'user is not in the sudoers file' but actually is

linux debian sudo sudoers

8,056

I pulled down the source code for sudo and it appears that the way this could happen is if your sudo is configured to use LDAP or SSSD methods to determine permissions. If either of those is available, it will be checked before the file method. This probably only makes sense if this machine was set up for you in a corporate environment or something? In these cases, the error message is a bit inaccurate as it still refers to the sudoers "file".

I've never used either of those for this but it appears they would be configured in an /etc/sudo.conf file, so you could see if you have such a thing. Looking at man sudo it mentions an LDAP plugin and man sudo.conf gives info about plugins are configured FWIW.

8,056

Benjamin Kalloch

Updated on September 18, 2022

Comments

Benjamin Kalloch over 1 year
I have already read a lot of posts about enabling sudo-access for a specific user but those couldn't help me so far.
The situation is:
I'm running Debian Testing. On the system there are only two accounts: 'root' and a user account 'benny'. The user 'benny' should be able to run commands with root privileges using sudo (of course I installed sudo first), which is why I edited the '/etc/sudoers' file using visudo as follows:
```
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
benny   ALL=(ALL:ALL) ALL #<<<<<<<<<<<<<<< EDIT HERE!

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
ALL ALL= NOPASSWD: /usr/sbin/g15daemon
```
This did not work at all - when issuing the 'sudo' command it keeps saying 'benny is not in the sudoers file. This incident will be reported.' So I added benny to the group 'sudo', as it was often suggested:
```
usermod -aG sudo benny
```
After a re-login as 'benny' the command
```
groups
```
shows
```
benny cdrom sudo fuse
```
which seems fine to me. Also
```
 cat /etc/group | grep sudo 
```
shows
```
 sudo:x:27:benny
```
However if I try, for example
```
sudo apt update
```
it still keeps saying that benny was not in the sudoers-file.
I've really read a lot about this issue and everyone just advices one of the two steps, I mentioned above.
What am I missing here? I gues it's something really stupid, but I do not see it. Any help is appreciated! Thanks in advance!
- Admin almost 10 years
  
  By the way, no need to add benny to sudoers, just place him in the sudo group which you've already done. The only reason to put benny specifically in sudoers is if you want him to have a different set of privileges than the sudo group. In your case they are the same.
- Admin almost 10 years
  
  Yes I did, I even restarted the whole system - just to make sure...
- Admin almost 10 years
  
  Got me a bit stumped too. What are the permissions on the suders file? mine is: -r--r----- 1 root root 745 Feb 11 08:16 /etc/sudoers
- Admin almost 10 years
  
  ls -l /etc/sudoers shows -r--r----- 1 root root 732 May 6 23:45 sudoers seems fine as well. Is there anything I should have done during the installation of Debian? I've been using the system for a while now. So far I always used 'su' with the root-user password if I wanted to do something like apt update.
- Admin almost 10 years
  
  Have you tried creating a new user and adding that user to the sudo group, to see if that works? This may help to narrow down where the problem is happening.
- Admin over 9 years
  
  What does "sudo -U benny -l" return when run as root? I suspect a typo or something similar in the sudoers file. Also is there anything in /etc/sudoers.d?
- Admin almost 7 years
  
  Generally speaking, it's a good idea to use visudo instead of vi /etc/sudoers. This command includes a syntax check to avoid messing sudoers file before saving it. Can you show us the output of sudo -l command launched from benny ? It should list the authorized actions for the user. Can you also show us the output of grep benny /etc/passwd /etc/groups ?
- Admin about 6 years
  
  Sorry, the issue was "solved" by reinstalling the OS and since then never occured again. I was also not able to reproduce the behavior so unfortunately I cannot give any additional information anymore. But thank you for adding your advice!
Benjamin Kalloch about 6 years

Thank you for suggestion! Unfortunately I have never found out what was causing that issue. By now I have reinstalled the OS (several times) and it never happened again. Also other systems I set up never had this issue again. At that time, the system I was talking about was my private PC at home, so it was not set up for a corporate environment.