All,

I just spent way too much time too late at night to be doing this, trying to figure out why my CentOS 5.1 VM had a "clear" under the "msgs" column, despite having implemented the standard modification to hobbitclient.sh and put the proper entry in /etc/sudoers. It was driving me nuts, because it would work when I ran hobbitclient.sh as the user hobbit, but not when it was executing as a service. It would just sliently fail to execute without giving any error message... eventually it occurred to me that I've been driven nuts this way by another paranoid security mechanism that "silently" changes the way everything works, SELinux, and decided to go grep for sudo in /var/log... where I saw hordes of messages like this:

secure.2:Aug 3 03:46:43 dust-testlink-vm sudo: hobbit : sorry, you must have a tty to run sudo ; TTY=unknown ; PWD=/local/home/hobbit ; USER=root ; COMMAND=/local/home/hobbit/client/bin/logfetch /local/home/hobbit/client/tmp/logfetch.dust-testlink-vm.cfg /local/home/hobbit/client/tmp/logfetch.dust-testlink-vm.status

Doh, I should've looked there sooner. Bleah.

It turns out that in these versions of RHEL and Fedora, they've locked down sudo so that, by default, you can't run it unless you're attached to a real tty... you have to comment out this line in /etc/sudoers: "Defaults requiretty".

Any comments on the security implications of turning this off? Is there an alternative solution?

I figured I'd share this so the next person wouldn't go crazy the same way.

Regards,

Thomas Leavitt