I have already read a lot of posts about enabling sudo-access for a specific user but those couldn't help me so far.
The situation is:
I'm running Debian Testing. On the system there are only two accounts: 'root' and a user account 'benny'.
The user 'benny' should be able to run commands with root privileges using sudo (of course I installed sudo first), which is why I edited the '/etc/sudoers' file using visudo as follows:
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
benny ALL=(ALL:ALL) ALL #<<<<<<<<<<<<<<< EDIT HERE!
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
ALL ALL= NOPASSWD: /usr/sbin/g15daemon
This did not work at all – when issuing the 'sudo' command it keeps saying 'benny is not in the sudoers file. This incident will be reported.'
So I added benny to the group 'sudo', as it was often suggested:
usermod -aG sudo benny
After a re-login as 'benny' the command
groups
shows
benny cdrom sudo fuse
which seems fine to me. Also
cat /etc/group | grep sudo
shows
sudo:x:27:benny
However if I try, for example
sudo apt update
it still keeps saying that benny was not in the sudoers-file.
I've really read a lot about this issue and everyone just advices one of the two steps, I mentioned above.
What am I missing here? I gues it's something really stupid, but I do not see it. Any help is appreciated! Thanks in advance!
Best Answer
I pulled down the source code for sudo and it appears that the way this could happen is if your sudo is configured to use LDAP or SSSD methods to determine permissions. If either of those is available, it will be checked before the file method. This probably only makes sense if this machine was set up for you in a corporate environment or something? In these cases, the error message is a bit inaccurate as it still refers to the sudoers "file".
I've never used either of those for this but it appears they would be configured in an /etc/sudo.conf file, so you could see if you have such a thing. Looking at
man sudo
it mentions an LDAP plugin andman sudo.conf
gives info about plugins are configured FWIW.