Ad Widget

Collapse

sudo and tty requirement

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    sudo and tty requirement

    If, from the Maps page, I select Detect Operating System, I get:

    sudo:sorry, you must have a tty to run sudo.

    I understand the message but do not know how to work around it from within Zabbix.

    Cheers,
    Stephen

    #2
    place

    "Defaults:username !requiretty"

    in zabbix sudoers file. This should solve your problem.

    I know the problem from centos/redhat systems.

    Comment


      #3
      Did that but now I get:

      sudo: no tty present and no askpass program specified

      Comment


        #4
        sudoers file

        Ca you please post your sudoers file. Please mark the problem command.

        Cheers

        Comment


          #5
          Here is the sudoers file.

          Only the one line you suggested has been changed from the default.

          The sudo log file has:

          Mar 4 09:50:38 : zabbix : HOST=server : sorry, you must have a tty to run sudo
          ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/nmap -O 127.0.0.1
          Mar 6 10:00:58 : root : HOST=server : TTY=pts/4 ; PWD=/root ; USER=root ;
          COMMAND=sudoedit /etc/sudoers
          Mar 6 10:02:51 : root : HOST=server : TTY=pts/4 ; PWD=/root ; USER=root ;
          COMMAND=sudoedit /etc/sudoers
          Mar 6 10:04:11 : root : HOST=server : TTY=pts/4 ; PWD=/root ; USER=root ;
          COMMAND=sudoedit /etc/sudoers
          Mar 6 10:05:28 : zabbix : HOST=server : no tty present and no askpass program
          specified ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/nmap -O 127.0.0.1
          Mar 6 10:10:08 : zabbix : HOST=server : no tty present and no askpass program
          specified ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/nmap -O 127.0.0.1

          Comment


            #6
            The previous attach seems to have not worked.
            Trying again with the file rename4d to sudoers.txt.

            Stephen
            Attached Files

            Comment


              #7
              thanks for sudoers file. But i can't find any entry for user "zabbix" in it.

              Maybe you have to define the needed command.

              This is the only content which sudo uses effectively.

              Code:
              Defaults    requiretty
              Defaults:zabbix    !requiretty
              
              Defaults    env_reset
              Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
              Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
              Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
              Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
              Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
              
              Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
              
              root	ALL=(ALL) 	ALL
              
              %wheel	ALL=(ALL)	ALL
              You have to define some Commands for user "zabbix" or may be user "zabbix" is member of group "wheel".

              I suggest you remove the comment of this line:

              Code:
              #includedir /etc/sudoers.d
              and then you can collect all sudo commands for zabbix a single files there.
              Last edited by ZehEmEe; 06-03-2013, 12:29.

              Comment


                #8
                I have no idea which commands user/server zabbix might try so I added an ALL entry but it made no difference.

                I still get sudo: no tty present and no askpass program specified.

                My understanding is that, given that there is no tty, sudo needs a helper (askpass) in order to get the password but there isn't one.

                I don't want to go digging into the Zabbix source to change this. There must be a better way.

                Cheers,
                Stephen

                Comment


                  #9
                  Solved

                  The solution to this issue is in the 1.8 documentation in the Tutorials section.

                  (Google found it for me.)

                  Cheers,
                  Stephen

                  Comment


                    #10
                    Originally posted by ZehEmEe View Post

                    I suggest you remove the comment of this line:

                    Code:
                    #includedir /etc/sudoers.d
                    and then you can collect all sudo commands for zabbix a single files there.
                    Hi, just to point out that comment character is required for sudo to work

                    Code:
                    ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
                    #includedir /etc/sudoers.d
                    I personally use a zabbix_sudo file that I drop in the above directory.
                    The content is

                    Code:
                    Defaults:zabbix !requiretty
                    Cmnd_Alias ZABBIX_CMD = /sbin/fuser, /usr/sbin/lsof, /usr/sbin/dmidecode, /sbin/mii-tool, /sbin/ethtool, /usr/bin/ipmitool, /usr/sbin/iptstate, /usr/bin/ocaudit
                    zabbix   ALL = (other_user)  NOPASSWD: ALL
                    zabbix   ALL = (root)        NOPASSWD: ZABBIX_CMD

                    Comment


                      #11
                      Hi all!

                      I followed the above instructions and get a very annoying fault.

                      I made a test setup:

                      /home/ubuntu/roottest file with 0400 permissions. This file contains only "root_test_text"

                      /etc/sudoers.d/zabbix contains:

                      Defaults:zabbix !requiretty
                      Cmnd_Alias ZABBIX_CMD = /bin/more
                      zabbix ALL = (other_user) NOPASSWD: ALL
                      zabbix ALL = (root) NOPASSWD: ZABBIX_CMD

                      /etc/zabbix/zabbix_agent.conf:

                      AllowRoot=0
                      UserParameter=roottest, sudo more /home/ubuntu/roottest

                      I thought the response for "zabbix_get -s xxx.xxx.xxx.xxx -k roottest" command on zabbix server will be root_test_text but i got:

                      ::::::::::::::
                      /home/ubuntu/roottest
                      ::::::::::::::
                      root_test_text


                      Any idea?

                      Comment


                        #12
                        Please try to use the "cat" command instead of "more" command at UserParameter.

                        Comment


                          #13
                          Originally posted by Atsushi View Post
                          Please try to use the "cat" command instead of "more" command at UserParameter.
                          It works. Thanks.

                          Comment


                            #14
                            Originally posted by scldad View Post
                            If, from the Maps page, I select Detect Operating System, I get:

                            sudo:sorry, you must have a tty to run sudo.

                            I understand the message but do not know how to work around it from within Zabbix.

                            Cheers,
                            Stephen
                            Hi, I had the same problem, and I did this:

                            Originally posted by ZehEmEe View Post
                            place

                            "Defaults:username !requiretty"

                            in zabbix sudoers file. This should solve your problem.

                            I know the problem from centos/redhat systems.
                            Then I got the same as this:

                            Originally posted by scldad View Post
                            Did that but now I get:

                            sudo: no tty present and no askpass program specified
                            Then I found this tutorial:

                            http://itbr.org/forum/zabbix/(dica)-...ram-specified/

                            Which is basicaly install nmap and run this command:

                            echo "zabbix ALL=(ALL:ALL) NOPASSWD:/usr/bin/nmap" >> /etc/sudoers

                            Restarted the service and It worked.
                            Last edited by GLutz; 08-04-2016, 15:24.

                            Comment

                            Announcement

                            Collapse
                            No announcement yet.
                            Working...
                            X