[SOLVED] sudo: sorry, you must have a tty to run sudo

[BlueHaven]

Running the config and get this error when Initializing ldap


sudo: sorry, you must have a tty to run sudo

Any idea's?

Still on fedora 6

[mmorse]

Fedora's has some additional restrictions
As root:
./install.sh -u
vi /etc/sudoers (EDIT: please use visudo instead)
comment out: #Default requiretty
And reinstall (./install.sh)

If requiretty is set, sudo will only run when the user is logged in to a real tty. This will disallow things like 'rsh somehost sudo ls' since rsh does not allocate a tty; because it is not possible to turn off echo when there is no tty present.

[mmorse]

I knew there was a safer method: visudo
Sudoers - ZimbraWiki

[BlueHaven]

Hmm, well the first way you showed me worked good. Sense this is only a test box I will leave it as is. If I decide to go production I will prop it the way in the article!

Thanks a bunch!!!!

[mmorse]

Good to hear,
visudo is just a little safer than a vi no biggie
It essentially locks the sudoers file, provides basic sanity/parse errors checks.

[sir_hmba]

Quote:

Originally Posted by mmorse

comment out: #Default requiretty

Instead of removing the requiretty default for everyone you can selectively override defaults for users/groups. I'm not sure if the original poster was having trouble w/ the ldap user account, but I'll assume he was. In that case:

Code:

Defaults:ldap   !requiretty

See the examples section of the sudoers(5) man page for more information.

[Willscrlt]

I didn't want to entirely disable the TTY requirement, but the 'ldap' exclusion given above didn't work for me. After figuring out what sudoers is all about (thanks to the link to the docs), I came up with this solution:

Code:

Defaults requiretty
Defaults:%zimbra !requiretty
Defaults:zimbra !requiretty

The first line requires TTY for everyone not excluded by the following lines.

The second line exempts the 'zimbra' group from the requirement.

The third line specifically exempts the 'zimbra' user (the account listed as attempting to install the service according to the logs). This may be redundant, but it worked for me.

I did not exempt the 'ldap' user as shown above, and it, apparently, is not necessary to do so to install and run Zimbra.

I installed this on Scientific Linux 5.3 i386 32-bit, so it should also work on RHEL 5 and CentOS 5. (No guarantees, of course)

[Willscrlt]

Oh. while 'visudo' may be the recommended method of editing the '/etc/sudoers' file, it essentially is 'vi', which means that using it is nearly incomprehensible to me. I'd be 100x more likely to make an editing mistake using that tool than editing it in Kwrite (which I did).

Two caveats, though. First, I set up Zimbra on a brand new box that nobody connects to yet, so exclusively locking the file didn't seem to be necessary. I could see the need on a box with high utilization. Second, I did run 'visudo -c' after I completed the edits to check that there were no syntax errors.