Unable to sudo
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: Unable to sudo
So, did you verify that you can log in as a user, with the password set, using the password, on one of the securetty devices? Can you then, without changing anything else, use sudo?
It would be best to get things working first, before all the security changes, then make incremental changes and test.
It would be best to get things working first, before all the security changes, then make incremental changes and test.
-
- Posts: 14
- Joined: 2010/06/02 19:58:51
Re: Unable to sudo
[quote]
pschaff wrote:
So, did you verify that you can log in as a user, with the password set, using the password, on one of the securetty devices? Can you then, without changing anything else, use sudo?
It would be best to get things working first, before all the security changes, then make incremental changes and test.[/quote]
Yes I logged in as a user with the password set and using the password.
As to the securetty devices, I use ssh/putty and I have the tty/1 enabled only and I can log into that with a password no problem.
But I am still unable to sudo
(This is a Virtual Private Server btw, so I guess I don't have strait access to the console)
I've never been able to sudo with this user even before I set the security measures, I just don't know which setting needs to be modified in order to let him in. I am willing to make a completely new user if it would make things easier to analyze and see where things are going wrong..
pschaff wrote:
So, did you verify that you can log in as a user, with the password set, using the password, on one of the securetty devices? Can you then, without changing anything else, use sudo?
It would be best to get things working first, before all the security changes, then make incremental changes and test.[/quote]
Yes I logged in as a user with the password set and using the password.
As to the securetty devices, I use ssh/putty and I have the tty/1 enabled only and I can log into that with a password no problem.
But I am still unable to sudo
(This is a Virtual Private Server btw, so I guess I don't have strait access to the console)
I've never been able to sudo with this user even before I set the security measures, I just don't know which setting needs to be modified in order to let him in. I am willing to make a completely new user if it would make things easier to analyze and see where things are going wrong..
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: Unable to sudo
Creating another new user might be worth a try. I am unable to see where you are going wrong. Putting an entry in /etc/sudoers like [code]pschaff ALL=(ALL) ALL[/code]with visudo works for me. Doesn't matter if it is a local login or via ssh with a key, as long as I give the correct user password when prompted by sudo.
Since you belatedly mention a VPS - are you sure it is true CentOS? Have you read the following?
[url=http://wiki.centos.org/AdditionalResources/OtherVoices]Other Voices[/url]
[url=http://wiki.centos.org/TipsAndTricks/BrokenSpins]When CentOS Is Not CentOS[/url]
[url=http://wiki.centos.org/TipsAndTricks/BrokenVserver]Broken Virtual Server[/url]
Please read [url=http://www.centos.org/modules/newbb/viewtopic.php?topic_id=25128&forum=47]How to provide information about your system[/url] and show the results of [b]./getinfo.sh package[/b].
Since you belatedly mention a VPS - are you sure it is true CentOS? Have you read the following?
[url=http://wiki.centos.org/AdditionalResources/OtherVoices]Other Voices[/url]
[url=http://wiki.centos.org/TipsAndTricks/BrokenSpins]When CentOS Is Not CentOS[/url]
[url=http://wiki.centos.org/TipsAndTricks/BrokenVserver]Broken Virtual Server[/url]
Please read [url=http://www.centos.org/modules/newbb/viewtopic.php?topic_id=25128&forum=47]How to provide information about your system[/url] and show the results of [b]./getinfo.sh package[/b].
-
- Posts: 14
- Joined: 2010/06/02 19:58:51
Re: Unable to sudo
is this the best way to make a new user?
[quote]
1. ssh to your server as root
2. Create a user: /usr/sbin/useradd user
3. Expire ther user immediately: /usr/bin/chage -d 0 user
4. Set blank password: /usr/sbin/usermod -p "" user
5. If you want to set the user's password:
* su user
* passwd
[/quote]
[quote]
1. ssh to your server as root
2. Create a user: /usr/sbin/useradd user
3. Expire ther user immediately: /usr/bin/chage -d 0 user
4. Set blank password: /usr/sbin/usermod -p "" user
5. If you want to set the user's password:
* su user
* passwd
[/quote]
-
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
Re: Unable to sudo
As root:
passwd user
passwd user
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: Unable to sudo
Agree. So that makes the abbreviated procedure:
[code]
1. ssh to your server as root
2. create a user: /usr/sbin/useradd user
3. passwd user[/code]
[code]
1. ssh to your server as root
2. create a user: /usr/sbin/useradd user
3. passwd user[/code]
-
- Posts: 14
- Joined: 2010/06/02 19:58:51
Re: Unable to sudo
Oh sorry I didn't see those links before
Alas I do not have a real Centos
[quote]
uname -r
2.6.18-028stab064.7
[/quote]
[quote]If your kernel version looks likes this 2.6.18-92.1.13.el5.028stab059.6 you have custom-made kernel, usually from a virtualization project. This is not a standard CentOS kernel, so you are not running a real CentOS.[/quote]
The rpm -qv & -av return results
Oh here we go, It's the Parallels Virtualization One...
[quote]
root@xxxxx [~/support]# less /tmp/basedata.X16208
== BEGIN uname -rmi ==
2.6.18-028stab064.7 i686 i386
== END uname -rmi ==
== BEGIN rpm -q centos-release ==
centos-release-4-8
== END rpm -q centos-release ==
== BEGIN getenforce ==
Disabled
== END getenforce ==
[/quote]
----------------------------------------------------
here's what I did
/usr/sbin/useradd userx
passwd userx
visudo
Under where it says "root ALL=(ALL) ALL"
userx ALL=(ALL) ALL
root@server # su userx
{it doesn't ask for a password}
userx@server # su root
Bash: /bin/su: Permission denied
userx@server [/root]# sudo root
Password: (userx pass)
Sorry, try again.
Password: (userx pass)
Sorry, try again.
Password: (userx pass)
Sorry, try again.
sudo: 3 incorrect password attempts
scratching my head in frustration
Alas I do not have a real Centos
[quote]
uname -r
2.6.18-028stab064.7
[/quote]
[quote]If your kernel version looks likes this 2.6.18-92.1.13.el5.028stab059.6 you have custom-made kernel, usually from a virtualization project. This is not a standard CentOS kernel, so you are not running a real CentOS.[/quote]
The rpm -qv & -av return results
Oh here we go, It's the Parallels Virtualization One...
[quote]
root@xxxxx [~/support]# less /tmp/basedata.X16208
== BEGIN uname -rmi ==
2.6.18-028stab064.7 i686 i386
== END uname -rmi ==
== BEGIN rpm -q centos-release ==
centos-release-4-8
== END rpm -q centos-release ==
== BEGIN getenforce ==
Disabled
== END getenforce ==
[/quote]
----------------------------------------------------
here's what I did
/usr/sbin/useradd userx
passwd userx
visudo
Under where it says "root ALL=(ALL) ALL"
userx ALL=(ALL) ALL
root@server # su userx
{it doesn't ask for a password}
userx@server # su root
Bash: /bin/su: Permission denied
userx@server [/root]# sudo root
Password: (userx pass)
Sorry, try again.
Password: (userx pass)
Sorry, try again.
Password: (userx pass)
Sorry, try again.
sudo: 3 incorrect password attempts
scratching my head in frustration
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: Unable to sudo
[quote]
prince_mallow wrote:
...
root@server # su userx
{it doesn't ask for a password}
...
scratching my head in frustration[/quote]
Me too. Grasping at straws, but what happens if instead of "su userx" as root you do[code]ssh userx@server
OR
ssh userx@localhost[/code]
Log in with the password, and if that works, then try sudo. If it doesn't work, then the problem is with basic authentication and not related directly to sudo.
prince_mallow wrote:
...
root@server # su userx
{it doesn't ask for a password}
...
scratching my head in frustration[/quote]
Me too. Grasping at straws, but what happens if instead of "su userx" as root you do[code]ssh userx@server
OR
ssh userx@localhost[/code]
Log in with the password, and if that works, then try sudo. If it doesn't work, then the problem is with basic authentication and not related directly to sudo.
-
- Posts: 14
- Joined: 2010/06/02 19:58:51
Re: Unable to sudo
Well this is weird
root@server [~]# ssh userx@server
Password:
Password:
Password:
userx@server's password:
Permission denied, please try again.
userx@server's password:
Received disconnect from xx.xxx.xxx.xxx: 2: Too many authentication failures for userx
What does this mean?
root@server [~]# ssh userx@server
Password:
Password:
Password:
userx@server's password:
Permission denied, please try again.
userx@server's password:
Received disconnect from xx.xxx.xxx.xxx: 2: Too many authentication failures for userx
What does this mean?
-
- Posts: 14
- Joined: 2010/06/02 19:58:51
Re: Unable to sudo
Modified /etc/ssh/sshd_config
added to Allow users the userx
This allowed me to log in via ssh as userx via
ssh userx@server
but sudo root returns the same
sorry, try again
3 incorrect password attempts
added to Allow users the userx
This allowed me to log in via ssh as userx via
ssh userx@server
but sudo root returns the same
sorry, try again
3 incorrect password attempts