Re: SUDO error. (37 Views)
Reply
Regular Advisor
Narendra Uttekar
Posts: 230
Registered: ‎12-30-2007
Message 1 of 7 (402 Views)

SUDO error.

Hi,

I had installed and configured the SUDO version (1.8.5p3) on HP Itanium Blade server, OS - HP-UX 11.31.

 

I had given cancel command access to one user i.e. testuser and he is able to execute the cancel command to cancel the print jobs...but when he executes getting additional info as below,

$ /usr/local/bin/sudo /usr/bin/cancel -e P450R
Last successful login:       Mon Oct 15 11:18:18 UTC 2012 testsapn27.domain.net
Last authentication failure: Thu Oct 11 09:14:17 UTC 2012 testsapn27.domain.net

 

It is not basically a error but it doesn't look good when he executes the sudo cancel command and getting last login and failure info.

 

How we can disable or fix the problem so we should not get the  last login and failure info after executing the sudo cancel command.

 

Thanks,

Narendra

Please use plain text.
Honored Contributor
Bill Hassell
Posts: 14,178
Registered: ‎05-29-2000
Message 2 of 7 (381 Views)

Re: SUDO error.

The login information suggests that either the sudoers file has a strange setting or the cancel command is not the real cancel command but a wrapper of some sort. Use these commands:

 

# what /usr/bin/cancel
/usr/bin/cancel:
         genfuns.c $Date: 2009/10/21 17:10:33 $Revision: r11.31/4 PATCH_11.31 (PHCO_40128)
         fifo.c $Date: 2009/10/21 17:10:32 $Revision: r11.31/1 PATCH_11.31 (PHCO_40128)
         lpio.c $Date: 2008/01/14 16:56:49 $Revision: r11.31/2 PATCH_11.31 (PHCO_37540)
         $Revision: @(#) lp R11.31_BL2009_1214_1 PATCH_11.31 PHCO_40128


# file /usr/bin/cancel
/usr/bin/cancel:        ELF-32 executable object file - IA64

 The what command shows the patch level for the command and file identifies the type of file. If this isn't similar to what you have on your system, the cancel command has apparently been modified or replaced.

 

 

 

 

Please use plain text.
Regular Advisor
Narendra Uttekar
Posts: 230
Registered: ‎12-30-2007
Message 3 of 7 (375 Views)

Re: SUDO error.

Hi Bill,

I checked the patch level for the command and file identifies and it is similar please find the output as below,

 

test1:/# what /usr/bin/cancel
/usr/bin/cancel:
         genfuns.c $Date: 2009/10/21 17:10:33 $Revision: r11.31/4 PATCH_11.31 (PHCO_40128)
         fifo.c $Date: 2009/10/21 17:10:32 $Revision: r11.31/1 PATCH_11.31 (PHCO_40128)
         lpio.c $Date: 2008/01/14 16:56:49 $Revision: r11.31/2 PATCH_11.31 (PHCO_37540)
         $Revision: @(#) lp R11.31_BL2009_1214_1 PATCH_11.31 PHCO_40128
test1:/# file /usr/bin/cancel
/usr/bin/cancel:        ELF-32 executable object file - IA64

 

Looks like then sudoers file might have some strange setting...but i don't know which setting could be causing the problem. I have only 2 lines in the sudoers file.

 

User_Alias USER1 = nuttekar

USER1 ALL=NOPASSWD:/usr/bin/cancel

 

Thanks,

Narendra

Please use plain text.
Honored Contributor
Duncan Edmonstone
Posts: 5,678
Registered: ‎08-05-2000
Message 4 of 7 (362 Views)

Re: SUDO error.

I wonder if the message is coming from login rather than sudo? You might try:

 

userdbset -u nuttekar DISPLAY_LAST_LOGIN=0


HTH

Duncan
Please use plain text.
Acclaimed Contributor
Dennis Handly
Posts: 24,774
Registered: ‎03-06-2006
Message 5 of 7 (353 Views)

Re: SUDO error.

>I wonder if the message is coming from login

 

That would be my guess.

Please use plain text.
Regular Advisor
Narendra Uttekar
Posts: 230
Registered: ‎12-30-2007
Message 6 of 7 (345 Views)

Re: SUDO error.

Hi Duncan,

I tried executing the command as you told below, But no luck still same login message is coming while executing the sudo cancel command.

 

test1:/# userdbset -u nuttekar DISPLAY_LAST_LOGIN=0
test1:/#

 

Thanks,

Narendra

Please use plain text.
Occasional Visitor
JimUrsetto
Posts: 3
Registered: ‎08-28-2013
Message 7 of 7 (37 Views)

Re: SUDO error.

What you have to do is set the DISPLAY_LAST_LOGIN attribute on the user you are sudoing to (here, root):

 

# userdbset -u root DISPLAY_LAST_LOGIN=0

 

Alternatively, modify the default setting in /etc/default/security.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation