Partial Summary: can't do "sudo -s" on hardened box

From: Gold Sun <goldsun8_at_yahoo.com.sg>
Date: Thu Apr 14 2005 - 05:21:57 EDT
Hi,
 
Thanks to all who responded but looks like Bill's reply
fits my problem here but I still haven't resolve my problem :
 
Below is what I have in /etc/sudoers (line without the #) :

# Defaults override compiled-in values
Defaults mailto="root", mail_no_user, mail_no_host, mail_no_perms
Defaults tty_tickets,!root_sudo,umask=0077,ignore_dot,timestamp_timeout=5
Defaults syslog=auth
Cmnd_Alias SHELLS=/usr/bin/ksh, /usr/bin/csh, /usr/bin/sh, /usr/bin/rsh, /bin/ksh, /bin/csh, /bin/sh, /bin/rsh
#-----------[ Summary Specification ]------------#
# format is WHO WHERE=(ASWHO) COMMANDS
#
# all upper case WHO is probably a sudo User_Alias
# all lower case WHO is probably a userid
# % at beginning of WHO is a UNIX (or DCE) Group name
#
# all upper case WHERE is probably a sudo Host_Alias
# all lower case WHERE is probably a system name
# User privilege specification
#ADMINS ALL=ALL
root ALL=(ALL) ALL
%smcadmin ALL=ALL
%helpdesk ALL=ALL, 

 But even if my 9gohpo id were to be part of helpdesk or
 smcadmin in /etc/group,  it still doesnt allow my id to 'sudo -s' 
 with  message below:
$ sudo -s
Password:
Sorry, user 9gohpo is not allowed to execute '/usr/bin/ksh' as
  root on sp01qtt02ist5s5.
$
 
Something extracted from /var/adm/messages :

Apr 14 16:05:28 sp01qtt02ist5s5 sudo: [ID 702911 auth.alert]   9gohpo : command not allowed ; TTY=pts/1 ; PWD=/home/9gohpo ; USER=root ; COMMAND=/usr/bin/ksh
Apr 14 16:05:28 sp01qtt02ist5s5 sudo: [ID 702911 auth.alert]   9gohpo : command not allowed ; TTY=pts/1 ; PWD=/home/9gohpo ; USER=root ; COMMAND=/usr/bin/ksh
Apr 14 16:05:28 sp01qtt02ist5s5 sudo: [ID 702911 auth.alert]   9gohpo : command not allowed ; TTY=pts/1 ; PWD=/home/9gohpo ; USER=root ; COMMAND=/usr/bin/ksh
Apr 14 16:05:28 sp01qtt02ist5s5 sendmail[9649]: [ID 801593 mail.info] j3E85S19009649: from=9gohpo, size=213, class=0, nrcpts=1, msgid=<200504140805.j3E85S19009649@sp01qtt02ist5s5.infra.sgdcw.mebs.ihost.com>, relay=root@localhost
Apr 14 16:05:28 sp01qtt02ist5s5 sendmail[9649]: [ID 801593 mail.info] j3E85S19009649: from=9gohpo, size=213, class=0, nrcpts=1, msgid=<200504140805.j3E85S19009649@sp01qtt02ist5s5.infra.sgdcw.mebs.ihost.com>, relay=root@localhost
Apr 14 16:05:28 sp01qtt02ist5s5 sendmail[9649]: [ID 801593 mail.info] j3E85S19009649: from=9gohpo, size=213, class=0, nrcpts=1, msgid=<200504140805.j3E85S190096
 

Bill Teeple <bill.teeple@finisar.com> wrote:

If you couldn't enter into SUDO mode, you would get an error message that you 'are not part of the Sudoers group, and that your actions would be reported' - so your predicament doesn't have anything to do with that.

When you enter the 'sudo' command, it just doesn't like your password - check the /var/adm/messages file to see if any error messages are displayed (you may need root access to attain this).

You may need to tweak your log settings:

Q) Sudo is setup to log via syslog(3) but I'm not getting any log
messages.
A) Make sure you have an entry in your syslog.conf file to save
the sudo messages (see the sample.syslog.conf file). The default
log facility is local2 (changeable via configure). Don't forget
to send a SIGHUP to your syslogd so that it re-reads its conf file.
Also, remember that syslogd does *not* create log files, you need to
create the file before syslogd will log to it (ie: touch /var/log/sudo).
Note: the facility ("local2.debug") must be separated from the 
destination ("/var/adm/sudo.log" or "@loghost") by
tabs, *not* spaces. This is a common error.


Give that a shot and see what you come up with.
Bill


-----Original Message-----
From: Gold Sun [mailto:goldsun8@yahoo.com.sg]
Sent: Wed 4/13/2005 12:16 AM
To: sunmanagers@sunmanagers.org
Cc: 
Subject: can't do "sudo -s" on hardened box
Hi,

I have a hardened Solaris box.
I was told by a remote colleague that I can't
do "sudo -s" because I have not included
my id into sudo. How do I do that?
Can I just edit /etc/sudoers ?

The following is a screen dump 

login as: myuserid
myuserid@10.196.16.15's password:
$
$ sudo -s
Password:
Sorry, try again.
Password:





Yahoo! Mobile
- Download the latest ringtones, games, and more!
Yahoo! Mobile
- Download the latest ringtones, games, and more!
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers




 Yahoo! Mobile
- Download the latest ringtones, games, and more!
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu Apr 14 05:22:28 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:45 EST