Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-0747: sudoers group policy does not work when sudo package is installed in a non-std location

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:02 AM

Applies to: All Centrify DirectControl 3.0.x, 4.x versions

 

Problem:

 

sudoers group policy does not work when sudo package is installed in a non-std location.

 

Reason:

 

We look for visudo command in the following locations to check if sudo is installed on the machine or not:

 

/usr/freeware/bin,

/usr/local/sbin,

/usr/sbin,

/sbin,

/bin,

/usr/bin,

/opt/sfw/sbin,

/opt/sfw/bin

 

We also check for existence of sudoers file in the following locations:

 

/etc/sudoers,

/usr/local/etc/sudoers,

/usr/local/etc/sudo/sudoers

 

If sudoers file and visudo doesn't exist in the above locations, sudoers group policy will not work.

 

Solution:

 

1) Find the visudo command on the machine where sudo gp doesn't work and execute it as shown:

 

visudo -c

 

if it doesn't support -c flag then please use the "KB-0726: sudo policy failure with CDC 4.0" and continue to Step 2.

 

2) Get the path to the visudo command and create a symlink under any of the following locations as appropriate for your environment.

 

locations: /usr/freeware/bin, /usr/local/sbin, /usr/sbin, /sbin, /bin, /usr/bin, /opt/sfw/sbin, /opt/sfw/bin

 

Ex. Assuming visudo command exists under /opt/sudo/sbin/visudo, create symlink as follows:

 

ln -s /opt/sudo/sbin/visudo /usr/sbin/visudo

 

3) Get the path to the sudoers file also and create a symlink under the any of the following locations as appropriate for your environment.

 

locations: /etc/sudoers, /usr/local/etc/sudoers, /usr/local/etc/sudo/sudoers

 

Ex. Assuming sudoers file exists under /opt/sudo/etc/sudoers/sudoers, create symlink as follows:

 

ln -s /opt/sudo/etc/sudoers/sudoers /etc/sudoers

 

4) Run adgpupdate as root and check if sudoers file got updated.



Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.