244874 – cannot run sudo as non root user

Bug 244874 - cannot run sudo as non root user

Summary: cannot run sudo as non root user

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sudo
Sub Component:
Version:	7
Hardware:	All
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Peter Vrabec
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-19 16:11 UTC by Jeroen Beerstra
Modified:	2007-11-30 22:12 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-06-24 16:41:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
pam default policy (683 bytes, application/octet-stream) 2007-06-24 18:01 UTC, Jeroen Beerstra	no flags	Details
pam sudo policy (202 bytes, application/octet-stream) 2007-06-24 18:02 UTC, Jeroen Beerstra	no flags	Details
View All

Description Jeroen Beerstra 2007-06-19 16:11:09 UTC

Description of problem: whenever I try to run sudo as a non root user it keeps
asking me for a passwords and eventually bails out.


Version-Release number of selected component (if applicable): sudo-1.6.8p12-14.fc7


How reproducible:


Steps to Reproduce:
1. $sudo ls
2. enter root password 3 times
  
Actual results: sudo will bail out with an error


Expected results: sudo should accept my password


Additional info: I do use pam_mount for my cryptohomes, however it is not
included in either /etc/pam.d/system-auth nor /etc/pam.d/sudo

Comment 1 Peter Vrabec 2007-06-24 16:41:23 UTC

$ sudo grep wheel /etc/sudoers
Password:
## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL
# %wheel        ALL=(ALL)       NOPASSWD: ALL

$ id
uid=500(peter) gid=500(peter) groups=10(wheel),14(uucp),500(peter) 
context=user_u:system_r:unconfined_t

$ rpm -q fedora-release sudo
fedora-release-7-3
sudo-1.6.8p12-14.fc7

check your sudoers file, please.

Comment 2 Jeroen Beerstra 2007-06-24 17:41:47 UTC

$ sudo grep wheel /etc/sudoers
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
Sorry, try again.
sudo: 3 incorrect password attempts

# sudo grep wheel /etc/sudoers
## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL
# %wheel        ALL=(ALL)       NOPASSWD: ALL

$ id
uid=500(jeroen) gid=500(jeroen) groepen=10(wheel),500(jeroen)
context=user_u:system_r:unconfined_t

$ rpm -q fedora-release sudo
fedora-release-7-3
sudo-1.6.8p12-14.fc7

Strange, very strange, and yes I do know my root password ;)
The funny thing is if I enable this line in /etc/sudoers it does work, however
this is not what I want:

# grep jeroen /etc/sudoers
#jeroen ALL=(ALL)       NOPASSWD: ALL

Comment 3 Jeroen Beerstra 2007-06-24 18:01:20 UTC

Created attachment 157718 [details]
pam default policy

Comment 4 Jeroen Beerstra 2007-06-24 18:02:01 UTC

Created attachment 157719 [details]
pam sudo policy

Comment 5 Jeroen Beerstra 2007-06-24 18:03:20 UTC

Can this be related to pam_mount? I attached my /etc/pam.d/system-auth-ac and
/etc/pam.d/sudo, please be so kind to review these, I'm sure these are like they
should be, but just to make sure.

Comment 6 Peter Vrabec 2007-06-25 11:51:39 UTC

One important thing.
Sudo doesn't ask u for root password, it asks for password of the current 
user.

Comment 7 Jeroen Beerstra 2007-06-25 15:55:17 UTC

Thank you very much, my apologies for my ignorance when it comes to sudo. Been a
Redhat user for about a decade by now, but never really needed sudo.

Note You need to log in before you can comment on or make changes to this bug.