Applies to: All versions of Centrify DirectControl.
It is noticed that /etc/sudoers does not get updated when changes are done to this file using Centrify Group Policies. The following error is observed in the Centrify debug log when the command adgpupdate is run.
"visudo Failed, will not change /etc/sudoers"
What does this mean? How do I fix?
This means there is a syntax error in the entries being used for sudoers group policy.
The best way to troubleshoot syntax errors on sudoers file is to use the standard /usr/sbin/visudo program running on the unix machine.
On the unix machine in question, login as root.
1) cp /etc/sudoers /etc/sudoers.bad or .ori
2) Delete the contents of the old/existing sudoers file.
3) Type visudo (please do not use vi as it will NOT check syntax errors) and copy the contents of sudoers file from GP unto this file.
4) When you try to save the file, if there are any syntax errors, visudo will warn you as shown below.
>>> /etc/sudoers: syntax errors near line 6 <<<<
(e)dit sudoers file again
e(x)it without changes to sudoers file
(Q)uit and save changes to sudoers file (DANGER!)
5) After correcting the syntax, make sure the file is saved properly.
6) Copy back the clean sudoers file unto the sudoers GP in Centrify Group Policy.
7) From here on, sudoers file will be maintained based on GP updates (typically every 90 minutes)
None. Centrify-enabled sudo is following standard/stock sudo guidelines for syntax. For more information on sudo syntax, please refer to man pages of sudo available on the web.
The below URL was provided as a courtesy. Centrify Corporation does not take any responsibility for the maintenance of these links.
For more information on how Centrify-enabled sudo works, please refer to page 125 to 127 of the below URL. This URL requires support credentials and Adobe reader to view the same. Copy and paste the URL into a new browser window.