[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lmi-commits] [lmi] master 51d3196: Make 'sudo' work in a centos chroot
From: |
Greg Chicares |
Subject: |
[lmi-commits] [lmi] master 51d3196: Make 'sudo' work in a centos chroot |
Date: |
Thu, 4 Jun 2020 14:17:36 -0400 (EDT) |
branch: master
commit 51d3196109f79d201cb1d6f77ed1301366e80143
Author: Gregory W. Chicares <gchicares@sbcglobal.net>
Commit: Gregory W. Chicares <gchicares@sbcglobal.net>
Make 'sudo' work in a centos chroot
Searching centos.org for
"is not in the sudoers file"
finds only the usual advice:
- add user to 'wheel' group
- make sure 'wheel' group actually has sudo privileges
- pay close attention to <Tab> vs. <Space>
but only brute force seems to work.
---
lmi_setup_05c.sh | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/lmi_setup_05c.sh b/lmi_setup_05c.sh
index b5d8a0f..5f67180 100755
--- a/lmi_setup_05c.sh
+++ b/lmi_setup_05c.sh
@@ -73,6 +73,35 @@ useradd \
# Where debian has a 'sudo' group, redhat has a 'wheel' group.
# The difference seems to be nominal; neither is GID 0.
usermod -aG wheel "${NORMAL_USER}"
+# Nevertheless, after exiting the chroot and reentering as 'greg':
+# $groups greg
+# greg : lmi wheel
+# $sudo visudo
+# sudo: no tty present and no askpass program specified
+# $sudo -S visudo
+# greg is not in the sudoers file. This incident will be reported.
+# $visudo
+# greg is not in the sudoers file.
+# $newgrp wheel
+# $sudo visudo
+# sudo: no tty present and no askpass program specified
+# even though the default /etc/sudoers contains:
+# %wheel<Tab>ALL=(ALL)<Tab>ALL
+# Enabling the 'wheel' group with no password and disabling
+# 'requiretty', as shown below, didn't suffice...so explicitly add
+# the normal user:
+{
+ printf '# Customizations:\n'
+ printf '\n'
+ printf '# Disable "requiretty" if necessary--see:\n'
+ printf '# https://bugzilla.redhat.com/show_bug.cgi?id=1020147\n'
+ printf '# Defaults !requiretty\n'
+ printf '\n'
+ printf '%%wheel\tALL=(ALL)\tNOPASSWD: ALL\n'
+ printf -- '%s\tALL=(ALL)\tNOPASSWD: ALL\n' "${NORMAL_USER}"
+} >/etc/sudoers.d/"${NORMAL_USER}"
+chmod 0440 /etc/sudoers.d/"${NORMAL_USER}"
+visudo -cs
chsh -s /bin/zsh root
chsh -s /bin/zsh "${NORMAL_USER}"
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lmi-commits] [lmi] master 51d3196: Make 'sudo' work in a centos chroot,
Greg Chicares <=