After adding a user to sudoers, it doesn't have access to run sudo.
I'm really stumped as to what the issue is but I am running CentOs 7.9 with Plesk installed.
I have added the main Plesk subscription user to the wheel group and uncommented the following line in /etc/sudoers:
## Allows people in group wheel to run all commands
wheel ALL=(ALL) ALL
I save sudoers, and su to the user from root and any command starting with sudo just returns:
sudo: command not found
The $PATH in sudoers is as follows:
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Although I have also tried the following to no avail:
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/plesk/php/7.4/bin:/root/bin
I am trying to get the user in question sudo access so that they can access crontab as a cron job needs to run under that specific user (and I'm unable to get it working in the Plesk interface).
Currently, the user just gets crontab: command not found - in fact, pretty much all commands are not found (not sure if that is because these ones are all only usable for sudo users).
Can anyone advise as to what the heck I need to do to run sudo for this user? Thanks in advance. 👍
Edit for @terdon
Running grep username /etc/passwd returns the following:
username1:x:10000:1004::/var/www/vhosts/domain.tld:/usr/local/psa/bin/chrootsh
username2:x:10000:1004::/var/www/vhosts/domain.tld:/usr/local/psa/bin/chrootsh
(It is username1 that I am wanting to grant sudo access to).
Regarding the $PATH queries, I ran that after su username1 from root user. I have not modified that path, it was just like that anyway.
1 Answer 1
You don't need to do any of this. If the objective is to run a cronjob as this user, all you need to do is add an entry to /etc/crontab. This file has an extra field that normal per-user crontabs don't have where you can define the user to run the command:
# m h dom mon dow user command
0 * * * * plesk command_to_be_run
That will run command_to_be_run every hour, on the hour, by the user plesk.
Your approach wouldn't work because as a system user, plesk doesn't have a proper login shell, as you can see in the /etc/passwd, and isn't set up to be used interactively, so there is no $HOME/.profile with the correct PATH variable etc. As a result, the user's PATH doesn't contain the path of the sudo executable so it cannot run it. In any case, you can't run cron stuff with sudo easily, you would need to set it up to run passwordless but the whole thing isn't needed as explained above.
Finally, your PATH as shown in the question isn't the path of the actual plesk user, because su plesk won't read the user's startup files, you would have needed su - plesk. From man su:
-, -l, --login
Start the shell as a login shell with an environment similar to a
real login:
• clears all the environment variables except TERM and variables
specified by --whitelist-environment
• initializes the environment variables HOME, SHELL, USER,
LOGNAME, and PATH
• changes to the target user’s home directory
• sets argv[0] of the shell to '-' in order to make the shell a
login shell
-
/etc/crontabis the root's crontab is it not? I need the system user'scrontab?zigojacko– zigojacko2022年08月04日 10:42:57 +00:00Commented Aug 4, 2022 at 10:42 -
1@zigojacko no,
/etc/crontabis the system's main crontab and the place where you set commands that need to be run by specific users. Note thepleskin the crontab line. Root's crontab, if it exists, would be in/var/spool/cron/root. But/etc/crontabis the standard way of running cron commands as a specific user.2022年08月04日 10:47:10 +00:00Commented Aug 4, 2022 at 10:47 -
Okay thanks for your help with this @terdon - I had already done all this but Plesk broke the cron job so I think it is Plesk causing the issue seeing as their interface can't even support the cron job I am running. But you've helped me with all the information regarding sudo users, permissions, paths and crontab.zigojacko– zigojacko2022年08月04日 10:55:33 +00:00Commented Aug 4, 2022 at 10:55
-
@zigojacko what had you done? Did you both i) use
/etc/crontaband ii) add a line with the usernameplesk(not Plesk)?2022年08月04日 11:17:08 +00:00Commented Aug 4, 2022 at 11:17 -
I had already manually added crontab to the system user's crontab from root like
crontab -u username1 -e. I appreciate that this result is not what my original question about as I was wanting to specifically get the system user sudo access so the user could access and edit it's own crontab.zigojacko– zigojacko2022年08月04日 15:13:43 +00:00Commented Aug 4, 2022 at 15:13
sudoisn't in the user's path, so you can fix it by editing the user's~/.profileand adding the PATH there, but I suspect this isn't the best way to do whatever it is you really want to do here. If you tell us what the final objective is, we might be able to find a better way.echo "$PATH"output at the command line for the affected user and where issudoinstalled on the system?grep plesk /etc/passwd(assuming the user isplesk) and then see if they have a home directory, a login shell, basic configuration files like~/.profileand~/.bashrc. I still don't get why you would need to both log in as this specific user and run sudo though. Ifpleskowns the relevant files, you don't needsudo. And if you usesudo, you don't need to be the owner of the files. What am I missing?echo $PATHreturns/opt/plesk/php/7.4/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/binand I assume sudo is installed in the regular place for a CentOs 7 OS...?