I have a strange problem on an debian lenny server. The server is a NIS client to share users/groups with another server and in the sudoers file the following is placed:
%groupX ALL=(ALL) ALL
So that members of groupX have sudo rights. Furthermore I have a user that is part of the group:
uid=1234(user.name) gid=1234(user.name) groups=1234(user.name),1001(groupX),<snip>
But still when the user tries to sudo he gets an error. The other group users can sudo perfectly fine.
This has happened once before, but then it was enough to remove, synchronise and re-add the user to the group. This didn't work this time.
In /var/log/auth.log the following default error is noted:
Jul 6 11:08:35 servername sudo: user.name : user NOT in sudoers ; TTY=pts/1 ; PWD=/home/u/user.name ; USER=root ; COMMAND=/bin/bash
Does anyone know how to fix this?
It probably would help if we know the output of auth.log. However, it sounds like authentication is going to the NIS first, like so under Red Hat:
Or in some distributions:
If you need to have users sudo on that server, you will need to have local accounting definitions take precedence like so:
Keep in mind that this may prevent the users from accessing NIS resources, depending on how the auth stacks are configured. Verify that your pam configuration will not prevent you from auth against NIS after you auth locally.
EDIT: Okay, reviewing on how you can use NIS with sudo, do you know if that user exists on the local system? Assuming that nsswitch is looking at the local files, it is possible that is taking precedence first over the user in NIS.