EC2 instance: non ec2-user not in sudoer file

amazon ec2sudo

Amazon EC2-instance:
I made a user 'admin' and copied ec2-user's keys with proper permission.
After successful login, i tried to do sudo su for root access, it says 'admin is not in the sudoers file. This incident will be reported.'

However i can do sudo su with ec2-user account and can gain root access.

What is sudoer file? how does ec2-user and admin different in config wise?

# useradd -m admin
# cp -R /home/ec2-user/.ssh /home/admin
# chown -R admin:admin /home/admin/.ssh

connect by putty:
login as: admin
Authenticating with public key "xxx"
[admin@ip-xx-xx-xx-xx ~]$ sudo su

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
1) Respect the privacy of others.
2) Think before you type.
3) With great power comes great responsibility.

[sudo] password for admin:
admin is not in the sudoers file.  This incident will be reported.

Best Answer

You need to edit your sudoers filer and enable your admin user. You should only edit your sudoers file with the visudo command as this checks the syntax etc. Something like

admin    ALL=(ALL) ALL

will do. This allows your admin user to execute any command as on any host as any user after supplying a password.

Check the sudoers and sudo man pages

Related Solutions

Ssh – AWS Amazon EC2 – password-less SSH login for non-root users using PEM keypairs

Ok, no responses saying that this is hideously exposed in any way, except for the fact that if someone gets into the user login, they get the user's PEM key. Which shouldn't let them get anywhere else*.

It is working with the above approach.

*Usual caveats apply

Linux – Changing the Sudo warning

It's compiled-in:

[root@risby]# strings /usr/bin/sudo|grep privacy
    #1) Respect the privacy of others.

Happily, however, my man sudoers admits of the string lecture_file which it says is the

[p]ath to a file containing an alternate sudo lecture that will be used in place of the standard lecture if the named file exists. By default, sudo uses a built-in lecture.

So see if your sudo supports that, and if it does, set it to a particular filename with e.g.

Defaults        lecture_file = /etc/sudoers.lecture

and put your lecture text in that file. You may find this easier to test, as I did, if you also do

Defaults        lecture = always

which will display the lecture on every invocation of sudo. Otherwise you may run out of accounts which have never sudo'ed while you get this right!

If your sudo is old enough not to support these variables, you will need to recompile from source. That has its own attendant worries, so you will wish to think very hard before doing that purely for cosmetic reasons.

Best Answer

Related Solutions

Ssh – AWS Amazon EC2 – password-less SSH login for non-root users using PEM keypairs

Linux – Changing the Sudo warning

Related Topic