[sudo-users] Bizarre sudo behavior - password authentication

Wood, Mike Mike.Wood at kci1.com
Tue Aug 26 09:43:39 EDT 2008

Hi All,

I'm seeing very strange behavior with the sudo Oracle Enterprise Linux 4.6 (Basically Red Hat).
I've stripped out as many variables as possible to simplify the problem.
It appears that any anything without the NOPASSWD directive automatically fails all 3 password attempts without ever giving me the chance to type anything.
$ sudo -V
Sudo version 1.6.9p13
$ sudo -l
User acostad may run the following commands on this host:
    (root) NOPASSWD: /bin/ls
    (root) /bin/su - root
$ sudo su - root

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts

I've stripped /etc/sudoers file down to just that user's 2 entries:
# cat /etc/sudoers
acostad         ALL = NOPASSWD:/bin/ls
acostad         ALL = /bin/su - root

BTW - if I remove the NOPASSWD from the first command, even sudo -l fails the 3 password attempts automagically.


Mike Wood
UNIX System Administrator
Kinetic Concepts Inc.
5751 NW Parkway
San Antonio, TX, 78249

E-mail:  mike.wood at kci1.com
Office:  (210) 255-6382
Mobile:  (210) 825-5134

"CONFIDENTIALITY NOTICE:  This transmission (including any
accompanying attachments) is confidential, is intended only for the
individual or entity named above, and is likely to contain privileged, 
proprietary and confidential information that is exempt from disclosure 
requests under applicable law.  If you are not the intended recipient, 
you are hereby notified that any disclosure, copying, distribution, use 
of or reliance upon any of the information contained in this transmission
is strictly prohibited.  Any inadvertent or unauthorized disclosure shall 
not compromise or waive the confidentiality of this transmission or any 
applicable attorney-client privilege. 

If you have received this transmission in error, please immediately 
notify us at postmaster at kci1.com."

Kinetic Concepts, Inc.


More information about the sudo-users mailing list