sudo command trying to search for hostname
Solution 1
The /etc/sudoers
file is designed to be able to be distributed among multiple servers. In order to accomplish this, each permission in the file has a host portion.
This is usually set to ALL=
which means that the permission is valid for any server, however it can be set to specific hosts:
%sudo kaagini=(ALL) ALL
In order for sudo to know wether this rule should be applied, it needs to lookup the host it is running on. It uses a call that relies on the /etc/hosts
being correct, which is why it fails if it is not right.
It might be argued that sudo
doesn't need to bother doing a name lookup if the host portion is set to ALL=
for all permissions, but it just doesn't work that way - it appears to work out where it running is prior to processing the rules.
This is really for ease of maintenance as sudo only reads /etc/sudoers to see what the user can do on the current machine. But as an admin with 100 servers, this might require 100 different /etc/sudoers files to maintain. Because sudoers has a host portion in the permissions, you can maintain a single sudoers file and distribute it to all machines, yet still have granularity over what users can do on each machine.
Solution 2
Thanks to the linked bug report filed by Matthias Urlichs in another comment, the following command solved the issue for me:
Defaults !fqdn
Place this line in the /etc/sudoers
file
Related videos on Youtube
prathmesh.kallurkar
Updated on September 18, 2022Comments
-
prathmesh.kallurkar over 1 year
Recently, I have changed the sudoers file and the hostname through /etc/hostname. After changing this files, my sudo command is taking a lot of time. Also, it says sudo unable to resolve host kaagini(hostname of my machine).
Why does sudo have to know the hostname for providing permission to something ??
My sudoers file has a command "Defaults env_reset". I saw some similar questions but the context is not a remote login here. The error is showing on a localhost.
Initial googling for the problem says that the /etc/hosts file must have the actual hostname for 127.0.0.1 . This fixed my issue. But my actual question is : Why do we require this for sudo ?? Should the sudo work irrespective of the place of login.
-
prathmesh.kallurkar almost 12 yearsThanks for the answer. Can you come at the distributed sudoers file again ?? See, i have an operating system running on machineA. Should the permissions file (/etc/sudoers) for this Operating System be stored on other machines. Or your answer means to say that sudo command can say something like user John can sudo from machineA but not from machineB ??
-
Paul almost 12 yearsIt is really for ease of maintenance. sudo only reads /etc/sudoers to see what the user can do on the current machine. But as an admin with 100 servers, this might require 100 different /etc/sudoers files to maintain. Because sudoers has a host portion in the permissions, you can maintain a single sudoers file and distribute it to all machines, yet still have granularity over what users can to on each machine.
-
prathmesh.kallurkar almost 12 yearsone more question... does the server administrator have to scp the new sudoers file every time there is a change in the main sudoers file or does sudo provide a way to maintain the sudoers file over the network ??
-
Paul almost 12 years@prathmesh.kallurkar No, there isn't a built-in method of distributing, but this is linux, so this is normal. You would use rsync or scp or another tool to get this part done.
-
fixer1234 almost 8 yearsCan you expand your answer to explain what is puppet, where do you find it, and how do you use it to solve the problem? From review queue
-
DavidPostill almost 8 yearsPlease read How do I recommend software for some tips as to how you should go about recommending software. You should provide at least a link, some additional information about the software itself, and how it can be used to solve the problem in the question.
-
Matthias Urlichs over 4 yearsI consider that to be a bug (if there are only ALL rules then sudo doesn't need to know its host name) and thus have filed bugzilla.sudo.ws/show_bug.cgi?id=916
-
Damien C about 3 yearsOn my side, it occured on raspbian after dist-upgrade