Sudoers

Sudoers

   KB 1554        Last updated on 2017-01-25  




0.00
(0 votes)

The file /etc/sudoers lists users authorized to run certain commands as other users. Edit this file if necessary with the visudo command.

Example from 8.7:

$ sudo grep -hr ^ /etc/sudoers.d/ | sort
Defaults:zimbra !requiretty
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/amavis-mc
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/nginx
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postalias
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postcat
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postconf
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postfix
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/postsuper
%zimbra ALL=NOPASSWD:/opt/zimbra/common/sbin/qshape.pl
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmdnscachealign *
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmailboxdmgr
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmtastatus
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmstat-fd *
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmunbound

Example from 8.5:

# grep zimbra /etc/sudoers
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmstat-fd *
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd
%zimbra ALL=NOPASSWD:/opt/zimbra/postfix/sbin/postfix, /opt/zimbra/postfix/sbin/postalias, /opt/zimbra/postfix/sbin/qshape.pl, /opt/zimbra/postfix/sbin/postconf,/opt/zimbra/postfix/sbin/postsuper
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat,/opt/zimbra/libexec/zmmtastatus
%zimbra ALL=NOPASSWD:/opt/zimbra/amavisd/sbin/amavis-mc
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmailboxdmgr
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmcertmgr

Example from 5.0.18:

# grep zimbra /etc/sudoers
%zimbra ALL=NOPASSWD:/opt/zimbra/openldap/libexec/slapd
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd
%zimbra ALL=NOPASSWD:/opt/zimbra/postfix/sbin/postfix, /opt/zimbra/postfix/sbin/postalias, /opt/zimbra/postfix/sbin/qshape.pl, /opt/zimbra/postfix/sbin/postconf,/opt/zimbra/postfix/sbin/postsuper
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat,/opt/zimbra/libexec/zmmtastatus
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmailboxdmgr
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmvertmgr

Please also note it is advisable to check if the requiretty option is set. This is done as follows

# grep requiretty /etc/sudoers
Defaults    requiretty

Using the visudo command comment it out like so. Please note the first # indicates root prompt, the second line # indicates the comment

# visudo
#Defaults    requiretty 

The requiretty line, on a Fedora Core system is around line 56. This may vary on other linux or Mac systems.


On SUSE10SP1 Enterprise Server with 5.0.1 when you get '/etc/sudoers' is 0640 needs to be 0440 and ldap fails to init.

Open /opt/zimbra/libexec/zmsetup.pl in your favorite text editor:
Goto Line: 56 (in 5.0.1)
Find 0640 change to 0440 and save.

/etc/sudoers needs to be 0440 or it will not complete the requested command. Re-run /opt/zimbra/libexec/zmsetup.pl if you got an error before and all should be good. check the above too.

Verified Against: ZCS 5.0.18 Date Created: 6/8/2006
Article ID: https://wiki.zimbra.com/index.php?title=Sudoers Date Modified: 2017-01-25



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search