clear "msgs" column under CentOS 5.x and later versions of Fedora despite hack

Thomas Leavitt tleavitt at
Fri Aug 15 08:03:28 CEST 2008



I just spent way too much time too late at night to be doing this,
trying to figure out why my CentOS 5.1 VM had a "clear" under the
"msgs" column, despite having implemented the standard modification to and put the proper entry in /etc/sudoers. It was driving
me nuts, because it would work when I ran as the user
hobbit, but not when it was executing as a service. It would just
sliently fail to execute without giving any error message... eventually
it occurred to me that I've been driven nuts this way by another
paranoid security mechanism that "silently" changes the way everything
works, SELinux, and decided to go grep for sudo in /var/log... where I
saw hordes of messages like this:


secure.2:Aug  3 03:46:43 dust-testlink-vm sudo:   hobbit : sorry, you
must have a tty to run sudo ; TTY=unknown ; PWD=/local/home/hobbit ;
USER=root ; COMMAND=/local/home/hobbit/client/bin/logfetch



Doh, I should've looked there sooner. Bleah.


It turns out that in these versions of RHEL and Fedora, they've locked
down sudo so that, by default, you can't run it unless you're attached
to a real tty... you have to comment out this line in /etc/sudoers:
"Defaults    requiretty".


Any comments on the security implications of turning this off? Is there
an alternative solution?


I figured I'd share this so the next person wouldn't go crazy the same



Thomas Leavitt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Xymon mailing list