sudo user is not allowed to execute systemctl
7,392
Debugging sudo issues:
- run
sudo -las the user concerned to show which rights are assigned to that user. - ensure that those rights correspond to the commands you wish to allow,
commands allowed in your/etc/sudoersand/etc/sudoers.d/*configurations that don't include arguments will be allowed to run with any argument,
commands allowed that do include arguments in their specification, will only work with those exact arguments, nothing more and nothing less. - In case group based rights are missing, check with
id <username>to get a listing of all groups a user belongs to. - If include files from
/etc/sudoers.d/don't get loaded:- To include those snippets the main
/etc/sudoersconfiguration file need to be configured to load those additional configuration sections with an#includedir /etc/sudoers.ddirective.
The leading pound # is not a comment but part of the directive. - The files in
/etc/sudoers.d/should not have names that in end in~or contain a.character. - The files in
/etc/sudoers.d/should should be mode 0440 and owned by root:root.
- To include those snippets the main
Related videos on Youtube
03 : 21
User is not in the sudoers file. This incident will be reported.
26 : 32
Linux Essentials - systemd: Using the systemctl command
![[Fixed]System has not been booted with systemd in WSL error | Booting WSL with systemd](https://i.ytimg.com/vi/oILBqhnyCPA/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLByxpIKADyEYB5QmyNe7DVMod2XSA)
04 : 35
[Fixed]System has not been booted with systemd in WSL error | Booting WSL with systemd
02 : 03
DevOps & SysAdmins: sudo user is not allowed to execute systemctl
06 : 08
Enable Systemd/Systemctl WSL 2
Author by
Mark Visser
Updated on September 18, 2022Comments
-
Mark Visser over 1 year
I'm trying to allow a user to use sudo to manage a custom systemctl service, this however seems to fail and I can't figure out why.
[root@testvm sudoers.d]# ll total 16 -r--r-----. 1 root root 334 Oct 9 15:42 20_appgroup -r--r-----. 1 root root 104 Sep 17 11:24 98_adminsThe 'appgroup' contains this;
[root@testvm sudoers.d]# cat 20_appgroup %appgroup ALL= /usr/bin/systemctl restart test.service, /usr/bin/systemctl start test.service, /usr/bin/systemctl stop test.service, /usr/bin/systemctl status test.serviceI have double checked that the user is member of the appgroup, however when this user runs sudo systemctl start test.service this results in an error saying;
Sorry, user tester is not allowed to execute '/usr/bin/systemctl start test' as root on testvm.Any thought on what could be the issue?
-
match over 5 yearsYour sudo config says 'test.service' but you're starting 'springboot' - is that a typo or a bug? -
Tommiie over 5 yearsThat is probably the reason why it's not working for him. -
dortegaoh over 5 yearsAdditional things to check: is sudo configured to include files from suders.d? Is the user actually in that group (run
idas the user)? -
Michael Hampton over 5 yearsYour sudo config says/usr/bin/systemctl start test.servicebut your user ransudo /usr/bin/systemctl start test. -
Michael Hampton over 5 yearsAlso, see here for a way to allow the user to manage a single service without sudo by configuring PolicyKit.
-
