Hello!
I have this weird issue that started lately.
I'm login as normal user lets call it "guy" and I type the command:
sudo cat /etc/passwd
what happens next is this reply in the command line:
I'm not getting any prompt to enter password. (I don't have the "nopasswd" see the attachment image for the output:
How can I fix this? it was working before, the last thing that happen is a bad shutdown.
Thanks a lot
The first part of the message is the greeting banner for new sudo users. To me it seems that the configuration file for "sudo" (per default "/etc/sudoers") is not accessible for some reason (which might include corruptness).
Log in as root and check this file. Try a "visudo" as root and check the contents of the fle, then save it back.
I hope this helps.
bakunin
Hi bakunin,
and thanks for your reply.
The sudoers file is OK I tried to save it again didn't help also I tried to copy it from another working aix7 machine also didn't help.
Can you share the contents of /etc/sudoers? I suspect that there is a misconfiguration somewhere which means that the rules are invalid and the default is to refuse.
Please wrap code and data input/output in CODE tags, like this:-
to produce the following (fixed character width, space respected):-
This is my code
Not only does it make posts far easier to read, but CODE and ICODE sections respect multiple space and have fixed width characters, which is important for easily seeing input/output requirements.
Thanks, in advance,
Robin
dffd
---------- Post updated at 05:06 AM ---------- Previous update was at 05:01 AM ----------
sorry this is the whole file
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
yossi1 ALL=ALL
yossi ALL = ALL
alex AIX = ALL
XXX AIX53DEV = ALL
XXXSudoWithPass ALL = ALL
XXXSudoWithoutPass ALL=(ALL) NOPASSWD: ALL
### XXX TEAM ###
logon ALL=(ALL) ALL
logon4 ALL=(ALL) ALL
logon5 ALL=(ALL) ALL
logon9 ALL=(ALL) NOPASSWD: ALL
logon28 ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
prod ALL = NOPASSWD: /usr/bin/rpm,/bin/cp,/bin/mkdir,/bin/rm,/bin/chmod,/usr/bin/mv
s ALL = NOPASSWD: /usr/bin/rpm,/bin/cp,/bin/mkdir,/bin/rm,/bin/chmod,/usr/bin/mv
devyoav ALL= NOPASSWD: /usr/bin/rpm,/bin/cp,/bin/mkdir,/bin/rm,/bin/chmod,/usr/bin/mv,/usr/bin/smitty
devtXXX ALL=(ALL) ALL
XXX ALL=(ALL) ALL
XXX_1 ALL=(ALL) ALL
---------- Post updated at 05:15 AM ---------- Previous update was at 05:06 AM ----------
my problem is with the user logon
It does seem rather permissive at first glance. Maybe I'm just paranoid, but you have Fourteen accounts that can do whatever they like and a further three with restricted access, however all of them could edit replace the sudoers file and therefore do whatever they like too. If they can chmod, they can make it world writeable, edit it and then set the permissions back. With mv and cp, they can simply overwrite the sudoers file, or any file, such as /etc/passwd or /etc/security/passwd even.
Entries in this file should be very carefully considered and grant just the bare minimum required to do the job. if there are partial commands that you want to allow, e.g. cp in some directories but not in others, then you would be better to script up what they are allowed and grant them sudo privileges to run your script. Make sure that your script is secure from tampering too!
Developers just love having access to everything because it makes things easy, but security is like birth control - it gets in the way, but if your are caught out it can be very expensive to manage the impact. 
That said, I don't immediately see anything syntactically wrong. You don't have a user guy defined though, so I will do some testing with others.
I don't suppose you were logged in or sued to an account not listed were you?
Robin
Thanks Robin,
this environment is for testing only thats why we dont care about permissions.
if you are saying that nothing wrong with the file, so what else can cause the issue with the sudo command? for the example i do sudo command in a user name "logon" i dont get any prompt to enter credentials and then i get the error that you see in the attached picture in the first post...
Can you execute the below command from that user for listing.
sudo -l
When I run the command I get the same error message as shown in the picture on my first post:
AIX-7-DEV.lab.xxx:[/usr/bin]sudo -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
Hmmmm......
Can we see the output of these too? :-
ls -l /etc/sudoers
id
who am i
ps -f
Thanks,
Robin
Seems sudo is not configured/misconfigured.
Please reconfigure it for the respective user.
Or test with full access,
YourUserName ALL=NOPASSWD: ALL
AIX-7-DEV.lab.[/usr/bin]ls -l /etc/sudoers
-r--r----- 1 root system 3065 Sep 11 12:52 /etc/sudoers
AIX-7-DEV.lab.[/usr/bin]id
uid=284(logon) gid=1(staff)
AIX-7-DEV.lab.[/usr/bin]whoami
logon
AIX-7-DEV.lab[/usr/bin]ps -f
UID PID PPID C STIME TTY TIME CMD
logon 3801120 6291704 0 14:14:53 pts/0 0:00 ksh
logon 5636122 7864570 0 14:35:07 pts/0 0:00 ps -f
MorSudo 5963836 7143502 0 14:03:19 pts/0 0:00 bash
root 6291704 5963836 0 14:14:02 pts/0 0:00 bash
logon 6619344 7733378 0 14:33:00 pts/0 0:00 ksh
guy 6947002 3801120 0 14:21:58 pts/0 0:00 ksh
root 7077970 7405746 0 13:53:42 pts/0 0:00 -bash
root 7143502 7929910 0 13:58:56 pts/0 0:00 bash
guy 7667964 6619344 0 14:33:19 pts/0 0:00 ksh
guy 7733378 7798916 0 14:32:52 pts/0 0:00 ksh
root 7798916 6947002 0 14:32:10 pts/0 0:00 bash
logon 7864570 7667964 0 14:33:27 pts/0 0:00 ksh
logon 7929910 7077970 0 13:53:47 pts/0 0:00 ksh
AIX-7-DEV.lab.[/usr/bin]
---------- Post updated at 06:44 AM ---------- Previous update was at 06:41 AM ----------
with NOPASSWD argument in the sudoers file the sudo command working with no problems
---------- Post updated at 06:44 AM ---------- Previous update was at 06:44 AM ----------
with NOPASSWD argument in the sudoers file the sudo command working with no problems
Well, I was after the output from who am i rather than whoami , but the ps has picked up that information anyway.
I'm confused as to the process 2963836 owned by MorSudo How does this come in to things?
It seems to be several shells/users deep, switching shells ksh/bash and users (guy, root, logon & MorSudo) starting with the first process shown
root 6291704 5963836 0 14:14:02 pts/0 0:00 bash
Robin
i didnt understand you want me to kill some processes?
---------- Post updated at 07:03 AM ---------- Previous update was at 07:02 AM ----------
i killed that process, no change
Check by defining the user by group name.
Commment the existing one,
#logon ALL=(ALL) ALL
And by mention primary group name of logon user.
%primary_group_name ALL=(ALL) ALL
Thanks,
Thala
didnt work, did i needed to restart some service after that?
Hmmmmm , No.
Seems like configuration part is fine.
Coming to sudoer file, Are other users also facing the same problem?
Problem could in file permission, I'm not sure about the sudo file permission. Please compare with other servers and make it.
I noticed that your present working directory is /usr/bin/ while you sudo.
Try from your home directory and check.
all users facing the same problem.
running the sudo command from the home directory of a user didn't solve the issue
where is the sudo file located so i will check the file permissions ?
ls -l /etc/sudoers
It's in the thread already