12 April,16 at 11:02 AM
Applies to: All Centrify DirectControl 3.0.x, 4.x versions
Problem:
sudoers group policy does not work when sudo package is installed in a non-std location.
Reason:
We look for visudo command in the following locations to check if sudo is installed on the machine or not:
/usr/freeware/bin,
/usr/local/sbin,
/usr/sbin,
/sbin,
/bin,
/usr/bin,
/opt/sfw/sbin,
/opt/sfw/bin
We also check for existence of sudoers file in the following locations:
/etc/sudoers,
/usr/local/etc/sudoers,
/usr/local/etc/sudo/sudoers
If sudoers file and visudo doesn't exist in the above locations, sudoers group policy will not work.
Solution:
1) Find the visudo command on the machine where sudo gp doesn't work and execute it as shown:
visudo -c
if it doesn't support -c flag then please use the "KB-0726: sudo policy failure with CDC 4.0" and continue to Step 2.
2) Get the path to the visudo command and create a symlink under any of the following locations as appropriate for your environment.
locations: /usr/freeware/bin, /usr/local/sbin, /usr/sbin, /sbin, /bin, /usr/bin, /opt/sfw/sbin, /opt/sfw/bin
Ex. Assuming visudo command exists under /opt/sudo/sbin/visudo, create symlink as follows:
ln -s /opt/sudo/sbin/visudo /usr/sbin/visudo
3) Get the path to the sudoers file also and create a symlink under the any of the following locations as appropriate for your environment.
locations: /etc/sudoers, /usr/local/etc/sudoers, /usr/local/etc/sudo/sudoers
Ex. Assuming sudoers file exists under /opt/sudo/etc/sudoers/sudoers, create symlink as follows:
ln -s /opt/sudo/etc/sudoers/sudoers /etc/sudoers
4) Run adgpupdate as root and check if sudoers file got updated.