| View previous topic :: View next topic |
| Author |
Message |
SunHateR
Tux's lil' helper
Joined: 13 Aug 2004
Posts: 79
|
 Posted: Tue Nov 17, 2009 1:28 am Post subject: [solved] Can't sudo |
 |
|
| Code: | bongo ~ # cat /etc/sudoers
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
%users ALL=(ALL) ALL
pavko ALL=(ALL) ALL
bongo ~ # su pavko
pavko@bongo /root $ groups
wheel users
pavko@bongo /root $ ls
ls: cannot open directory .: Permission denied
pavko@bongo /root $ sudo ls
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
Sorry, try again.
sudo: 3 incorrect password attempts
pavko@bongo /root $ exit
exit
bongo ~ # cat /var/log/debug | tail -1
Nov 17 03:22:32 bongo sudo: pavko : 3 incorrect password attempts ; TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/ls
bongo ~ # emerge --info
Portage 2.1.6.13 (selinux/2007.0/amd64/hardened, gcc-3.4.6, glibc-2.9_p20081201-r2, 2.6.28-hardened-r7 x86_64)
=================================================================
System uname: Linux-2.6.28-hardened-r7-x86_64-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_4600+-with-gentoo-1.12.13
Timestamp of tree: Tue, 17 Nov 2009 01:00:01 +0000
app-shells/bash: 4.0_p28
dev-lang/python: 2.6.2-r1
sys-apps/baselayout: 1.12.13
sys-apps/sandbox: 1.6-r2
sys-devel/autoconf: 2.63-r1
sys-devel/automake: 1.9.6-r2, 1.10.2
sys-devel/binutils: 2.18-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool: 2.2.6a
virtual/os-headers: 2.6.27-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O2 -pipe -msse -msse2 -mmmx -m3dnow"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=athlon64 -O2 -pipe -msse -msse2 -mmmx -m3dnow"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks fixpackages loadpolicy parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS=" http://distfiles.gentoo.bg/ http://ftp.gentoo.bg/ "
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LDFLAGS="-Wl,-O1"
LINGUAS="en bg"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 7zip amd64 berkdb bzip2 cli cracklib crypt djvu dri encode exif faac faad fortran gd hardened iconv jbig jpeg jpeg2k lcms mailwrapper mmx mmxext modules mudflap ncurses nls ogg openexr openmp pam pcre perl pic png pppd python readline reflection selinux session slang spl sse sse2 ssl svg symlink tcpd tiff truetype unicode unzip vhosts wmf xml xorg zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES=" actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif speling status unique_id userdir usertrack vhost_alias " ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en bg" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
bongo ~ #
|
Last edited by SunHateR on Tue Nov 17, 2009 12:41 pm; edited 1 time in total |
|
| Back to top |
|
 |
Yttrium
n00b
Joined: 22 Oct 2009
Posts: 29
Location: Germany
|
| Posted: Tue Nov 17, 2009 9:50 am Post subject: |
|
|
Just tried it and I found out you have to enter the password for pavko and not for root. Nevertheless at my first and second try I used the root password, too. Obviously we didn't follow sudo rule #2  . The invalid password message really means "invalid password" in this case. Indeed it would be strange if sudoers needed to know the root password.
One line is sufficient:
| Code: | | %wheel ALL=(ALL) ALL |
or | Code: | | pavko ALL=(ALL) ALL |
I don't know if
| Code: | | %users ALL=(ALL) ALL |
is actually what you want.
_________________
LILA - Live Iptables Log Analyzer |
|
| Back to top |
|
|
SunHateR
Tux's lil' helper
Joined: 13 Aug 2004
Posts: 79
|
| Posted: Tue Nov 17, 2009 12:34 pm Post subject: |
|
|
| It works! 10x! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
