Hey all,
I recently had to move an Ubuntu server to a new network. After I hooked it up again, I find I can no longer sudo, even though I was able to previously.
Does this mean a network problem is interfering with sudo (perhaps via PAM or something?) I don't really know the ins and outs of linux security.
Thx! Tom
-
The only way moving a machine to a new network can change your auth setup is if your auth setup depends on authorizing via the network somehow, like via LDAP or something. Your PAM config would indeed be involed in this, so you should look there at least to start figuring out what needs fixing.
James Lawrie : I doubt networking would be involved here - regardless of his origin network, once he's logged into the server he'll be sudoing from localhost, right?pjz : Sure, but sudoing can rely on groups which can be defined in, say, LDAP for example. There's really not enough data on his auth setup to tell, so it's all just guessing at random.From pjz -
Are there hostname-based restrictions on the commands in your sudoers?
The user specifications say which users, on which machines, can invoke which commands (as which target user). Often, the machine restriction is given as
ALL, but perhaps it isn't in your setup?From Phil P -
Turns out the reason was really stupid: a CIFS share couldn't be located on the new network, causing the mount.cifs utility to repeatedly log to the console and screw up all keyboard input. This meant that in reality I couldn't even log in let alone sudo.
Once I removed the CIFS share from /etc/fstab, everything worked just fine, including sudo.
Thanks to all for their input. :)
From Tom
0 comments:
Post a Comment