Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1845: Error message "visudo Failed, will not change /etc/sudoers"

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:45 AM

Applies to: All versions of Centrify DirectControl.
 
Problem:
 
It is noticed that /etc/sudoers does not get updated when changes are done to this file using Centrify Group Policies. The following error is observed in the Centrify debug log when the command adgpupdate is run.
 
"visudo Failed, will not change /etc/sudoers"
 
What does this mean? How do I fix?
 
Cause:
 
This means there is a syntax error in the entries being used for sudoers group policy.
 
Workaround:
 
The best way to troubleshoot syntax errors on sudoers file is to use the standard /usr/sbin/visudo program running on the unix machine. 
 
On the unix machine in question, login as root.
 
1) cp /etc/sudoers /etc/sudoers.bad or .ori
 
2) Delete the contents of the old/existing sudoers file.
 
3) Type visudo (please do not use vi as it will NOT check syntax errors) and copy the contents of sudoers file from GP unto this file.
 
4) When you try to save the file, if there are any syntax errors, visudo will warn you as shown below.
 
>>> /etc/sudoers: syntax errors near line 6 <<<<
What now?
 
Options are
(e)dit sudoers file again
e(x)it without changes to sudoers file
(Q)uit and save changes to sudoers file (DANGER!)
 
What now? 
 
5) After correcting the syntax, make sure the file is saved properly.
 
6) Copy back the clean sudoers file unto the sudoers GP in Centrify Group Policy.
 
7) From here on, sudoers file will be maintained based on GP updates (typically every 90 minutes)
 
Resolution:
 
None. Centrify-enabled sudo is following standard/stock sudo guidelines for syntax. For more information on sudo syntax, please refer to man pages of sudo available on the web.
 
The below URL was provided as a courtesy. Centrify Corporation does not take any responsibility for the maintenance of these links.
 
For more information on how Centrify-enabled sudo works, please refer to page 125 to 127 of the below URL. This URL requires support credentials and Adobe reader to view the same. Copy and paste the URL into a new browser window.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.