[juneau-lug] Re: How to repair sudo?
- From: Nels Tomlinson <nels.tomlinson@xxxxxxxxx>
- To: juneau-lug@xxxxxxxxxxxxx
- Date: Tue, 7 Apr 2015 21:51:45 -0800
I tried the Hail Mary, but Mary didn't hail back. It was a good thought,
but changing the %sudo line didn't change anything.
Visudo saved the edited file as sudoers.tmp without any complaints. I then
did mv /etc/sudoers /etc/sudoers.old and mv /etc/sudoers.tmp /etc/sudoers.
I have attached sudo.old.
Nels Tomlinson
(907) 500-4802
On Tue, Apr 7, 2015 at 9:09 PM, Henrik Hudson <rhavenn@xxxxxxxxxxx> wrote:
> On Tue, 07 Apr 2015, Nels Tomlinson wrote:
>
> > Mark, user think is in the adm and sudo groups:
> > ==================
> > think@Penguin-Korora:~$ groups think
> > think : think adm cdrom sudo dip plugdev lpadmin sambashare
> > ======================
> >
> > I tried to use sudo, then immediately looked in auth.log. Here is the
> > output from tail /var/og/auth.log:
> >
> > ================
> > think@Penguin-Korora:~$ sudo visudo /etc/sudoers
> > [sudo] password for think:
> > think is not in the sudoers file. This incident will be reported.
> > think@Penguin-Korora:~$ tail /var/log/auth.log
> > Apr 7 17:24:27 Penguin-Korora lightdm: pam_unix(lightdm:session):
> session
> > opened for user think by (uid=0)
> > Apr 7 17:24:27 Penguin-Korora systemd-logind[695]: Removed session c3.
> > Apr 7 17:24:27 Penguin-Korora systemd-logind[695]: New session c4 of
> user
> > think.
> > Apr 7 17:24:27 Penguin-Korora systemd-logind[695]: Linked
> > /tmp/.X11-unix/X1 to /run/user/1000/X11-display.
> > Apr 7 17:24:27 Penguin-Korora lightdm:
> pam_ck_connector(lightdm:session):
> > nox11 mode, ignoring PAM_TTY :1
> > Apr 7 17:24:27 Penguin-Korora lightdm: pam_kwallet(lightdm:session):
> > pam_sm_open_session
> > Apr 7 17:24:27 Penguin-Korora lightdm: pam_kwallet(lightdm:session):
> > pam-kwallet: final socket path: /tmp//think.socket
> > Apr 7 17:24:27 Penguin-Korora gnome-keyring-daemon[5504]: couldn't set
> > environment variable in session: The name org.gnome.SessionManager was
> not
> > provided by any .service files
> > Apr 7 17:24:44 Penguin-Korora polkitd(authority=local): Registered
> > Authentication Agent for unix-session:c4 (system bus name :1.104
> > [/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1], object path
> > /org/kde/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
> > Apr 7 17:29:50 Penguin-Korora sudo: think : user NOT in sudoers ;
> > TTY=pts/0 ; PWD=/home/think ; USER=root ; COMMAND=/usr/sbin/visudo
> > /etc/sudoers
> >
> > ========================
> >
> > So, I'm in the adm (there is no admin group) and sudo groups, sudo group
> > is in the sudoers file, but I'm not in sudoers.
> >
> > Henrik, I don't seem to have a /var/log/messages. grep -R sudo
> /var/log/*
> > didn't get me anything I could recognize as useful. There were a bunch
> of
> > messages from dpkg.log, but little else.
>
> Nels,
>
> If you don't have / aren't in %admin, then the %sudo is the only
> other group.
>
> Since sudo isn't throwing an error it thinks the
> sudoers file is, technically, correct.
>
> I don't know if it's a bug or something, but boot to single-user and
> change this:
> %sudo ALL=(ALL:ALL) ALL
>
> to this:
> %sudo ALL=(ALL) ALL
>
> That :ALL should let you specify a group to runas, but it should
> be optional. It's a hail mary :)
>
> Also, when using visudo don't supply the sudoers file to make sure
> that you're actually editing the right file. If possible, make a
> copy of the sudoers file and change the permissions so that your
> regular account can read it and pastebin it or email it. Assuming
> it's got nothing super secret in there.
>
>
> henrik
>
>
> >
> > Nels Tomlinson
> > (907) 500-4802
> >
> > On Tue, Apr 7, 2015 at 10:14 AM, Mark Neyhart <Mark.Neyhart@xxxxxxxxx>
> > wrote:
> >
> > > On 04/07/2015 09:56 AM, Nels Tomlinson wrote:
> > > > Somehow I messed up sudo on a new computer preloaded with Kubuntu
> 14.04.
> > > > It was a few weeks ago, and I didn't keep any notes on what I did,
> but I
> > > > was trying to add my daughter's account to the sudoers list, and
> somehow
> > > no
> > > > accounts are on the sudoers list any more.
> > > > Both accounts are in the adm and sudo groups. I have tried
> following the
> > > > instructions at
> > > >
> > >
> https://sites.google.com/site/installationubuntu/security/fix-sudo-ers-file
> > > > but my sudoers file looks like the one there.
> > > >
> > > > I would attach the sudoers file, but I don't have access to it
> unless I
> > > > boot to single user mode.
> > > >
> > > > I have the lines
> > > > root ALL=(ALL:ALL) ALL
> > > >
> > > > %admin ALL=(ALL) ALL
> > > >
> > > > %sudo ALL=(ALL:ALL) ALL
> > > > exactly as they appear in the link I mentioned above.
> > > >
> > >
> > > I see nothing obviously wrong with these lines.
> > >
> > > While logged in with your daughters account does the output of the
> > > groups command show her as member of sudo and admin?
> > >
> > > Have you checked the permissions of the /etc/sudoers file? My debian
> > > machine shows
> > > # ls -l sudoers
> > > -r--r----- 1 root root 787 2015-02-05 11:53 sudoers
> > >
> > > Is there anything of interest in the /var/log/auth.log?
> > > ------------------------------------
> > > The Juneau Linux Users Group -- http://www.juneau-lug.org
> > > This is the Juneau-LUG mailing list.
> > > To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx
> with
> > > the word unsubscribe in the subject header.
> > >
> >
> >
> > ------------------------------------
> > The Juneau Linux Users Group -- http://www.juneau-lug.org
> > This is the Juneau-LUG mailing list.
> > To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with
> the word unsubscribe in the subject header.
> ------------------------------------
> The Juneau Linux Users Group -- http://www.juneau-lug.org
> This is the Juneau-LUG mailing list.
> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with
> the word unsubscribe in the subject header.
>
------------------------------------
The Juneau Linux Users Group -- http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the
word unsubscribe in the subject header.
Other related posts:
