Is there something on yunohost that makes /etc/sudoers or /etc/sudoers.d/yourfile work different than expected?
I’ve been trying to give a user permission to reboot without entering their password, and I somehow can’t get it to work as expected at all.
I’ve created a file in /etc/sudoers.d/restart
with the line:
np ALL=NOPASSWD:/usr/sbin/reboot,/usr/sbin/shutdown,/sbin/reboot,/sbin/shutdown,/bin/systemctl
Just to experiment, I’ve also tried:
np ALL=(ALL:ALL) NOPASSWD:ALL
‘sudo visudo -c’ confirms all looks good:
/etc/sudoers: parsed OK
/etc/sudoers.d/README: parsed OK
/etc/sudoers.d/borg: parsed OK
/etc/sudoers.d/restart: parsed OK
yet somehow whenever I try to run any command with sudo as the user ‘np’ it always asks for the password
starting to hit my head against the wall
some log messages in /var/log/auth.log:
Aug 21 22:37:19 b1 sudo: pam_unix(sudo:auth): authentication failure; logname=np uid=43949 euid=0 tty=/dev/pts/2 ruser=np rhost= user=np
Aug 21 22:37:19 b1 sudo: pam_ldap(sudo:auth): Authentication failure; user=np
Aug 21 22:37:23 b1 sudo: pam_unix(sudo:auth): conversation failed
Aug 21 22:37:23 b1 sudo: pam_unix(sudo:auth): auth could not identify password for [np]
Aug 21 22:37:23 b1 sudo: pam_ldap(sudo:auth): failed to get password: Authentication failure
Aug 21 22:37:23 b1 sudo: np : 1 incorrect password attempt ; TTY=pts/2 ; PWD=/home/np ; USER=root ; COMMAND=/usr/sbin/reboot
I am not 100% sure, but I think you need to configure sudoers via LDAP, since YunoHost users are stored there.
Thank you @tituspijean , I found it confusing to figure out how to configure the sudo permission with LDAP from this documentation, but thanks to your post I was able to realize that if I manually created a new linux user on the system, they would not have their permissions handled by LDAP, and would have their sudo permissions handled by /etc/sudoers and /etc/suoders.d/ in the standard way.
So by creating a new user, and configuring them instead, it solved the issue !
1 Like