Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Upgrade fails with the message "sudo has been configured to not allow root to run it"

EDR: Upgrade fails with the message "sudo has been configured to not allow root to run it"

Environment

  • EDR (Formerly CB Response) Server: All Supported Versions

Symptoms

After running the "/usr/share/cb/cbupgrade" utility, it fails with an error stating "Sorry, sudo has been configured to not allow root to run it.

--------------------------------------------------------------------------------

SQL DB - START

--------------------------------------------------------------------------------

Sorry, sudo has been configured to not allow root to run it.

--------------------------------------------------------------------------------

UPGRADE ABORTED

--------------------------------------------------------------------------------

'sudo -u cb /usr/pgsql-9.3/bin/pg_ctl start -w -l /var/log/cb/pgsql/setup.log -D /cbvol/cb/data/pgsql -o "-p 5002"' execution failed(1)

Traceback (most recent call last):

File "/opt/jenkins/builds/workspace/build-cbent-release-5.1/code/coreservices/src/cb/utils/exceptions.py", line 57, in decorator

File "/usr/lib/python2.6/site-packages/cb/maintenance/cbupgrade/main.py", line 189, in main

File "/usr/lib/python2.6/site-packages/cb/maintenance/cbupgrade/main.py", line 69, in run

File "/usr/lib/python2.6/site-packages/cb/maintenance/cbupgrade/main.py", line 123, in __execute_actions

File "/usr/lib/python2.6/site-packages/cb/maintenance/cbupgrade/main.py", line 117, in run_actions

File "/opt/jenkins/builds/workspace/build-cbent-release-5.1/code/coreservices/src/cb/maintenance/cbupgrade/base_action.py", line 64, in do_execute

File "/opt/jenkins/builds/workspace/build-cbent-release-5.1/code/coreservices/src/cb/utils/cb_shell.py", line 45, in decorator

File "/usr/lib/python2.6/site-packages/cb/maintenance/cbupgrade/common_actions/pgsql_runner.py", line 23, in execute

File "/opt/jenkins/builds/workspace/build-cbent-release-5.1/code/coreservices/src/cb/maintenance/cbupgrade/base_action.py", line 79, in run_shell

File "/opt/jenkins/builds/workspace/build-cbent-release-5.1/code/coreservices/src/cb/utils/cb_shell.py", line 34, in run

CbShellException: 'sudo -u cb /usr/pgsql-9.3/bin/pg_ctl start -w -l /var/log/cb/pgsql/setup.log -D /cbvol/cb/data/pgsql -o "-p 5002"' execution failed(1)
 
 

Cause

The root user is not allowed to run the sudo command, because it is not present in the /etc/sudoers file. 

Resolution

In order to run the cbupgrade utility, the root user must be able to run the sudo command.

Additional Notes

  • The root user must be in sudoers file as the upgrade uses "sudo -u cb" as part of the upgrade process.
  • The root User is by default in the /etc/sudoers file
  • Having 'root' use 'sudo' to run a command as another user is required for running the upgrade script. When root is removed from the /etc/sudoers file, that action is prohibited.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-02-2020
Views:
486
Contributors