Applies to: All Centrify DirectControl 3.0.x, 4.x versions

Problem:

sudoers group policy does not work when sudo package is installed in a non-std location.

Reason:

We look for visudo command in the following locations to check if sudo is installed on the machine or not:

/usr/freeware/bin,

/usr/local/sbin,

/usr/sbin,

/sbin,

/bin,

/usr/bin,

/opt/sfw/sbin,

/opt/sfw/bin

We also check for existence of sudoers file in the following locations:

/etc/sudoers,

/usr/local/etc/sudoers,

/usr/local/etc/sudo/sudoers

If sudoers file and visudo doesn't exist in the above locations, sudoers group policy will not work.

Solution:

1) Find the visudo command on the machine where sudo gp doesn't work and execute it as shown:

visudo -c

if it doesn't support -c flag then please use the "KB-0726: sudo policy failure with CDC 4.0" and continue to Step 2.

2) Get the path to the visudo command and create a symlink under any of the following locations as appropriate for your environment.

locations: /usr/freeware/bin, /usr/local/sbin, /usr/sbin, /sbin, /bin, /usr/bin, /opt/sfw/sbin, /opt/sfw/bin

Ex. Assuming visudo command exists under /opt/sudo/sbin/visudo, create symlink as follows:

ln -s /opt/sudo/sbin/visudo /usr/sbin/visudo

3) Get the path to the sudoers file also and create a symlink under the any of the following locations as appropriate for your environment.

locations: /etc/sudoers, /usr/local/etc/sudoers, /usr/local/etc/sudo/sudoers

Ex. Assuming sudoers file exists under /opt/sudo/etc/sudoers/sudoers, create symlink as follows:

ln -s /opt/sudo/etc/sudoers/sudoers /etc/sudoers