Problems with Sudo

[Arthur H. Johnson II]

On Thu, 2007-03-15 at 05:57 +0000, Adam McGreggor wrote:
> On Wed, 14 Mar 2007, Arthur H. Johnson II wrote:
> 
> > On Wed, 2007-03-14 at 23:38 -0400, Arthur H. Johnson II wrote:
> >> I only allow a particular user to ssh to my home machine, lets call him
> >> remoteuser.  Once I log in as remoteuser, I switch to localuser.  Once
> >> I'm the localuser, I can't run sudo.  If I log into the console as
> >> "localuser" I can use sudo just fine.
> 
> How are you switching? And why?
> 

Technically, I have two SSH daemons running.  The one exposed to the
internet, running on port 9988, is configured to only allow "remoteuser"
to log in.

>From remote host to home.com:
ssh -p 9988 remoteuser at home.com
ssh localuser at localhost

At that point, I'm on an entirely new tty.  According to "w" and "who"
I'm running as "localuser".

As far as "why" its a personal security policy I've used since the
beginning.  An alternate SSH server operating on an alternate port,
where only one unprivileged account is allowed to log in.  From there,
su to switch to real user. 

> >> Is there an option that needs to be adjusted in /etc/sudoers that will
> >> allow me to switch users?
> >
> > What I mean by I can't run sudo when I ssh in as the remote user and
> > switch to the local user, is that sudo asks me for my password, but
> > keeps saying authentication failure, even thou when logged in via the
> > console, or if I ssh directly in as local user, I can authenticate via
> > sudo without problems.
> 
> It's probably a case that you're still the remote user; what's the
> output of who(1), or last(1)?
> 

when I ssh, it shows me logged in as "localuser"

> Is the remote user in any of the groups that's allowed to use sudo
> (visudo(8)'s your friend).
> 
> I still don't get why you don't just connect as 'localuser'

Again, security policy.  I don't want to expose the "localuser" account
to the internet.

> 
-- 
Arthur H. Johnson II <arthur at johnsonfamilymi.us>