SUDOERS config with LUM enabled user

Hi Community,

I am desperately looking for a suitable configuration for sudo with LUM enabled user and or group on my OES.

I found several aged discussion mostly pointing to 404 URLs :-(

My environment is a 24.1, I know I need to configure a /etc/pam.d/sudo file, but didn't managed to work correctly with pam/nam.

I did try copying the one from "pam_nam_sample" : without success,

Then trying with a copy of "su" one : without success...

Behavior is following : if NOPASSWD is mentioned then the command is working e.g. sudo yast

if I mention the PASSWD, then i have a "[sudo] password for root:" request.

All advice are welcome,

Thanks

Everyone is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid. [A. Einstein]

  • 0

    What do you want to achieve?

    The standard behaviour on OES is, that su and sudo require you to enter the password for root. To change this you have to edit the /etc/sudoers file.

  • 0 in reply to 

    Hi Prindl,

    goal  is following :

    having specific user in a "sudo_allowed_group" in my eDirectory,

    then LUM enabling the group,

    then allowing that group of users to SSH and asking there password when they sudo something.

    Everyone is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid. [A. Einstein]

  • 0 in reply to 

    Here the Default targetpw is the setting, which steers the behaviour you see. Either you change the default or you change that at the group-level via !targetpw but that is not my approach - therefore no experience with that. BTW I do not see a real security enhancement, if someone already authenticated has to enter its own password a second time, to run sudo.