https://wiki.zimbra.com/api.php?action=feedcontributions&user=Nick+Teeple&feedformat=atomZimbra :: Tech Center - User contributions [en]2024-03-28T11:48:16ZUser contributionsMediaWiki 1.39.0https://wiki.zimbra.com/index.php?title=Sudoers&diff=56171Sudoers2014-10-21T14:44:12Z<p>Nick Teeple: added 8.5 content</p>
<hr />
<div>{{Article Infobox|{{admin}}||{{ZCS 8.5}}|{{ZCS 5.0}}|}}The file /etc/sudoers lists users authorized to run certain commands as other users. Edit this file if necessary with the '''visudo''' command.<br />
<br />
The following is correct as of 8.5:<br />
<br />
# grep zimbra /etc/sudoers<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmstat-fd *<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/postfix/sbin/postfix, /opt/zimbra/postfix/sbin/postalias, /opt/zimbra/postfix/sbin/qshape.pl, /opt/zimbra/postfix/sbin/postconf,/opt/zimbra/postfix/sbin/postsuper<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat,/opt/zimbra/libexec/zmmtastatus<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/amavisd/sbin/amavis-mc<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmailboxdmgr<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmcertmgr<br />
<br />
The following is correct as of 5.0.18:<br />
<br />
# grep zimbra /etc/sudoers<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/openldap/libexec/slapd<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/postfix/sbin/postfix, /opt/zimbra/postfix/sbin/postalias, /opt/zimbra/postfix/sbin/qshape.pl, /opt/zimbra/postfix/sbin/postconf,/opt/zimbra/postfix/sbin/postsuper<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat,/opt/zimbra/libexec/zmmtastatus<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmailboxdmgr<br />
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmvertmgr<br />
<br />
Please also note it is advisable to check if the requiretty option is set.<br />
This is done as follows<br />
# grep requiretty /etc/sudoers<br />
Defaults requiretty<br />
<br />
Using the '''visudo''' command comment it out like so. Please note the first # indicates root prompt, the second line # indicates the comment<br />
# visudo<br />
#Defaults requiretty <br />
The requiretty line, on a Fedora Core system is around line 56. This may vary on other linux or Mac systems.<br />
<br />
<br />
On SUSE10SP1 Enterprise Server with 5.0.1 when you get '/etc/sudoers' is 0640 needs to be 0440<br />
and ldap fails to init. <br />
<br />
Open /opt/zimbra/libexec/zmsetup.pl in your favorite text editor:<br />
Goto Line: 56 (in 5.0.1)<br />
Find 0640 change to 0440 and save.<br />
<br />
/etc/sudoers needs to be 0440 or it will not complete the requested command. Re-run /opt/zimbra/libexec/zmsetup.pl <br />
if you got an error before and all should be good. check the above too.<br />
<br />
<br />
{{Article Footer|ZCS 5.0.18|6/8/2006}}<br />
<br />
[[Category:Administration]]<br />
[[Category:Configuration]]<br />
[[Category:Linux]]<br />
[[Category:OSX]]<br />
[[Category:MTA]]<br />
[[Category:LDAP]]<br />
[[Category:ZCS 5.0]]</div>Nick Teeple