Revision as of 12:32, 17 January 2008 by Saidyjade (talk | contribs)

The file /etc/sudoers lists users authorized to run certain commands as other users. Edit this file if necessary with the visudo command. You should see some lines like the following, though the versions of postfix and openldap should match what's on your system rather than what is here.

# grep zimbra /etc/sudoers
%zimbra   ALL=NOPASSWD:/opt/zimbra/openldap-2.3.21/libexec/slapd
%zimbra   ALL=NOPASSWD:/opt/zimbra/postfix-2.2.9/sbin/postfix, /opt/zimbra/postfix-2.2.9/sbin/postalias, /opt/zimbra/postfix-2.2.9/sbin/, /opt/zimbra/postfix-2.2.9/sbin/postconf,/opt/zimbra/postfix-2.2.9/sbin/postsuper
%zimbra   ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmtomcatstart
%zimbra ALL=NOPASSWD:/opt/zimbra/perdition/sbin/perdition
# ls -l /opt/zimbra/openldap /opt/zimbra/postfix
lrwxrwxrwx  1 root root 27 May  9 14:23 /opt/zimbra/openldap -> /opt/zimbra/openldap-2.3.21
lrwxrwxrwx  1 root root 25 May  9 14:23 /opt/zimbra/postfix -> /opt/zimbra/postfix-2.2.9

Please also note it is advisable to check if the requiretty option is set. This is done as follows

# grep requiretty /etc/sudoers
Defaults    requiretty

Using the visudo command comment it out like so. Please note the first # indicates root prompt, the second line # indicates the comment

# visudo
#Defaults    requiretty 

The requiretty line, on a Fedora Core system is around line 56. This may vary on other linux or Mac systems.

On SUSE10SP1 Enterprise Server with 5.0.1-1609 when you get '/etc/sudoers' is 0640 needs to be 0440 and ldap fails to init.

Open /opt/zimbra/libexec/ in your favorite text editor:
Goto Line: 56 (in 5.0.1)
Find 0640 change to 0440 and save.

/etc/sudoers needs to be 0440 or it will not complete the requested command. Re-run /opt/zimbra/libexec/ if you got an error before and all should be good. check the above too.

Jump to: navigation, search