[SOLVED] sudo: sorry, you must have a tty to run sudo

[BlueHaven]

Running the config and get this error when Initializing ldap


sudo: sorry, you must have a tty to run sudo

Any idea's?

Still on fedora 6

[mmorse]

Fedora's has some additional restrictions
As root:
./install.sh -u
vi /etc/sudoers (EDIT: please use visudo instead)
comment out: #Default requiretty
And reinstall (./install.sh)

If requiretty is set, sudo will only run when the user is logged in to a real tty. This will disallow things like 'rsh somehost sudo ls' since rsh does not allocate a tty; because it is not possible to turn off echo when there is no tty present.

[mmorse]

I knew there was a safer method: visudo
Sudoers - ZimbraWiki

[BlueHaven]

Hmm, well the first way you showed me worked good. Sense this is only a test box I will leave it as is. If I decide to go production I will prop it the way in the article!

Thanks a bunch!!!!

[mmorse]

Good to hear,
visudo is just a little safer than a vi no biggie
It essentially locks the sudoers file, provides basic sanity/parse errors checks.

[sir_hmba]

Quote:

Originally Posted by mmorse

comment out: #Default requiretty

Instead of removing the requiretty default for everyone you can selectively override defaults for users/groups. I'm not sure if the original poster was having trouble w/ the ldap user account, but I'll assume he was. In that case:

Code:

Defaults:ldap   !requiretty

See the examples section of the sudoers(5) man page for more information.

[Willscrlt]

I didn't want to entirely disable the TTY requirement, but the 'ldap' exclusion given above didn't work for me. After figuring out what sudoers is all about (thanks to the link to the docs), I came up with this solution:

Code:

Defaults requiretty
Defaults:%zimbra !requiretty
Defaults:zimbra !requiretty

The first line requires TTY for everyone not excluded by the following lines.

The second line exempts the 'zimbra' group from the requirement.

The third line specifically exempts the 'zimbra' user (the account listed as attempting to install the service according to the logs). This may be redundant, but it worked for me.

I did not exempt the 'ldap' user as shown above, and it, apparently, is not necessary to do so to install and run Zimbra.

I installed this on Scientific Linux 5.3 i386 32-bit, so it should also work on RHEL 5 and CentOS 5. (No guarantees, of course)

[Willscrlt]

Oh. while 'visudo' may be the recommended method of editing the '/etc/sudoers' file, it essentially is 'vi', which means that using it is nearly incomprehensible to me. I'd be 100x more likely to make an editing mistake using that tool than editing it in Kwrite (which I did).

Two caveats, though. First, I set up Zimbra on a brand new box that nobody connects to yet, so exclusively locking the file didn't seem to be necessary. I could see the need on a box with high utilization. Second, I did run 'visudo -c' after I completed the edits to check that there were no syntax errors.

[stoggy]

you can export a setting to get your favorite editor in visudo. This will replace vi for every program that requires an editor too, well the ones that use the EDITOR environment setting. Typically any that start from the cmdline.

export EDITOR=nano # replace nano with whatever.

i suppose you could even use something like kwrite but i haven't tried that. I would be fearful of being in a situation where the gui wouldn't start and not being able to edit something. You could just re-export EDITOR in such a situation and you could easily switch to a console editor but i use vi in the gui so I don't really have a reason to.

If you take the time to learn vi, i hated it at first, it is worth it. Now i cant stand anything but vi. Its just faster and easier to do things.


You sound pretty new to linux, so here you test it. I don't have kwrite installed.

open a command line.

type this:

echo $EDITOR # this is your current editor setting. So you can switch back if you need to.
export EDITOR=kwrite # this will set your editor to kwrite, make sure you are in the gui when you try, it WONT work in just the command line.
sudo visudo # this is the test, if works then just set the export EDITOR in your .bashrc or .bash_profile. now its saved for the next time you login

if it doesn't work
export EDITOR="what it was before" # now your back to the way it was if kwrite doesn't work.


You could make aliases to set these too. You would put these in your .bashrc or .bash_profile and then you could easily switch back and forth. You would still need to set a default.
export EDITOR=kwrite
alias SWITCH-EDITOR-GUI='export EDITOR=kwrite' # then just type SWITCH-EDITOR-GUI and editor will be set to GUI
alias SWITCH-EDITOR-CUI='export EDITOR=vi' # then just type SWITCH-EDITOR-CUI and editor will be set to CUI