Score:1

Linux - User name with a "$" cannot sudo

cd flag

We are beginning to add our RHEL 7.9 Linux machines to AD. As a part of that we would like to restrict the use of sudo to the administrators. The admin group we will call ServerAdmins and we added it to the sudoers file. The issue we have is the individual administrator ID has a "$" in the name. EXAMPLE: admin$user. When we add this line to the sudoers file it fails.

%DOMAIN\\ServerAdmins  ALL=(ALL)  ALL

However if we add a single member this way it succeeds:

%DOMAIN\\admin\$user  ALL=(ALL)  ALL

I am stumped on how to proceed. We have verified that it is the "$" causing the issue.

Michael Hampton avatar
cz flag
What do you mean by "fails"?
pmdba avatar
cn flag
"$" is a reserved character with special meaning to pretty much all Linux shells. Many commands will interpret it as an environment variable reference and not a literal character. You should _not_ be using it in user names.
Andrew Madsen avatar
cd flag
@MichaelHampton by fails I mean the infamous "you do not have sudo rights. This will b reported"
Michael Hampton avatar
cz flag
That means there will be log entries. What are they?
Andrew Madsen avatar
cd flag
@pmdba NOT very helpful. While I understand that the "$" is a reserved character, after all in my example I escaped the "$, this company uses WIndows which is not so picky. Thus the AD integration. WHen they set all of this stuff years ago, Linux was not even an option. Out of the 4000+ machines we have only 71 are Linux.
pmdba avatar
cn flag
I'm just saying that those user names will have problems _by definition_. Don't expect to map all your Windows accounts or groups to Linux 1:1. Escaping an individual name may work, but not when a command is reading a list of names from a group. You may have to have separate users or groups that conform to local OS naming conventions; that has been my past experience. Using AD to centralize things is fine, but that doesn't mean that the Linux hosts will be compatible with Windows names.
djdomi avatar
za flag
echo admin\$user ->admin$user and echo admin\\$user -> admin\$user - or "domain\$user" might work
Score:1
cd flag

All,

I do not know what happend. I went back this morning and tried to reproduce the issue so I could copy the message for @MichaelHampton and I was able to authenticate and it recognised I was in the proper group to use sudo. Bugger all.

EDIT:

As I said in the comments, I figured it out. After adding the proper group I needed to restart realmd. It was no the "$" afterall but the groups needed requering. Once realmd was restarted I could sudo.

djdomi avatar
za flag
remind to accept your own answer if the question is solved
Andrew Madsen avatar
cd flag
I did figure it out. realmd refreshes periodically. I must have been testing during the lull. I checked this out on a second machine and after I edited the sudoers file I was unable to sudo. I then restarted realmd and was able to sudo.
djdomi avatar
za flag
then update your answer and accept it ;)
Andrew Madsen avatar
cd flag
@djdomi I will update but I cannot accept it for another 22 hours. Newbie here.
djdomi avatar
za flag
at least for now you are over 15 rep and comment everywhere ;)
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.