Ubuntu 18.04 - sudo: no tty present and no askpass program specified

command-line server permissions sudo tty

11,434

The issue us that the file is read in order. See the "SUDOERS FILE FORMAT" section of man sudoers:

When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match).

So, first it reads this line:

jenkins ALL=(ALL) NOPASSWD: ALL

And allows jenkins to run sudo command with no password (this seems like an absolutely horrible idea, by the way, but let's leave security out of it for now). Then, it continues reading the file and finds:

%sudo   ALL=(ALL:ALL) ALL

Since jenkins is part of the sudo group, this applies to jenkins as well and overwrites the NOPASSWD command.

11,434

ShSa

Updated on September 18, 2022

Comments

ShSa over 1 year
Before telling me about /etc/sudoers file here it is:
```
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
jenkins ALL=(ALL) NOPASSWD: ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
```
In the beginning I was trying to run a sudo command remotely. I edited the sudoers file with visudo to let jenkins user the ability to run sudo commands with no password asked.

once i realized that I have another problem I even tried to run (when I logged on as jenkins user) the following : ssh localhost "sudo w" even that doesn't work.

getting this error : sudo: no tty present and no askpass program specified

any ideas?

thanks!

EDIT:
1. I'm trying to run bash sudo commands from jenkins master machine on slave machine in post step job (done it alredy with other slave).
2. When I run the job it failed with error : sudo: no tty present and no askpass program specified. from my debugging, it seems that the problem not relating to the master, because I tried to send sudo command over ssh within the slave machine and got the same error.
3. My expectation is to make it work. the way it already worked on a different salve machine. (which i also test the same logic within the other salve machine by sending sudo command over ssh pointing localhost --- worked just fine
it seems like there is no tty for sudo command over ssh... I'm not an expert of TTY or SSH. Maybe I'm missing something...

SOLVED! I think it is a BUG...

I moved the this line to the end of the /etc/sudoers and it works!
```
jenkins ALL=(ALL) NOPASSWD: ALL
```
so the file looks like this:
```
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
jenkins ALL=(ALL) NOPASSWD: ALL
```
- terdon over 5 years
  
  What problem? Please edit your question and explain exactly what is happening. What command are you trying to run? How are you connecting to the Ubuntu machine? What Ubuntu is this? Are you running a script?
- terdon over 5 years
  
  Please be more clear. Are you physically in front of the machine? It sounds like you aren't, but how are you connecting? Are you only getting this error when trying to run commands with ssh? That's not a bug, if so.
- ShSa over 5 years
  
  This is a virtual machine (ubuntu server 18.04), I have ssh connection to the machine. I Did the same steps on other machine once before (ubuntu server 16.04) and it work just fine
- ShSa over 5 years
  
  I only get this error when trying to run commands as root - meaning "sudo..."
- ShSa over 5 years
  
  but when I add -t to the command ssh -t localhost "sudo w" It works. Maybe it's not a bug but I will be grateful for an explanation.
- terdon over 5 years
  
  Please edit your question and add all of these details. We need to know: i) exactly what you are doing, ii) what is happening and iii) what you expected to happen. Also have a look at man ssh and see what the -t does,
- ShSa over 5 years
  
  Can some one explain why it should be at the end of the file? isn't a bug?
- terdon over 5 years
  
  Hmm. Is jenkins in either the admin or the sudo groups?
- ShSa over 5 years
  
  Yes. jenkins is in sudo group.
ShSa over 5 years

How can I contact you in private? there is a chat or something?
terdon over 5 years

@ShSa yes, there is a chat room associated with the site, but you need 20 reputation points to use it. Don't worry, that's just a single upvote on an answer or two upvotes on a question since you already have 10!