), as X manager. Is ther anyway to get sudo ask for root password other then the actual user's password? Like when you launch the graphical IHM to create a new user, it asks for root's password? Is there a way to do the same... (5 Replies)
Discussion started by: penguin-friend
5 Replies
Login or Register to Ask a Question