Linux – ‘user is not in the sudoers file’ but actually is


I have already read a lot of posts about enabling sudo-access for a specific user but those couldn't help me so far.
The situation is:
I'm running Debian Testing. On the system there are only two accounts: 'root' and a user account 'benny'.
The user 'benny' should be able to run commands with root privileges using sudo (of course I installed sudo first), which is why I edited the '/etc/sudoers' file using visudo as follows:

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
benny   ALL=(ALL:ALL) ALL #<<<<<<<<<<<<<<< EDIT HERE!

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
ALL ALL= NOPASSWD: /usr/sbin/g15daemon

This did not work at all – when issuing the 'sudo' command it keeps saying 'benny is not in the sudoers file. This incident will be reported.'
So I added benny to the group 'sudo', as it was often suggested:

usermod -aG sudo benny

After a re-login as 'benny' the command



benny cdrom sudo fuse

which seems fine to me. Also

 cat /etc/group | grep sudo 



However if I try, for example

sudo apt update

it still keeps saying that benny was not in the sudoers-file.
I've really read a lot about this issue and everyone just advices one of the two steps, I mentioned above.
What am I missing here? I gues it's something really stupid, but I do not see it. Any help is appreciated! Thanks in advance!

Best Answer

I pulled down the source code for sudo and it appears that the way this could happen is if your sudo is configured to use LDAP or SSSD methods to determine permissions. If either of those is available, it will be checked before the file method. This probably only makes sense if this machine was set up for you in a corporate environment or something? In these cases, the error message is a bit inaccurate as it still refers to the sudoers "file".

I've never used either of those for this but it appears they would be configured in an /etc/sudo.conf file, so you could see if you have such a thing. Looking at man sudo it mentions an LDAP plugin and man sudo.conf gives info about plugins are configured FWIW.

Related Question