Unable to use sudo privileges in terminal

I followed the instructions here to set up a tljh server on Jetstream. After getting it up and running, I was able to log in and access the admin panel to add and remove users. Following the instructions, I opened up the terminal to attempt to install some conda packages. Using the same password I used to log into the server, I am unable to get past the password prompt. I’ve tried shutting down and re-starting the server and have also tried adding other admin users, but I can’t seem to find a user/password combo that works. It appears that I can’t run any sudo commands.

Here’s an example of what I’m trying:

jupyter-karlwx@js-168-125:~$ sudo -E conda-install -c conda-forge cartopy
[sudo] password for jupyter-karlwx: 
Sorry, try again.
[sudo] password for jupyter-karlwx: 
sudo: 1 incorrect password attempt
jupyter-karlwx@js-168-125:~$ su
Password: 
su: Authentication failure

Any help and suggestions would be appreciated!

Did you try it without the leading jupyter-?

That’s my terminal prompt when I open a terminal from the Jupyter home page. Is that not what it’s supposed to look like?

Is that user an admin? The docs say that admins should have passwordless sudo access.

1 Like

Yes, that user is an admin. I tried creating admin users in the jupyter admin panel and those users have the same issue with the password prompt.

what does

id

and

sudo -l

show when run as that user?

Here’s the output of those commands:

jupyter-karlwx@js-168-125:~$ id
uid=1001(jupyter-karlwx) gid=1003(jupyter-karlwx) groups=1003(jupyter-karlwx),1001(jupyterhub-admins),1002(jupyterhub-users)
jupyter-karlwx@js-168-125:~$ sudo -l
[sudo] password for jupyter-karlwx:
Sorry, try again.

You’re in the jupyterhub-admins group which is good. Are you able to obtain root/admin access to your VM, if so can you check the contents of /etc/sudoers and /etc/sudoers.d/jupyterhub-admins?

To eliminate other potential issues, I created a new VM for the project, went through the setup process again, and gave the jupyter admin user a different username than my own. The problem still persists. Here’s what’s contained in those files:

karlwx@js-169-208:~$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaultsenv_reset
Defaultsmail_badpass
Defaultssecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
rootALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudoALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:#includedir /etc/sudoers.d
#Defaults mail_always
%users ALL=(ALL) NOPASSWD: ALL
jfischer ALL=(ALL) ALL
jfischer ALL=(ALL) NOPASSWD:ALL
%users ALL=(ALL) ALL
karlwx ALL=(ALL) ALL
karlwx ALL=(ALL) NOPASSWD:ALL
karlwx@js-169-208:~$ sudo cat /etc/sudoers.d/jupyterhub-admins
%jupyterhub-admins ALL = (ALL) NOPASSWD: ALL
Defaults exempt_group = jupyterhub-admins

Thanks, it looks like your copy-and-paste may have messed up the sudoers file, e.g. it looks like some lines or spaces may have been removed. Could you check carefully, and paste it again if there were mistakes?

If this is really what it looks like then that would explain why sudo doesn’t work, your sudoers file is invalid.

I double-checked and I believe what I posted is correct. What is missing?

I can see several errors, for example

Defaultsenv_reset

There should be a space between Defaults and env_reset

rootALL=(ALL:ALL) ALL

This looks wrong there should be a space after root

# See sudoers(5) for more information on "#include" directives:#includedir /etc/sudoers.d

This also looks wrong, there should there be a line break after the :

And several other errors.

1 Like

Ok, looks like I was wrong. I was looking for missing lines, not tabs and spaces. Here’s what I’m seeing in the terminal:


It looks like there are tabs that didn’t paste correctly. I’m not sure if that’s causing any issues. Is there anything actually missing in my sudoers file that could cause these issues? I can run sudo with my main user (karlwx) but not with the jupyter admin account (wxadmin).

To confirm, wxadmin is in the jupyterhub-admins group

karlwx@js-170-139:~$ id jupyter-wxadmin
uid=1001(jupyter-wxadmin) gid=1003(jupyter-wxadmin) groups=1003(jupyter-wxadmin),1001(jupyterhub-admins),1002(jupyterhub-users)

But it does not have sudo privileges

karlwx@js-170-139:~$ sudo -l -U jupyter-wxadmin
User jupyter-wxadmin is not allowed to run sudo on js-170-139.
karlwx@js-170-139:~$ 

This line is the problem:

# See sudoers(5) for more information on "#include" directives:#includedir /etc/sudoers.d

The #includedir statement needs to be on it’s own line:

#includedir /etc/sudoers.d

It’s a “special” comment that actually means read all files under /etc/sudoers.d. Without it the /etc/sudoers.d/jupyterhub-admins file is ignored.

3 Likes

Thank you, that’s exactly what I needed!