Why aren't my LUM-enabled users able to run sudo commands?

  • 7011441
  • 29-Nov-2012
  • 29-Nov-2012


Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 11 (OES 11) Linux


Trying to run "sudo command_or_script" does not successfully run the indicated command_or_script.  This is despite the LUM group, that the user is a member of, is properly listed in /etc/sudoers and was added with visudo.

Some error seen were:
  • multiple "bash: /dev/null: Permission denied" upon login or su to user
  • the following info:
    We trust you have received the usual lecture from the local System
    Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

  • prompted for the password of the user 
  • if you enter the correct password, you will see:
      userName is not in the sudoers file. This incident will be reported.


Ensure that any LUM groups in the given eDirectory tree are unique in regards to:
  • name of group
  • gidNumber of the group

If you find you have 2 groups with the same name, the easiest way to remedy is to rename one of the two groups, and then add that group to the sudoers file with the same authorizations as it's previous name.

Additional Information

LUM requires unique group name and gidNumber for LUM-enabled groups.  If there are 2 or more LUM-enabled groups with the same name, you may see odd behavior running sudo or other functions that rely on LUM groups.

A quick way to list all groups that are LUM-enabled is to run the following from a server in the tree:

    ldapsearch -x -h localhost -b "(&(objectClass=groupOfNames)(gidNumber=*))"

This will do a subtree search in the current tree, beginning at the [root] of the tree and return every group that has a gid # associated to it -- which is indicative of a LUM-enabled group.  You can redirect the output to a file with "> filename" and review that data later.