Questions tagged [sudo]
sudo is a tool which allows users to run commands as another user (usually the root user)
903
questions
0
votes
2
answers
128
views
Managing passwords of many remote servers
I routinely login to many remote servers through SSH. I use a public/private SSH key to login without having to enter my password (https://linuxize.com/post/how-to-setup-passwordless-ssh-login/).
...
0
votes
0
answers
8
views
Why is FreeIPA HBAC rule not enforced for sudo
Using FreeIPA on RHEL 9, I have both sudo rules configured and an HBAC rule. The HBAC rules are there to disable all access to certain accounts on some machines. I can test those with, e.g.:
ipa ...
0
votes
0
answers
35
views
Graphical Switchuser with Netnamespaces in Wayland
I'm using 2 user accounts in different Netnamespaces like described in:
https://www.redhat.com/sysadmin/use-net-namespace-vpn
The graphical output works on Xorg but refuses to provide a display on ...
0
votes
0
answers
297
views
Ansible: become from a passwordless user
I have a user with no password, and want Ansible to use sudo from that user, without adding NOPASSWD to the sudoers file. Ansible complains with: FAILED! => {"msg": "Missing sudo ...
0
votes
0
answers
128
views
How to safely fix and migrate pip3 packages installed and run using sudo/root/local users to a safe pip3 virtual environment (venv)?
I am running an Ubuntu 22.04 Lemp Server, and I'm not sure I fully understand pip3 and how it works. When installing certain python3-pip packages, some of them required being installed and run as root ...
2
votes
2
answers
117
views
Allow sudo to ALL users for a particular command
I want to allow all the users on a system to mount a disk named with users name.
At the same time I do not want to allow user A to be able to mount the disk of user B.
my disk name will be available ...
0
votes
0
answers
94
views
How can I see and logout active Remote Connection (RDP) in a Ubuntu server?
I have tried:
who -H
But I can see only my self, even though I have connected with another account using RDP, ideally I would like to be able to see and logout a user that sees only a black screen.
0
votes
1
answer
110
views
How do you allow user_t SELinux users the ability to use sudo
I've got three classes of user that I have assigned to staff_t, user_t and guest_t. However the default permissions of these user types don't exactly correspond to what I need. It seemed easier to use ...
0
votes
1
answer
59
views
Why can I connect to the docker daemon with sudo, but not root?
Consider the following sequence of commands. When I try to connect to the docker daemon as a regular user, or root, I can't. When I use sudo (both as a regular user and root) I can. Why is this?
[john@...
0
votes
0
answers
84
views
Need to enable restart button on GUI Ubuntu Server 22.04 + XFCE4 + sddm
Currently I have 2 users: root and gigi.
gigi is not sudoer and cannot be, BUT, needs to have the possibility to reboot the server through 2 ways.
1º -> through terminal. I edited visudo and now I ...
0
votes
1
answer
72
views
Need help managing per-machine per-user sudo permissions in a research network environment using saz-sudo and Hiera with Puppet
Currently our Puppet server has an /etc/sudoers file defined with the permissions for every user on every machine in our network. This file is distributed equally to every host to provide permissions. ...
0
votes
1
answer
119
views
su: failed to execute 1 sudo dpkg-reconfigure locales: No such file or directory
I was configuring a linux server and after an apt upgrade this message came up whenever I try to change the user to root.
If I do sudo su -, su -, sudo -i I cannot change user because it says that
su: ...
0
votes
1
answer
260
views
After run sudo and/or su or su - command, the command prompt not loaded, however the switch user is successful
I saw a maybe similar thread but not sure there the issue is the same:
su command not responding?
I have an Ubuntu 20.04 LTS baremetal server.
After run sudo and/or su or su - command, the command ...
0
votes
1
answer
182
views
How to start a sudo-privilage program with screen so that I can re-attach to it later?
Here's the problem I face: I have a program that must run as root. I want that to run in a screen, but here's a twist: for admin reasons, I want to be able to re-attach to it.
I'm writing a dirty and ...
0
votes
1
answer
114
views
get user with crontab root
I run myscript.sh scheduled in the root crontab and I need it to detect the non-root user (with which the system starts).
I have tried these variants:
local_user=${who -m | awk '{print $1;}'}
...
1
vote
1
answer
524
views
sudo with Kerberos credentials
We are on Oracle Linux 7.9, which is part of a Kerberos realm.
I would like account foo to be able to execute (without any password) one command as account bar with Kerberos credentials of bar ...
0
votes
1
answer
405
views
is /etc/sudoers writable or not
The default permission in /etc/sudoers file is readonly for root and group root as in picture is obvious :
So when you open it with any test editor it can't be written and give error read only.
now ...
0
votes
0
answers
277
views
Sudo validates command line arguments via regular expression incorrectly
Let's say we have two users: alex and alexa. We want to allow alex to execute htop as root in order to see disk usage stats, but we do not want them to see other users' processes which root can do. ...
0
votes
2
answers
1k
views
can not sudo to root in Ubuntu instance
I have an error when i want to become root
╭─saviam@server ~
╰─$ sudo -i ...
0
votes
1
answer
3k
views
Setup A Program to Run At Startup As A Specified User On Linux
I have a server running Debian 12 that does not have root access enabled as recommended by many. I do have an another user admin privileged account on the server.
I have a program that does not come ...
1
vote
1
answer
149
views
sudo file in sudoers - why user can modify file?
I want to allow one user to run specialscript.sh as root
so in his folder i created
-rwxr---- 1 root deployers 142 Jul 16 14:07 specialscript.sh
and in sudoers.d/specialscripts:
user123 ALL=(...
-2
votes
1
answer
146
views
Sudo user running app: can it be elevated to be root by app?
Sudo user running app: can it be elevated to be root by app?
e.g.,
user "user_xyz" is a regular user in sudo group.
sudo command
Does not require password.
If the user run an app, can the ...
2
votes
1
answer
1k
views
Privilege escalation prevent root directly
I think this is going to be my first post on StackExchange side of the house. However, I know that this has to be able to be configured cause I have seen it implemented previously but I don't actually ...
0
votes
1
answer
2k
views
Sudoers NOPASSWD not working for specified commands
I have the following entries in the sudoers file:
christian ALL=(root)NOPASSWD: /usr/sbin/shutdown
christian ALL=(root)NOPASSWD: /usr/bin/systemctl start mc
When running sudo shutdown -h now or sudo ...
2
votes
1
answer
1k
views
Is sudo -u username command the same as doing sudo -i -u username then command?
Is a terminal prompt sudo -u username command
same as doing
sudo -i -u username then command in the next line?
If no, what is the differences? What are the use cases when doing the first is better or ...
0
votes
1
answer
1k
views
Nsswitch - sudoers sss vs ldap what am I missing
I'm trying to configure nsswitch to use sudoers: files sss which is default for rhel9 system, however this does not work for me, but the following sudoers: files ldap does indeed work.
What am I ...
0
votes
1
answer
891
views
Apache Authentication - Find out user password
My field of expertise is far away from server management but I am currently covering for a former collegue of mine, so I apologize in advance if my question doesn't make sense.
I have to restart an ...
0
votes
1
answer
286
views
i am root but ufw status says 'command not found'
as simple user, first I pass root with command :
su
I am now root on Debian 10 buster.
When I hit ufw status, I have 'command not found'. But it works with sudo ufw status
When I use su -, the command ...
0
votes
1
answer
2k
views
Sudo privileges limited to a specific group of users
I'm configuring our new Ubuntu 22.04 VPS to host our react app and REST API.
I followed this tuto that seems relatively advanced and complete :
https://gofoss.net/server-hardening-advanced/
I'm ...
0
votes
1
answer
237
views
Getting command not found using sudo, but not for running command as root without sudo
wierd issue where if you use sudo command for certain commands it is not found. But runnning it as root user WITHOUT sudo does work
root@ip-172-31-43-153:/home/ubuntu# sudo xfs_growfs -d /
sudo: ...
1
vote
1
answer
63
views
Selective EXEC with LDAP-based sudo
I'm trying to translate this sudoers file into LDAP:
Defaults env_reset, env_keep="LESSSECURE SSH_CLIENT", !authenticate, noexec, requiretty, secure_path=/usr/local/bin:/usr/bin:/usr/sbin
...
0
votes
1
answer
564
views
Why create a new user with sudo privilege when you are the only person manage the server?
Please share some true use cases of benefits when you are the only admin of manage VPSs, I'm just hosted my first WordPress site. A lot of guide I read online suggests creating a new user after update ...
0
votes
1
answer
45
views
Sudo: Using arguments in /etc/sudoers.d/ file, particularly with mount (visudo rejects syntax)
I have a syntax wrangling problem with sudo that may not be solvable.
I know I know, OpenBSD's new doas is better than sudo, but it is not available on CentOS 7 or Rocky 8. So we're stuck with sudo ...
1
vote
0
answers
2k
views
'user ... is not allowed to execute .... as root on ... ' - even with SUDO privileges but not sure why?
I am in the processing of installing singularity using the terminal on my Linux Mint computer (Ubuntu).
I have the following command:
sudo apt-get update
The computer then asks me to enter my ...
1
vote
4
answers
6k
views
Execute root commands through ssh user
my goal is to execute commands as root user from another linux host through ssh.
The Problem is: The environment doesnt allow to access the root user directly.
The manual way, which works, is to ...
0
votes
1
answer
182
views
sudoers with other user and colon ":" char
I require a sudoers to be able to execute following command
sudo -u myAppUser /opt/myapp/bin/myapp.Console.pl Admin::User::Add <some optional parameters>
I've created a group myAppExecGroup and ...
1
vote
1
answer
2k
views
Ubuntu 22 server slow to login and execute sudo
On several servers running Ubuntu-server 22 we have the problems that some commands take a very long time to execute. These commands include ssh login as well as sudo commands. Everything not evolving ...
1
vote
0
answers
97
views
Can't find font as regular user
As a root, I can run gvim with my font selected as 'Ubuntu mono 14' and have everything work correctly. But as a regular user using the exact same config file selecting the exact same font, I get this:...
3
votes
3
answers
1k
views
Administrative access to a server via SSH key
Is it a good idea to set the SSH key directly for the root user for administrative access to a server?
Or is it better to use another user for SSH access via SSH key, followed by sudo command?
Is the ...
2
votes
1
answer
3k
views
Running Shell Script without a Password Prompt
I have a shell script that runs on a freebsd OS.
the script has some commands that needs the sudo privileges
Im excuting the script remotley and it's skipping the sudo commands
i tried the following :
...
2
votes
1
answer
1k
views
Allow users to use -D (--chdir) option with sudo
I want to make user bob able to use the -D option in sudo (like sudo -D /home bash which would open a root shell on /home).
How can I do this and what are the security implications to this?
2
votes
1
answer
995
views
How to run a command as systemd DynamicUser
I am setting up a daemon for a web service and I want to use the systemd DynamicUser=yes feature because it seems cleaner not pollute the user table with a different user for each service.
As is ...
0
votes
1
answer
956
views
Sudo: How can I exlude one specific command line argument from sudo
There is a command (say: mycommand) that we want to add to sudo for all users, but there is one specific command line option -i that we want to exclude. Complicating factor is that command line ...
0
votes
1
answer
2k
views
Can you access VM instance in Google Cloud without being root?
I'm trying to access GCP VM instance but I messed it up and now I'm getting this error: sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
but I don't have the root password. Is ...
9
votes
1
answer
2k
views
Is it possible to lock sudo from the command line, without editing sudoers or logging out and back in?
When you run sudo it won't ask a password for at least 5 minutes after you last ran it. You can change this timeout by adding Defaults timestamp_timeout=0 to sudoers with sudo visudo. This also ...
0
votes
2
answers
316
views
Linux bash way for unprivileged user to take ownership of contents of only one particular directory?
I want a particular user to recursively change owner and group of all the contents of a particular directory, and only that directory. The directory is a kind of "inbox", where a service ...
1
vote
2
answers
469
views
How do I run sudo commands with a system user?
I want to run a minecraft server in Docker, so I started following this guide.
In the guide, it is advised to create a system user with a home directory (/opt/minecraft), but without a password (you ...
0
votes
1
answer
233
views
DEBIAN 10 apt-get, sudo issues
I'm currently facing some issues with my dedicated server. I unfortunately removed some packages from my server yesterday. And now the man-db on my server seems not to work properly. This issue maybe ...
20
votes
9
answers
8k
views
root login or sudo user for server administration?
I'm trying to understand the technical arguments/security implications between ssh'ing with root directly, or making an auxiliary sudo user in the context of maintaining a server. To clarify, we're ...
0
votes
1
answer
1k
views
Problems sudoing using a host connected to Active Directory (sssd, kerberos local sudoers file)
I am configuring Active Directory authentication for an Alma 8 box using SSSD, Kerberos, and initial SSH key for log in stored in an Active Directory object, and a local sudoers file that lists groups ...