remote sudo commands not working

Question

My company has automated AD integration via puppet. Long story short, servers were joining the wrong domain. I wrote a bash script to remove them from the current domain but my remote sudo commands are not working. Additionally, I am trying to remove the AD_joined file in /etc. The script shows that the file is still present, but when I ssh to the boxes, the file is actually removed and the 'sudo adleave' command also works fine. What am I doing wrong? FYI, root logins are disabled, so I am stuck with sudo.

Script:

#!/bin/bash

IP=`cat prod_ips.txt`
check=`ls /etc | grep ^AD`
for i in $IP;
do
echo '------------------------------------------------------------';
echo "Connecting to $i";
echo ""
ssh -t -o StrictHostKeyChecking=no -o ConnectTimeout=3 -o            PasswordAuthentication=no $i "sudo rm -f /etc/AD_joined; sudo adleave --force;"

echo $check
if [ -z $check ]; then
  echo "AD_joined file removed. Server should join correct domain after next   puppet run!";
else
  echo "File still present, something went wrong";
fi

echo '------------------------------------------------------------';
echo "";
done;

Sample output:

------------------------------------------------------------
Connecting to <IP>

Authorized uses only. All activity may be  monitored and reported.
sudo: adleave: command not found
Connection to <IP> closed.
AD_joined
File still present, something went wrong
------------------------------------------------------------

can you post the difference between `ssh -t -o StrictHostKeyChecking=no -o ConnectTimeout=3 -o PasswordAuthentication=no $example_remote_host "echo $PATH"` as well as `ssh $example_remote_host` followed by `which adleave` as well as `echo $PATH`? Seems like `adleave` is in a component of `PATH` that's only loaded by login shells. — jayhendren, Dec 09 '16 at 16:38
@jayhendren **First Output:** `/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/bin:/usr/‌local/bin:/usr/bin:/‌bin:/u01/app/oracle/‌product/12.1.0/bin:/‌home/user/.local/bin‌:/home/user/bin` **Second Output:** `which: no adleave in (/usr/local/bin:/usr/bin) /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/bin:/usr/‌local/bin:/usr/bin:/‌bin:/u01/app/oracle/‌product/12.1.0/bin:/‌home/user/.local/bin‌:/home/user/bin adleave path: /usr/sbin/adleave` It also looks like adleave is symlinked to another path: `/usr/sbin/adleave -> /usr/share/centrifydc/bin/cdcexec` — AndG, Dec 09 '16 at 18:04
@Christopher the path for adleave is `/usr/sbin/adleave`. I also did `sudo env` and `/usr/sbin` is included in `$PATH` for sudo. At this point, I'm thinking there is some other environment setting, profile script or maybe something in PAM that is overriding this. — AndG, Dec 09 '16 at 19:52

score 0 · Answer 1 · answered Dec 09 '16 at 22:19

0

Reading comments to your initial post: have you tried using /usr/sbin/adleave in your script, instead of adleave.

answered Dec 09 '16 at 22:19

SYN

2,793
12
19

remote sudo commands not working

1 Answers1