0

After adding a user to sudoers, it doesn't have access to run sudo.

I'm really stumped as to what the issue is but I am running CentOs 7.9 with Plesk installed.

I have added the main Plesk subscription user to the wheel group and uncommented the following line in /etc/sudoers:

## Allows people in group wheel to run all commands
wheel   ALL=(ALL)       ALL

I save sudoers, and su to the user from root and any command starting with sudo just returns:

sudo: command not found

The $PATH in sudoers is as follows:

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

Although I have also tried the following to no avail:

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/plesk/php/7.4/bin:/root/bin

I am trying to get the user in question sudo access so that they can access crontab as a cron job needs to run under that specific user (and I'm unable to get it working in the Plesk interface).

Currently, the user just gets crontab: command not found - in fact, pretty much all commands are not found (not sure if that is because these ones are all only usable for sudo users).

Can anyone advise as to what the heck I need to do to run sudo for this user? Thanks in advance. 👍

Edit for @terdon

Running grep username /etc/passwd returns the following:

username1:x:10000:1004::/var/www/vhosts/domain.tld:/usr/local/psa/bin/chrootsh
username2:x:10000:1004::/var/www/vhosts/domain.tld:/usr/local/psa/bin/chrootsh

(It is username1 that I am wanting to grant sudo access to).

Regarding the $PATH queries, I ran that after su username1 from root user. I have not modified that path, it was just like that anyway.

Improve this question
9
  • What are you trying to achieve here? Why would the plesk user need or want sudo? Isn't this a daemon user, a user that will only be used by automated processes? Does this user even have a login shell? Your error is because sudo isn't in the user's path, so you can fix it by editing the user's ~/.profile and adding the PATH there, but I suspect this isn't the best way to do whatever it is you really want to do here. If you tell us what the final objective is, we might be able to find a better way. Commented Aug 4, 2022 at 9:30
  • @terdon I need to be able to log into an SSH terminal as the Plesk user (which owns all of the website's files and folders) and be able to execute sudo commands. I might have confused matters by saying Plesk user (I just wanted to advise that this server is running Plesk) - the user is the system user that owns the website's document root. Commented Aug 4, 2022 at 10:25
  • What does echo "$PATH" output at the command line for the affected user and where is sudo installed on the system? Commented Aug 4, 2022 at 10:26
  • OK, please edit your question and show us the details of the user. The sudoers stuff isn't relevant at all. We would need to see the output of grep plesk /etc/passwd (assuming the user is plesk) and then see if they have a home directory, a login shell, basic configuration files like ~/.profile and ~/.bashrc. I still don't get why you would need to both log in as this specific user and run sudo though. If plesk owns the relevant files, you don't need sudo. And if you use sudo, you don't need to be the owner of the files. What am I missing? Commented Aug 4, 2022 at 10:28
  • @Kusalananda echo $PATH returns /opt/plesk/php/7.4/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin and I assume sudo is installed in the regular place for a CentOs 7 OS...? Commented Aug 4, 2022 at 10:28

1 Answer 1

Reset to default
1

You don't need to do any of this. If the objective is to run a cronjob as this user, all you need to do is add an entry to /etc/crontab. This file has an extra field that normal per-user crontabs don't have where you can define the user to run the command:

# m h dom mon dow user  command
0 * * * *   plesk    command_to_be_run

That will run command_to_be_run every hour, on the hour, by the user plesk.

Your approach wouldn't work because as a system user, plesk doesn't have a proper login shell, as you can see in the /etc/passwd, and isn't set up to be used interactively, so there is no $HOME/.profile with the correct PATH variable etc. As a result, the user's PATH doesn't contain the path of the sudo executable so it cannot run it. In any case, you can't run cron stuff with sudo easily, you would need to set it up to run passwordless but the whole thing isn't needed as explained above.

Finally, your PATH as shown in the question isn't the path of the actual plesk user, because su plesk won't read the user's startup files, you would have needed su - plesk. From man su:

   -, -l, --login
       Start the shell as a login shell with an environment similar to a
       real login:

       •   clears all the environment variables except TERM and variables
           specified by --whitelist-environment

       •   initializes the environment variables HOME, SHELL, USER,
           LOGNAME, and PATH

       •   changes to the target user’s home directory

       •   sets argv[0] of the shell to '-' in order to make the shell a
           login shell
Improve this answer
6
  • /etc/crontab is the root's crontab is it not? I need the system user's crontab? Commented Aug 4, 2022 at 10:42
  • 1
    @zigojacko no, /etc/crontab is the system's main crontab and the place where you set commands that need to be run by specific users. Note the plesk in the crontab line. Root's crontab, if it exists, would be in /var/spool/cron/root. But /etc/crontab is the standard way of running cron commands as a specific user. Commented Aug 4, 2022 at 10:47
  • Okay thanks for your help with this @terdon - I had already done all this but Plesk broke the cron job so I think it is Plesk causing the issue seeing as their interface can't even support the cron job I am running. But you've helped me with all the information regarding sudo users, permissions, paths and crontab. Commented Aug 4, 2022 at 10:55
  • @zigojacko what had you done? Did you both i) use /etc/crontab and ii) add a line with the username plesk (not Plesk)? Commented Aug 4, 2022 at 11:17
  • I had already manually added crontab to the system user's crontab from root like crontab -u username1 -e. I appreciate that this result is not what my original question about as I was wanting to specifically get the system user sudo access so the user could access and edit it's own crontab. Commented Aug 4, 2022 at 15:13

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.