Ubuntu 18.04 - sudo: no tty present and no askpass program specified
The issue us that the file is read in order. See the "SUDOERS FILE FORMAT" section of man sudoers
:
When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match).
So, first it reads this line:
jenkins ALL=(ALL) NOPASSWD: ALL
And allows jenkins
to run sudo command with no password (this seems like an absolutely horrible idea, by the way, but let's leave security out of it for now). Then, it continues reading the file and finds:
%sudo ALL=(ALL:ALL) ALL
Since jenkins
is part of the sudo
group, this applies to jenkins
as well and overwrites the NOPASSWD
command.
Related videos on Youtube
ShSa
Updated on September 18, 2022Comments
-
ShSa over 1 year
Before telling me about /etc/sudoers file here it is:
# # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL jenkins ALL=(ALL) NOPASSWD: ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d
In the beginning I was trying to run a sudo command remotely. I edited the sudoers file with visudo to let jenkins user the ability to run sudo commands with no password asked.
once i realized that I have another problem I even tried to run (when I logged on as jenkins user) the following : ssh localhost "sudo w" even that doesn't work.
getting this error : sudo: no tty present and no askpass program specified
any ideas?
thanks!
EDIT:
I'm trying to run bash sudo commands from jenkins master machine on slave machine in post step job (done it alredy with other slave).
When I run the job it failed with error : sudo: no tty present and no askpass program specified. from my debugging, it seems that the problem not relating to the master, because I tried to send sudo command over ssh within the slave machine and got the same error.
My expectation is to make it work. the way it already worked on a different salve machine. (which i also test the same logic within the other salve machine by sending sudo command over ssh pointing localhost --- worked just fine
it seems like there is no tty for sudo command over ssh... I'm not an expert of TTY or SSH. Maybe I'm missing something...
SOLVED! I think it is a BUG...
I moved the this line to the end of the /etc/sudoers and it works!
jenkins ALL=(ALL) NOPASSWD: ALL
so the file looks like this:
# # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d jenkins ALL=(ALL) NOPASSWD: ALL
-
terdon over 5 yearsWhat problem? Please edit your question and explain exactly what is happening. What command are you trying to run? How are you connecting to the Ubuntu machine? What Ubuntu is this? Are you running a script?
-
terdon over 5 yearsPlease be more clear. Are you physically in front of the machine? It sounds like you aren't, but how are you connecting? Are you only getting this error when trying to run commands with
ssh
? That's not a bug, if so. -
ShSa over 5 yearsThis is a virtual machine (ubuntu server 18.04), I have ssh connection to the machine. I Did the same steps on other machine once before (ubuntu server 16.04) and it work just fine
-
ShSa over 5 yearsI only get this error when trying to run commands as root - meaning "sudo..."
-
ShSa over 5 yearsbut when I add -t to the command ssh -t localhost "sudo w" It works. Maybe it's not a bug but I will be grateful for an explanation.
-
terdon over 5 yearsPlease edit your question and add all of these details. We need to know: i) exactly what you are doing, ii) what is happening and iii) what you expected to happen. Also have a look at
man ssh
and see what the-t
does, -
ShSa over 5 yearsCan some one explain why it should be at the end of the file? isn't a bug?
-
terdon over 5 yearsHmm. Is
jenkins
in either theadmin
or thesudo
groups? -
ShSa over 5 yearsYes. jenkins is in sudo group.
-
ShSa over 5 yearsHow can I contact you in private? there is a chat or something?
-
terdon over 5 years@ShSa yes, there is a chat room associated with the site, but you need 20 reputation points to use it. Don't worry, that's just a single upvote on an answer or two upvotes on a question since you already have 10!