How to troubleshoot sudo not working?
Sudo must have been compiled with PAM support. Sudo must be configured properly to use PAM (/etc/pam.d/sudo or /etc/pam.conf). To configure sudo pam files you can use the command: 'vastool configure pam sudo' and 'vastool configure sudo'.
Sudoers file rules have to be setup correctly. If a group is configured in sudoers file then we must check that Authentication Services (QAS) knows the user is a member of that group.
Technical Support will need the following information to troubleshooting sudo issues:
1 - ldd `which sudo`
To check if sudo is compiled with PAM
2 - sudo -V
To check version of sudo
3 - sudo -L
4 - sudo -l
When multiple entries match for a user, they are applied inorder. Where there are multiple matches, the last match is used (which is not necessarily the most specific match) is the one that takes affect.
It is usually best to structure the sudoers file with the more general rules (e.g. sudo ALL) first and the more specific ones at the end.
© 2022 One Identity LLC. ALL RIGHTS RESERVED. Feedback 使用条款 隐私