Novell Home

My Favorites

Close

Please to see your favorites.

Why aren't my LUM-enabled users able to run sudo commands?

This document (7011441) is provided subject to the disclaimer at the end of this document.

Environment

Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 11 (OES 11) Linux

Situation

Trying to run "sudo command_or_script" does not successfully run the indicated command_or_script.  This is despite the LUM group, that the user is a member of, is properly listed in /etc/sudoers and was added with visudo.

Some error seen were:
  • multiple "bash: /dev/null: Permission denied" upon login or su to user
  • the following info:
    We trust you have received the usual lecture from the local System
    Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.


  • prompted for the password of the user 
  • if you enter the correct password, you will see:
      userName is not in the sudoers file. This incident will be reported.

Resolution

Ensure that any LUM groups in the given eDirectory tree are unique in regards to:
  • name of group
  • gidNumber of the group

If you find you have 2 groups with the same name, the easiest way to remedy is to rename one of the two groups, and then add that group to the sudoers file with the same authorizations as it's previous name.

Additional Information

LUM requires unique group name and gidNumber for LUM-enabled groups.  If there are 2 or more LUM-enabled groups with the same name, you may see odd behavior running sudo or other functions that rely on LUM groups.

A quick way to list all groups that are LUM-enabled is to run the following from a server in the tree:

    ldapsearch -x -h localhost -b "(&(objectClass=groupOfNames)(gidNumber=*))"

This will do a subtree search in the current tree, beginning at the [root] of the tree and return every group that has a gid # associated to it -- which is indicative of a LUM-enabled group.  You can redirect the output to a file with "> filename" and review that data later.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011441
  • Creation Date:29-NOV-12
  • Modified Date:29-NOV-12
    • NovellOpen Enterprise Server

Did this document solve your problem? Provide Feedback