[juneau-lug] Re: How to repair sudo?

  • From: Nels Tomlinson <nels.tomlinson@xxxxxxxxx>
  • To: juneau-lug@xxxxxxxxxxxxx
  • Date: Tue, 7 Apr 2015 17:48:35 -0800

Mark, user think is in the adm and sudo groups:
==================
think@Penguin-Korora:~$ groups think
think : think adm cdrom sudo dip plugdev lpadmin sambashare
======================

I tried to use sudo, then immediately looked in auth.log.  Here is the
output from tail /var/og/auth.log:

================
think@Penguin-Korora:~$ sudo visudo /etc/sudoers
[sudo] password for think:
think is not in the sudoers file.  This incident will be reported.
think@Penguin-Korora:~$ tail /var/log/auth.log
Apr  7 17:24:27 Penguin-Korora lightdm: pam_unix(lightdm:session): session
opened for user think by (uid=0)
Apr  7 17:24:27 Penguin-Korora systemd-logind[695]: Removed session c3.
Apr  7 17:24:27 Penguin-Korora systemd-logind[695]: New session c4 of user
think.
Apr  7 17:24:27 Penguin-Korora systemd-logind[695]: Linked
/tmp/.X11-unix/X1 to /run/user/1000/X11-display.
Apr  7 17:24:27 Penguin-Korora lightdm: pam_ck_connector(lightdm:session):
nox11 mode, ignoring PAM_TTY :1
Apr  7 17:24:27 Penguin-Korora lightdm: pam_kwallet(lightdm:session):
pam_sm_open_session
Apr  7 17:24:27 Penguin-Korora lightdm: pam_kwallet(lightdm:session):
pam-kwallet: final socket path: /tmp//think.socket
Apr  7 17:24:27 Penguin-Korora gnome-keyring-daemon[5504]: couldn't set
environment variable in session: The name org.gnome.SessionManager was not
provided by any .service files
Apr  7 17:24:44 Penguin-Korora polkitd(authority=local): Registered
Authentication Agent for unix-session:c4 (system bus name :1.104
[/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1], object path
/org/kde/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Apr  7 17:29:50 Penguin-Korora sudo:    think : user NOT in sudoers ;
TTY=pts/0 ; PWD=/home/think ; USER=root ; COMMAND=/usr/sbin/visudo
/etc/sudoers

========================

So, I'm in the adm (there  is no admin group) and sudo groups, sudo group
is in the sudoers file, but I'm not in sudoers.

Henrik, I don't seem to have a /var/log/messages.  grep -R sudo /var/log/*
didn't get me anything I could recognize as useful.  There were a bunch of
messages from dpkg.log, but little else.

Nels Tomlinson
(907) 500-4802

On Tue, Apr 7, 2015 at 10:14 AM, Mark Neyhart <Mark.Neyhart@xxxxxxxxx>
wrote:

> On 04/07/2015 09:56 AM, Nels Tomlinson wrote:
> > Somehow I messed up sudo on a new computer preloaded with Kubuntu 14.04.
> > It was a few weeks ago, and I didn't keep any notes on what I did, but I
> > was trying to add my daughter's account to the sudoers list, and somehow
> no
> > accounts are on the sudoers list any more.
> > Both accounts are in the adm and sudo groups.  I have tried following the
> > instructions at
> >
> https://sites.google.com/site/installationubuntu/security/fix-sudo-ers-file
> > but my sudoers file looks like the one there.
> >
> > I would attach the sudoers file, but I don't have access to it unless I
> > boot to single user mode.
> >
> > I have the lines
> > root    ALL=(ALL:ALL) ALL
> >
> > %admin ALL=(ALL) ALL
> >
> > %sudo   ALL=(ALL:ALL) ALL
> > exactly as they appear in the link I mentioned above.
> >
>
> I see nothing obviously wrong with these lines.
>
> While logged in with your daughters account does the output of the
> groups command show her as member of sudo and admin?
>
> Have you checked the permissions of the /etc/sudoers file?  My debian
> machine shows
> # ls -l sudoers
> -r--r----- 1 root root 787 2015-02-05 11:53 sudoers
>
> Is there anything of interest in the /var/log/auth.log?
> ------------------------------------
> The Juneau Linux Users Group -- http://www.juneau-lug.org
> This is the Juneau-LUG mailing list.
> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with
> the word unsubscribe in the subject header.
>


------------------------------------
The Juneau Linux Users Group -- http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts:

  1. Home
  2. juneau-lug
  3. Archive
  4. 04-2015