Know password, but can't SU or run commands with sudo [closed]
Clash Royale CLAN TAG#URR8PPP
up vote
-1
down vote
favorite
This issue popped up about a week ago, not sure what caused it. Previously the environment had been working as expected. Using a VM hosted on VMWare tools, uname -a returns roughly the following.
-virtual-machine 4.10.0-38-generic #42~16.04.1-Ubuntu SMP Tue Oct 10 16:32:20 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
For example, sudo su root returns
"Sorry, user linuxUser is not allowed to execute '/bin/su root' as root on linuxUser-virtual-machine."
sudo apt-get install vim
"Sorry, user linuxUser is not allowed to execute '/usr/bin/apt-get install vim' as root on linuxUser-virtual-machine".
However I can execute commands as linuxUser, like ls -la or vim.
id returns the following
uid=1000(linuxUser) gid=1000(linuxUser) groups=1000(linuxUser),999(docker)
What I've tried
- editing sudodoers, I can't modify the file because I don't have root access
- Changing linuxUser's password, had no effect
I've googled around pretty heavily on this, but it seems like most users are either still able to execute sudo commands or are still able to switch to root. Any ideas?
sudo -l -U linuxUser returns the following
Matching Defaults entries for linuxUser on linuxUser-virtual-machine:
env_reset, mail_badpass,
secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
User linuxUser may run the following commands on linuxUser-virtual-machine:
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
POSTMORTEM EDIT: Hey All, I fixed the issue with https://askubuntu.com/questions/70442/how-do-i-add-myself-back-as-a-sudo-user. Thanks for the help!
linux ubuntu linux-mint sudo root
closed as off-topic by Jeff Schaller, msp9011, jimmij, Dmitry Grigoryev, thrig Aug 16 at 15:08
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Questions describing a problem that can't be reproduced and seemingly went away on its own (or went away when a typo was fixed) are off-topic as they are unlikely to help future readers." â Jeff Schaller, msp9011, jimmij, Dmitry Grigoryev, thrig
 |Â
show 6 more comments
up vote
-1
down vote
favorite
This issue popped up about a week ago, not sure what caused it. Previously the environment had been working as expected. Using a VM hosted on VMWare tools, uname -a returns roughly the following.
-virtual-machine 4.10.0-38-generic #42~16.04.1-Ubuntu SMP Tue Oct 10 16:32:20 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
For example, sudo su root returns
"Sorry, user linuxUser is not allowed to execute '/bin/su root' as root on linuxUser-virtual-machine."
sudo apt-get install vim
"Sorry, user linuxUser is not allowed to execute '/usr/bin/apt-get install vim' as root on linuxUser-virtual-machine".
However I can execute commands as linuxUser, like ls -la or vim.
id returns the following
uid=1000(linuxUser) gid=1000(linuxUser) groups=1000(linuxUser),999(docker)
What I've tried
- editing sudodoers, I can't modify the file because I don't have root access
- Changing linuxUser's password, had no effect
I've googled around pretty heavily on this, but it seems like most users are either still able to execute sudo commands or are still able to switch to root. Any ideas?
sudo -l -U linuxUser returns the following
Matching Defaults entries for linuxUser on linuxUser-virtual-machine:
env_reset, mail_badpass,
secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
User linuxUser may run the following commands on linuxUser-virtual-machine:
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
POSTMORTEM EDIT: Hey All, I fixed the issue with https://askubuntu.com/questions/70442/how-do-i-add-myself-back-as-a-sudo-user. Thanks for the help!
linux ubuntu linux-mint sudo root
closed as off-topic by Jeff Schaller, msp9011, jimmij, Dmitry Grigoryev, thrig Aug 16 at 15:08
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Questions describing a problem that can't be reproduced and seemingly went away on its own (or went away when a typo was fixed) are off-topic as they are unlikely to help future readers." â Jeff Schaller, msp9011, jimmij, Dmitry Grigoryev, thrig
4
if you have taken yourself out of the sudo group by accident, you wont be able to use sudo.
â Rui F Ribeiro
Aug 15 at 13:07
Perhaps you don't have root authority on this system?
â Jeff Schaller
Aug 15 at 13:08
You should show the sudodoers file. Did you change something in that file?
â RalfFriedl
Aug 15 at 13:09
@RalfFriedl, not sure how to view sudodoers without admin access. The file has not been modified since 2017.
â ronald mcdolittle
Aug 15 at 13:12
@JeffSchaller how can I check if I have authority?
â ronald mcdolittle
Aug 15 at 13:12
 |Â
show 6 more comments
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
This issue popped up about a week ago, not sure what caused it. Previously the environment had been working as expected. Using a VM hosted on VMWare tools, uname -a returns roughly the following.
-virtual-machine 4.10.0-38-generic #42~16.04.1-Ubuntu SMP Tue Oct 10 16:32:20 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
For example, sudo su root returns
"Sorry, user linuxUser is not allowed to execute '/bin/su root' as root on linuxUser-virtual-machine."
sudo apt-get install vim
"Sorry, user linuxUser is not allowed to execute '/usr/bin/apt-get install vim' as root on linuxUser-virtual-machine".
However I can execute commands as linuxUser, like ls -la or vim.
id returns the following
uid=1000(linuxUser) gid=1000(linuxUser) groups=1000(linuxUser),999(docker)
What I've tried
- editing sudodoers, I can't modify the file because I don't have root access
- Changing linuxUser's password, had no effect
I've googled around pretty heavily on this, but it seems like most users are either still able to execute sudo commands or are still able to switch to root. Any ideas?
sudo -l -U linuxUser returns the following
Matching Defaults entries for linuxUser on linuxUser-virtual-machine:
env_reset, mail_badpass,
secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
User linuxUser may run the following commands on linuxUser-virtual-machine:
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
POSTMORTEM EDIT: Hey All, I fixed the issue with https://askubuntu.com/questions/70442/how-do-i-add-myself-back-as-a-sudo-user. Thanks for the help!
linux ubuntu linux-mint sudo root
This issue popped up about a week ago, not sure what caused it. Previously the environment had been working as expected. Using a VM hosted on VMWare tools, uname -a returns roughly the following.
-virtual-machine 4.10.0-38-generic #42~16.04.1-Ubuntu SMP Tue Oct 10 16:32:20 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
For example, sudo su root returns
"Sorry, user linuxUser is not allowed to execute '/bin/su root' as root on linuxUser-virtual-machine."
sudo apt-get install vim
"Sorry, user linuxUser is not allowed to execute '/usr/bin/apt-get install vim' as root on linuxUser-virtual-machine".
However I can execute commands as linuxUser, like ls -la or vim.
id returns the following
uid=1000(linuxUser) gid=1000(linuxUser) groups=1000(linuxUser),999(docker)
What I've tried
- editing sudodoers, I can't modify the file because I don't have root access
- Changing linuxUser's password, had no effect
I've googled around pretty heavily on this, but it seems like most users are either still able to execute sudo commands or are still able to switch to root. Any ideas?
sudo -l -U linuxUser returns the following
Matching Defaults entries for linuxUser on linuxUser-virtual-machine:
env_reset, mail_badpass,
secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
User linuxUser may run the following commands on linuxUser-virtual-machine:
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
POSTMORTEM EDIT: Hey All, I fixed the issue with https://askubuntu.com/questions/70442/how-do-i-add-myself-back-as-a-sudo-user. Thanks for the help!
linux ubuntu linux-mint sudo root
linux ubuntu linux-mint sudo root
edited Aug 16 at 14:05
asked Aug 15 at 13:03
ronald mcdolittle
32
32
closed as off-topic by Jeff Schaller, msp9011, jimmij, Dmitry Grigoryev, thrig Aug 16 at 15:08
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Questions describing a problem that can't be reproduced and seemingly went away on its own (or went away when a typo was fixed) are off-topic as they are unlikely to help future readers." â Jeff Schaller, msp9011, jimmij, Dmitry Grigoryev, thrig
closed as off-topic by Jeff Schaller, msp9011, jimmij, Dmitry Grigoryev, thrig Aug 16 at 15:08
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Questions describing a problem that can't be reproduced and seemingly went away on its own (or went away when a typo was fixed) are off-topic as they are unlikely to help future readers." â Jeff Schaller, msp9011, jimmij, Dmitry Grigoryev, thrig
4
if you have taken yourself out of the sudo group by accident, you wont be able to use sudo.
â Rui F Ribeiro
Aug 15 at 13:07
Perhaps you don't have root authority on this system?
â Jeff Schaller
Aug 15 at 13:08
You should show the sudodoers file. Did you change something in that file?
â RalfFriedl
Aug 15 at 13:09
@RalfFriedl, not sure how to view sudodoers without admin access. The file has not been modified since 2017.
â ronald mcdolittle
Aug 15 at 13:12
@JeffSchaller how can I check if I have authority?
â ronald mcdolittle
Aug 15 at 13:12
 |Â
show 6 more comments
4
if you have taken yourself out of the sudo group by accident, you wont be able to use sudo.
â Rui F Ribeiro
Aug 15 at 13:07
Perhaps you don't have root authority on this system?
â Jeff Schaller
Aug 15 at 13:08
You should show the sudodoers file. Did you change something in that file?
â RalfFriedl
Aug 15 at 13:09
@RalfFriedl, not sure how to view sudodoers without admin access. The file has not been modified since 2017.
â ronald mcdolittle
Aug 15 at 13:12
@JeffSchaller how can I check if I have authority?
â ronald mcdolittle
Aug 15 at 13:12
4
4
if you have taken yourself out of the sudo group by accident, you wont be able to use sudo.
â Rui F Ribeiro
Aug 15 at 13:07
if you have taken yourself out of the sudo group by accident, you wont be able to use sudo.
â Rui F Ribeiro
Aug 15 at 13:07
Perhaps you don't have root authority on this system?
â Jeff Schaller
Aug 15 at 13:08
Perhaps you don't have root authority on this system?
â Jeff Schaller
Aug 15 at 13:08
You should show the sudodoers file. Did you change something in that file?
â RalfFriedl
Aug 15 at 13:09
You should show the sudodoers file. Did you change something in that file?
â RalfFriedl
Aug 15 at 13:09
@RalfFriedl, not sure how to view sudodoers without admin access. The file has not been modified since 2017.
â ronald mcdolittle
Aug 15 at 13:12
@RalfFriedl, not sure how to view sudodoers without admin access. The file has not been modified since 2017.
â ronald mcdolittle
Aug 15 at 13:12
@JeffSchaller how can I check if I have authority?
â ronald mcdolittle
Aug 15 at 13:12
@JeffSchaller how can I check if I have authority?
â ronald mcdolittle
Aug 15 at 13:12
 |Â
show 6 more comments
3 Answers
3
active
oldest
votes
up vote
1
down vote
accepted
User linuxUser may run the following commands on linuxUser-virtual-machine:
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
Well, that rather plainly says that you're not authorized (as far as sudo
is concerned) to run anything other than that script.
If you were allowed to run arbitrary commands, there would be a line in the output to that effect:
User thisuser may run the following commands on thishost:
(ALL : ALL) ALL
(root) NOPASSWD: /some/other/utility
That access could be given by username, or by group membership.
someuser ALL=(ALL:ALL) ALL # by user
%sudo ALL=(ALL:ALL) ALL # by group
If the /etc/sudoers
file has not been modified, then perhaps your membership in the sudo
group has been removed (the group could have some other name, of course)?
There's no way to know, without seeing the configuration, which you can't see without sufficient access. Reinstall and restore from backups, or open the disk (image) in another system where you have enough access.
Quite the opposite, actually.(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
indicates that the user is allowed to run that script with no password. I don't see any indication that the user is allowed to run anything other than that.
â Tim Kennedy
Aug 15 at 14:42
1
@TimKennedy, added the missing negation to the first sentence... thanks.
â ilkkachu
Aug 15 at 14:43
Accepting this because it was the closest, the easy fix was to do askubuntu.com/questions/70442/â¦
â ronald mcdolittle
Aug 16 at 14:07
add a comment |Â
up vote
0
down vote
Try to mount the system disk (system disk file) to a reliable linux system where you have the root rights. Then you can investigate the passwd
, group
, sudoers
and all other relevant files, and/or you can use chroot
to enter into the failing system.
add a comment |Â
up vote
0
down vote
Note that Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.
is a different error to %s is not in the sudoers file
. (I have not read source, I just ran strings
in the code in /usr/lib/sudo/*
.)
Therefore you may still be in sudoers file. Someone may have reconfigured it.
Try various commands, you may find something that will help you. If not then you need to mount the disk on a different OS instance, and fix it.
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
User linuxUser may run the following commands on linuxUser-virtual-machine:
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
Well, that rather plainly says that you're not authorized (as far as sudo
is concerned) to run anything other than that script.
If you were allowed to run arbitrary commands, there would be a line in the output to that effect:
User thisuser may run the following commands on thishost:
(ALL : ALL) ALL
(root) NOPASSWD: /some/other/utility
That access could be given by username, or by group membership.
someuser ALL=(ALL:ALL) ALL # by user
%sudo ALL=(ALL:ALL) ALL # by group
If the /etc/sudoers
file has not been modified, then perhaps your membership in the sudo
group has been removed (the group could have some other name, of course)?
There's no way to know, without seeing the configuration, which you can't see without sufficient access. Reinstall and restore from backups, or open the disk (image) in another system where you have enough access.
Quite the opposite, actually.(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
indicates that the user is allowed to run that script with no password. I don't see any indication that the user is allowed to run anything other than that.
â Tim Kennedy
Aug 15 at 14:42
1
@TimKennedy, added the missing negation to the first sentence... thanks.
â ilkkachu
Aug 15 at 14:43
Accepting this because it was the closest, the easy fix was to do askubuntu.com/questions/70442/â¦
â ronald mcdolittle
Aug 16 at 14:07
add a comment |Â
up vote
1
down vote
accepted
User linuxUser may run the following commands on linuxUser-virtual-machine:
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
Well, that rather plainly says that you're not authorized (as far as sudo
is concerned) to run anything other than that script.
If you were allowed to run arbitrary commands, there would be a line in the output to that effect:
User thisuser may run the following commands on thishost:
(ALL : ALL) ALL
(root) NOPASSWD: /some/other/utility
That access could be given by username, or by group membership.
someuser ALL=(ALL:ALL) ALL # by user
%sudo ALL=(ALL:ALL) ALL # by group
If the /etc/sudoers
file has not been modified, then perhaps your membership in the sudo
group has been removed (the group could have some other name, of course)?
There's no way to know, without seeing the configuration, which you can't see without sufficient access. Reinstall and restore from backups, or open the disk (image) in another system where you have enough access.
Quite the opposite, actually.(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
indicates that the user is allowed to run that script with no password. I don't see any indication that the user is allowed to run anything other than that.
â Tim Kennedy
Aug 15 at 14:42
1
@TimKennedy, added the missing negation to the first sentence... thanks.
â ilkkachu
Aug 15 at 14:43
Accepting this because it was the closest, the easy fix was to do askubuntu.com/questions/70442/â¦
â ronald mcdolittle
Aug 16 at 14:07
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
User linuxUser may run the following commands on linuxUser-virtual-machine:
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
Well, that rather plainly says that you're not authorized (as far as sudo
is concerned) to run anything other than that script.
If you were allowed to run arbitrary commands, there would be a line in the output to that effect:
User thisuser may run the following commands on thishost:
(ALL : ALL) ALL
(root) NOPASSWD: /some/other/utility
That access could be given by username, or by group membership.
someuser ALL=(ALL:ALL) ALL # by user
%sudo ALL=(ALL:ALL) ALL # by group
If the /etc/sudoers
file has not been modified, then perhaps your membership in the sudo
group has been removed (the group could have some other name, of course)?
There's no way to know, without seeing the configuration, which you can't see without sufficient access. Reinstall and restore from backups, or open the disk (image) in another system where you have enough access.
User linuxUser may run the following commands on linuxUser-virtual-machine:
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
Well, that rather plainly says that you're not authorized (as far as sudo
is concerned) to run anything other than that script.
If you were allowed to run arbitrary commands, there would be a line in the output to that effect:
User thisuser may run the following commands on thishost:
(ALL : ALL) ALL
(root) NOPASSWD: /some/other/utility
That access could be given by username, or by group membership.
someuser ALL=(ALL:ALL) ALL # by user
%sudo ALL=(ALL:ALL) ALL # by group
If the /etc/sudoers
file has not been modified, then perhaps your membership in the sudo
group has been removed (the group could have some other name, of course)?
There's no way to know, without seeing the configuration, which you can't see without sufficient access. Reinstall and restore from backups, or open the disk (image) in another system where you have enough access.
edited Aug 15 at 14:43
answered Aug 15 at 14:32
ilkkachu
51.1k678141
51.1k678141
Quite the opposite, actually.(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
indicates that the user is allowed to run that script with no password. I don't see any indication that the user is allowed to run anything other than that.
â Tim Kennedy
Aug 15 at 14:42
1
@TimKennedy, added the missing negation to the first sentence... thanks.
â ilkkachu
Aug 15 at 14:43
Accepting this because it was the closest, the easy fix was to do askubuntu.com/questions/70442/â¦
â ronald mcdolittle
Aug 16 at 14:07
add a comment |Â
Quite the opposite, actually.(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
indicates that the user is allowed to run that script with no password. I don't see any indication that the user is allowed to run anything other than that.
â Tim Kennedy
Aug 15 at 14:42
1
@TimKennedy, added the missing negation to the first sentence... thanks.
â ilkkachu
Aug 15 at 14:43
Accepting this because it was the closest, the easy fix was to do askubuntu.com/questions/70442/â¦
â ronald mcdolittle
Aug 16 at 14:07
Quite the opposite, actually.
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
indicates that the user is allowed to run that script with no password. I don't see any indication that the user is allowed to run anything other than that.â Tim Kennedy
Aug 15 at 14:42
Quite the opposite, actually.
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
indicates that the user is allowed to run that script with no password. I don't see any indication that the user is allowed to run anything other than that.â Tim Kennedy
Aug 15 at 14:42
1
1
@TimKennedy, added the missing negation to the first sentence... thanks.
â ilkkachu
Aug 15 at 14:43
@TimKennedy, added the missing negation to the first sentence... thanks.
â ilkkachu
Aug 15 at 14:43
Accepting this because it was the closest, the easy fix was to do askubuntu.com/questions/70442/â¦
â ronald mcdolittle
Aug 16 at 14:07
Accepting this because it was the closest, the easy fix was to do askubuntu.com/questions/70442/â¦
â ronald mcdolittle
Aug 16 at 14:07
add a comment |Â
up vote
0
down vote
Try to mount the system disk (system disk file) to a reliable linux system where you have the root rights. Then you can investigate the passwd
, group
, sudoers
and all other relevant files, and/or you can use chroot
to enter into the failing system.
add a comment |Â
up vote
0
down vote
Try to mount the system disk (system disk file) to a reliable linux system where you have the root rights. Then you can investigate the passwd
, group
, sudoers
and all other relevant files, and/or you can use chroot
to enter into the failing system.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Try to mount the system disk (system disk file) to a reliable linux system where you have the root rights. Then you can investigate the passwd
, group
, sudoers
and all other relevant files, and/or you can use chroot
to enter into the failing system.
Try to mount the system disk (system disk file) to a reliable linux system where you have the root rights. Then you can investigate the passwd
, group
, sudoers
and all other relevant files, and/or you can use chroot
to enter into the failing system.
answered Aug 15 at 13:26
schweik
1864
1864
add a comment |Â
add a comment |Â
up vote
0
down vote
Note that Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.
is a different error to %s is not in the sudoers file
. (I have not read source, I just ran strings
in the code in /usr/lib/sudo/*
.)
Therefore you may still be in sudoers file. Someone may have reconfigured it.
Try various commands, you may find something that will help you. If not then you need to mount the disk on a different OS instance, and fix it.
add a comment |Â
up vote
0
down vote
Note that Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.
is a different error to %s is not in the sudoers file
. (I have not read source, I just ran strings
in the code in /usr/lib/sudo/*
.)
Therefore you may still be in sudoers file. Someone may have reconfigured it.
Try various commands, you may find something that will help you. If not then you need to mount the disk on a different OS instance, and fix it.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Note that Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.
is a different error to %s is not in the sudoers file
. (I have not read source, I just ran strings
in the code in /usr/lib/sudo/*
.)
Therefore you may still be in sudoers file. Someone may have reconfigured it.
Try various commands, you may find something that will help you. If not then you need to mount the disk on a different OS instance, and fix it.
Note that Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.
is a different error to %s is not in the sudoers file
. (I have not read source, I just ran strings
in the code in /usr/lib/sudo/*
.)
Therefore you may still be in sudoers file. Someone may have reconfigured it.
Try various commands, you may find something that will help you. If not then you need to mount the disk on a different OS instance, and fix it.
answered Aug 15 at 13:38
ctrl-alt-delor
9,12931948
9,12931948
add a comment |Â
add a comment |Â
4
if you have taken yourself out of the sudo group by accident, you wont be able to use sudo.
â Rui F Ribeiro
Aug 15 at 13:07
Perhaps you don't have root authority on this system?
â Jeff Schaller
Aug 15 at 13:08
You should show the sudodoers file. Did you change something in that file?
â RalfFriedl
Aug 15 at 13:09
@RalfFriedl, not sure how to view sudodoers without admin access. The file has not been modified since 2017.
â ronald mcdolittle
Aug 15 at 13:12
@JeffSchaller how can I check if I have authority?
â ronald mcdolittle
Aug 15 at 13:12