How to avoid "root is not allowed to run sudo"?

linux sudo root ubuntu-16.04 sudoers

9,105

As root, run groups - Root isn't in the sudo group, because why would it ever need to be?

As to how to fix it, you could either add root to the sudo group, or you could put a check in any script that runs sudo (which you've discounted as a possibility for your particular problem, but it maybe a solution for others.

To add root to the sudo group:

(as root) usermod -a -G sudo root

9,105

kottalovag

Updated on September 18, 2022

Comments

kottalovag over 1 year
I am trying to execute some third-party installer script (ansible tower setup.sh) which needs to be started as root or via sudo as some of the commands rely on root privileges. However some commands during the script execution try to sudo. Don't ask me why, I think the setup script is a joint effort with some inconsistencies...

So the script fails, and I can reproduce it. I face this weird error any time trying to issue sudo as root, e.g.
```
root@machine:/home/someuser: sudo echo 1
root is not allowed to run sudo on <FQDN here>.  This incident will be reported.
```
I have never seen such thing in my previous experience with Ubuntu (and to be fair nor on Google currently.)

As it is not an option to find all the places and transform the script to not call sudo, I have to find a way for the root user to be able to perform sudo. The Ubuntu 16.04 server I am working on is configured in an exotic way by the private cloud provider of the company, inside domain (IDK whether this matters).

My /etc/sudoers looks like this:
```
#
# This file MUST be edited with the 'visudo' command as root.
# more bla bla
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
+unixadmin,+unixadminext      ALL= NOPASSWD: ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
```
about sudo:
```
root@machine:/home/someuser# which sudo
/usr/bin/sudo
root@machine:/home/someuser# ll /usr/bin/sudo
-rwsr-xr-x 1 root root 140816 Jun  7  2017 /usr/bin/sudo*    
```
What am I missing?

I added the root user to the sudo group but it did not solve the issue.
- Mokubai over 5 years
  
  If you are root, why do you need to run sudo? I'm sure I'm missing some finer point here but surely when you are running something from a root command prompt then sudo is completely superfluous.
- s1ns3nt over 5 years
  
  I'm finding myself asking the same question. Root shouldn't need sudo as sudo essentially emulates root access for other non-root users. If your script needs to be run with higher privileges, then running it as root would accomplish that. The idea of running as root, though, gives me the shivers. Maybe we could help more if we knew what you're actually trying to accomplish and the errors you're getting there.
- kottalovag over 5 years
  
  @Mokubai, ask the creators of the script I am working with. Basically the ansible tower installer does this internally, I myself just call the shell script. Naturally the script needs to be called via sudo as here and there it relies on root-ness, at other places it tries to elevate itself.
- kottalovag over 5 years
  
  @s1ns3nt, thx for asking, I edited my question to be more clear.
kottalovag over 5 years

Thx, I had a look at the groups using the members command. Then added the root user to the sudo group using usermod. I did a relogin. However I still cannot perform sudo via root.