[sudo-users] sudo not working, please help

a gomezro agomezro at gmail.com
Wed Jul 3 09:10:40 MDT 2013


Hi Everybody,

I'm locked with an issue configuring sudo.
First of all I'm running sudo on a CentOS 6.4 server, where sudoers is
already in use without any issue (but this one).
I'm trying to grant nagios user permission to run commands as asterisk
user, both of them are locally defined:

[root at astertest ~]# grep nagios /etc/passwd
nagios:x:510:510:Usuario para nagios:/home/nagios:/bin/bash
[root at astertest ~]# grep asterisk /etc/passwd
asterisk:x:500:500::/home/asterisk:/bin/bash
[root at astertest ~]# hostname
astertest

My sudoers file has the following line:

[root at astertest ~]# grep ^nagios /etc/sudoers
nagios  astertest=(asterisk) NOPASSWD:
/usr/local/nagios/libexec/nagisk.pl/usr/local/nagios/libexec/check_asterisk_channels
/usr/local/nagios/libexec/check_peers.sh

When I check for nagios's permissions it looks fine:

[root at astertest ~]# sudo -U nagios -l
Matching Defaults entries for nagios on this host:
    env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR
LS_COLORS MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE LC_COLLATE
LC_IDENTIFICATION
    LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

User nagios may run the following commands on this host:
    (asterisk) NOPASSWD:
/usr/local/nagios/libexec/nagisk.pl/usr/local/nagios/libexec/check_asterisk_channels
/usr/local/nagios/libexec/check_peers.sh

Then I try to run any of these allowed commands and got the following:

-bash-4.1$ id
uid=510(nagios) gid=510(nagios) grupos=510(nagios)
-bash-4.1$ id asterisk
uid=500(asterisk) gid=500(asterisk) grupos=10(wheel),500(asterisk)
-bash-4.1$ sudo -u asterisk /usr/local/nagios/libexec/nagisk.pl
[sudo] password for nagios:
Sorry, user nagios is not allowed to execute '/usr/local/nagios/libexec/
nagisk.pl' as asterisk on astertest.


First of all it should never ask for a password because I'm using NOPASSWD:
option.
Typed password was ok because of the message.
Bad password lead sudo to ask for the password again.
More than that, nagios isn't allowed as it should be.

What can be wrong ?
Many thanks in advance.


More information about the sudo-users mailing list