Sudoers cannot do command sudo
Sudoers cannot do command sudo
Hi all,
I am new here, my server has CentOS 8, actually i can't login as root by console or ssh, then i boot as single user mode and chroot /sysroot. Since change password root, eventhough success but still permission denied
Then i add user for sudoers and already done for user id, also verify it on wheel group and its okay
But when I login at console or ssh, sudo command is problem with error :
Sudo:pam_open_session:permission denied
Sudo: policy plugin failed session initialization
Please help me if any advised
I am new here, my server has CentOS 8, actually i can't login as root by console or ssh, then i boot as single user mode and chroot /sysroot. Since change password root, eventhough success but still permission denied
Then i add user for sudoers and already done for user id, also verify it on wheel group and its okay
But when I login at console or ssh, sudo command is problem with error :
Sudo:pam_open_session:permission denied
Sudo: policy plugin failed session initialization
Please help me if any advised
Re: Sudoers cannot do command sudo
As root: restorecon -RFv /etc/passwd /etc/shadow
or
touch /.autorelabel then reboot.
or
touch /.autorelabel then reboot.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Sudoers cannot do command sudo
Could you explained more about restorecon ? Please Why should I do it ? I have already did touch /.autorelabel before
Re: Sudoers cannot do command sudo
It resets the selinux context on /etc/passwd and /etc/shadow. Access to those files will fail if the context is wrong and logins will fail. Editing the file from a rescue boot will corrupt the context and require it to be reset. Theoretically the restorecon should be quicker than the autorelabel as it processes just those 2 files where autorelabel does ALL files.
You could also append 'enforcing=0' (without quotes) to the end of the kernel command line so that it boots in permissive mode - if that works then it will confirm that the problem is selinux related.
You could also append 'enforcing=0' (without quotes) to the end of the kernel command line so that it boots in permissive mode - if that works then it will confirm that the problem is selinux related.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Sudoers cannot do command sudo
i am still curious why the issue occured since last time other team doing cp to this server and failed
i didnt yet visit the server installed room but with the ssh getting like below
------------
$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
------------
is the enforcing targeted make this happened ? as i know it is default setting...
why the root login can be done before ?
i didnt yet visit the server installed room but with the ssh getting like below
------------
$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
------------
is the enforcing targeted make this happened ? as i know it is default setting...
why the root login can be done before ?
Re: Sudoers cannot do command sudo
Doing this causes the files to get the wrong context.i boot as single user mode and chroot /sysroot
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Sudoers cannot do command sudo
yes did touch /.autorelabel, i can login directly with sudo user locally but still like previous, i cannot do sudo command
with same error message
is there any other idea ? please give me advise