Ubuntu Security :: Locked Out From Sudoers
Jun 5, 2010
A few minutes ago I accepted a suggestion from update-manager for restarting my system, such that some security updates could be effective. After restarting and login in as usual, I discovered that I could not use my adminstrative rights as a sudoer. To recover them I booted again, as root, and added my username in the "admin" group. Rebooting, all seemed well again. As an extra check I installed and ran 'chkrootkit' and nothing suspect was found.What could have hapenned? Just a glitch in the system? Can a user disappear from a group for nothing?What further checks can I make to be sure that my system is safe?I'm using Ubuntu Jaunty Jakalope amd64, with kernell 2.6.28-15-generic.
View 5 Replies
ADVERTISEMENT
Mar 15, 2011
Suddenly I am not in the sudoers file. I am not sure how to recover from this. I have no grub screen at bootup, so I can't boot into single user. I think I am going to have to boot a live version of ubuntu to start with. Is that right? What's next after that? Also, how could this happen, I haven't touched the sudoers file or added users or anything like that (well not that I am aware of) I am a little concerned that this may be the result of someone breaking in? Would this be a likely symptom?
View 3 Replies
View Related
Feb 1, 2010
My goal: I want to give users in the group "rtkprd" the ability to elevate their privileges and run a restricted shell script by using sudo. The full path to the shell script is /usr/local/bin/only_rtkprd.sh
The syntax of /etc/sudoers is giving me fits, to I've reduced my sudoers to a single log directive and a single line to enable the rtkprd group.
Code:
Defaults logfile=/var/log/sudo
%rtkprd ALL = (rtkprd) /usr/local/bin/only_rtkprd.sh
[code]....
View 3 Replies
View Related
Aug 2, 2010
In a recent discussion I had, I was led to believe I could use sudoers to restrict using vi (for example) for the editing of say specific config files. I know how to allow root use of vi and how to lock it down from getting to a bash prompt with NOEXEC tag,but I can't figure out how to restrict the use of vi to only edit certain files. Tutorials and howtos I have checked don't address this
View 7 Replies
View Related
Nov 21, 2010
I'm suspicious that the context of /etc/sudoers is wrong. During the last upgrade to Fedora 14, RPM dropped /etc/sudoers.rpmnew, which had a different context than the real sudoers file. But, when I try to get SELinux to relabel the file (using restorecon or fixfiles), it refuses to make a change.
> ls -lZ /etc/sudoers
-r--r-----. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers
> matchpathcon /etc/sudoers
[code]....
View 5 Replies
View Related
Apr 12, 2011
This may be a stupid (?) question, but does any one know of a patch for sudo that allows the sudoers information to be pulled from mySQL?
I run multiple servers with multiple people working on them and would like a one-stop update of permissions.
Yes, I could use rsync or the like, but I'm just wondering if this has been done, or could be done.
(Sorry if this is the wrong forum, I'm kinda new around here, posting wise and this seemed to fit. Feel free to move it if it's not)
View 3 Replies
View Related
May 31, 2011
I have tried several things to attempt to fix my sudoers file however it is still coming up with errors. The error says
[code]...
the sudoers configuration file is set to the default as I have ran a dpkg on it, have also uninstalled and reinstalled it, and went over the configuration file ensuring it looked like the defaults I had seen online.
View 8 Replies
View Related
Sep 3, 2010
I would like to use a wireless network, I type in the correct password but suddenly a new window pops up saying: 'an application wants to access to the keyring 'Vorgabe', but its is locked password:'
But I don't know what password it's talking about
I went to Password and Encryption keys, there are two folders
'password: vorgabe'
'Password: login'
View 9 Replies
View Related
Feb 15, 2011
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3
Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?
View 3 Replies
View Related
May 12, 2010
I've got an HP Netbook with Jaunty installed, and I've got an older Dell laptop running Debian.A friend of mine, on several occasions, has told me that when I left my computers unattended he could do some kind of series of key-strokes, and then a window comes up and he says that he can change the password for my account.I've asked him to show me how he does it, but he never will because he doesn't want me to be able to thwart himIs he lying, or is it for real? if it's for real, how do I go about changing it so that it can't happen anymore?
View 5 Replies
View Related
Feb 7, 2011
Some how I seem to be locked out of my desktop computer. My password isn't working. For some reason all of a sudden it seems to have stopped working. I tried to reboot and now I'm locked out, I can't login. And I'm the only sudo user. How can I fix it or even reset my password
View 2 Replies
View Related
Mar 4, 2009
I am trying to get snort running but I get this with service snortd status:
snort dead but subsys locked
service snortd restart
Stopping snort: [FAILED]
Starting snort: [ OK ]
[root@Fedora tylerm]# tail -f /var/log/messages
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:17:54 Fedora snort[3280]: Initializing daemon mode
Mar 4 05:17:54 Fedora kernel: device eth0 entered promiscuous mode
Mar 4 05:17:54 Fedora snort[3282]: PID path stat checked out ok, PID path set to /var/run/
Mar 4 05:17:54 Fedora snort[3282]: Writing PID "3282" to file "/var/run//snort_eth0.pid"
Mar 4 05:17:54 Fedora snort[3282]: Daemon initialized, signaled parent pid: 3280
Mar 4 05:17:54 Fedora snort[3280]: Daemon parent exiting
Mar 4 05:17:54 Fedora snort[3282]: FATAL ERROR: OpenAlertFile() => fopen() alert file /var/log/snort/alert: Permission denied
Mar 4 05:17:54 Fedora kernel: device eth0 left promiscuous mode
Mar 4 05:18:42 Fedora ntpd[2300]: synchronized to 128.10.19.24, stratum 1
Mar 4 05:18:42 Fedora ntpd[2300]: time reset +0.906114 s
Mar 4 05:18:42 Fedora ntpd[2300]: kernel time sync status change 0001
View 2 Replies
View Related
Mar 11, 2011
I am having problems on a server installation (9.10) with a kind of unstable sudoers file. Logging in as a user of group admin allows only sometimes to issue sudo commands.Most of the time I am getting a "not in sudoers file" errror.
Code:
$ sudo COMMAND
[sudo] password for USER:
[code]....
View 2 Replies
View Related
Mar 13, 2009
I am trying to give access to ONE single user to start and shutdown tomcat server. The problem being, when I enter syntax: username ALL= /etc/init.d/tomcat5, /usr/local/tomcat/webapps, PASSWD:ALL This gives the user access to start and stop tomcat but also gives user access to start and stop other services within /etc/init.d - such as httpd etc... What is the proper way to give user access to start and stop service, and limiting that power to only one service....
View 2 Replies
View Related
Jun 12, 2010
In a nutshell: sudoers is not designed to use 127.0.0.1
Old, broken sudoers:
Code:
New, fixed sudoers:
Code:
View 7 Replies
View Related
Mar 25, 2011
I changed my user name, and now the Terminal shows my new user name.I log in with the same user name and the same password. But after changing the username, I can't get anything done as sudo. It says that I am not in the sudoers file, and I can't get in at all. I tried sudo visudo, sudo -i, sudo -l..When, I wrote sudo -l the following came in the Terminal.How do I get into sudoers file and give my new user name ariya the root privileges. Even my old user name doesn't work at all.
View 9 Replies
View Related
May 28, 2010
I have accidentally deleted the contents of sudoers file (while trying to add a line through CLI).Anyway, I'm still logged in and can please someone paste me the default contents of the sudoers file on Lucid Lynx
View 3 Replies
View Related
Feb 15, 2011
How do I add user xyz to sudoers?
View 1 Replies
View Related
Feb 16, 2011
I edited my /etc/sudoers file the other day to add timestamp_timeout=0 to cause sudo to ask for a password every time. I used visudo in sudo mode and when it came to saving it appeared to want to save the file as sudoers.tmp so I edited this to sudoers. Anyway some how may edit failed. I booted up into terminal and reedited and somehow lost all access to the sudo mode. I think the file ended up with the wrong permissions.
After a fresh install I don't want to mess this up again. So please, please tell me how to save it. Should I save as sudoers.tmp or sudoers? I presume a could have made a typo, but am assuming not. I don't want to reinstall ubuntu and all the packages again.
View 4 Replies
View Related
May 16, 2011
I want to create a group called scripts, add www-data to that group. I then want to edit the sudoers file and tell it that the script group doesn't need a password. Where should I put this line excatly in the sudoers file?
View 2 Replies
View Related
Jul 15, 2011
I have a bit of a problem... I thought (for certain reasons) I would just add myself to root group and therefore gain some more rights for my account. I could sudo before... But once I gained the root group as a secondary group it says I am not in the sudoers file anymore...
Code:
id
uid=1000(kosta) gid=1000(kosta) groups=0(root),1000(kosta)
Code:
sudo ls
[sudo] password for kosta:
kosta is not in the sudoers file. This incident will be reported. It is really weird and messed up. I can view sudoers file but not edit it... I can cat passwd but I can not view syslog. Is there any way to fix this without having to reboot to recovery mode? And why the heck is this happening after all?
View 2 Replies
View Related
Jul 23, 2011
I've been trying for a long while to figure out why aptitude overwrites /etc/sudoers ? Each time I run
$ sudo aptitude safe-upgrade
my /etc/sudoers is reset. This is really annoying because I have it setup so that mythtv can shutdown and restart automatically. The line in /etc/sudoers that gets deleted is:
%mythtv ALL = NOPASSWD: /usr/bin/mythshutdown, /bin/sh, /usr/bin/setwakeup.sh, /
sbin/reboot, /sbin/shutdown
When the line is missing my Ubuntu 10.04 does not shut down at all because of missing rights to do so. Does anyone have a clue why this is happening? I thought /etc-files were sacred for others than root, but it seems I'm wrong. Of course I have edited sudoers with visudo.
View 5 Replies
View Related
Nov 3, 2009
I'm following this guide : [URL]... to monitor SIP-connections on an Asterisk-server with Nagios. At some point the author mentions adding the following line to /etc/sudoers : nagios ALL= NOPASSWD: /usr/sbin/asterisk
View 8 Replies
View Related
Feb 11, 2010
I recently upgraded my computer from Ubuntu 8.04 to Ubuntu 9.10. After I finished the upgrade I tried to run a command in terminal as sudo. The terminal said that I was not on the sudoers list. I tried to ssh into the root account from my everyday account and the password to root had changed as well with the upgrade. How can I add my everyday account back to the sudoers list and also reset my root password?
View 4 Replies
View Related
Mar 25, 2010
I get this message if i try to use sudo/gksudo. What causes this, how can I solve it? It has been working for years. If i remember correcttly there was a sudo update few days ago, maybe it doesnt work since then, i havent used it in the last few days.
View 9 Replies
View Related
Jul 2, 2010
I was planning on getting the USB to work in my 3.2.4 Oracle virtual box, and I found a post that says you have to be a part of vboxusers. I ran > sudo usermod -G vboxusers alias and then id to see that I was a part of the vboxusers group. After I installed an update which required restart. That is right! I am no longer in the /etc/sudoers file!!!
View 2 Replies
View Related
Dec 24, 2010
Whenever I try to run something as root using the sudo comand I get: Code: ramy is not in the sudoers file. This incident will be reported.
View 6 Replies
View Related
Feb 16, 2011
I have a fairly complicated request The short version is, I want to set up a system so that any user can change the ownership of a certain set of files at any time without root access. I think it's possible to set up sudoers to do that, but so far I have failed miserably.I have tried setting up a wrapper script around chown, then putting that script into sudoers, but it didn't work. Here's the script and sudoers (paths changed to genericize them):
Code:
#!/bin/bash
#this script moves a copy of the code
[code]....
View 4 Replies
View Related
Apr 30, 2011
I am using Ubuntu 9.10 and I lost my sudo accesses for the User. So I am not able to use sudo command as I get the error,user1 is not in the sudoers file. This incident will be reported.Also I tried to login into the root usersu rootit will ask for the password(actually I dont know the password of root but after pressing enter I get the following error)su: Authentication failureI dont know how to add the user1 into the sudoers list.Also, is there any way to add the current user into admin group without using "sudo".
View 1 Replies
View Related
Jun 8, 2011
I'm trying to add my single user 'moreaue' to the sudoers. this user seems to be have admin privilege but is not in the sudoers:
Code:
moreaue@bloom:~$ sudo ls
[sudo] password for moreaue:
moreaue is not in the sudoers file. This incident will be reported.
moreaue@bloom:~$ su
Password:
root@bloom:/home/moreaue# adduser moreaue admin
The user `moreaue' is already a member of `admin'.
root@bloom:/home/moreaue# exit
exit
moreaue@bloom:~$ sudo ls
[sudo] password for moreaue:
moreaue is not in the sudoers file. This incident will be reported.
moreaue@bloom:~$
As you can see I can connect as root, run the adduser command which says the user is already admin... but then the user is still not a sudoer. Of course I can edit the sudoers file manually, but I wonder what is going wrong?
View 7 Replies
View Related
