I think you misunderstand what the purpose of transparent login/sudo is.
Sudo never prompts for the "root" password, it prompts for the current logged in user password. Adding a user to sudoers does not make them a permanent administrator, it allows them to elevate privileges for a single command.
To make an analogy, sudo is like UAC in windows; your user account may be in the administrators group on your workstation, but when you log in you cant do anything administrative until you elevate by passing a UAC prompt... this prevents scripts, viruses, etc that may be started by your day to day use of your computer from using your admin privileges without your knowledge
If your sudoer's line uses the "nopasswd", option, then the user can do it without the password... however that's not recommended. Without 'nopasswd', sudo will always prompt for a password (NOTE: sudo privileges will persist for a configurable period of time, so subsequent runs in that time window may not prompt)
So essentially, what Transparent login is doing is allowing a user to ssh into a box with an unknown password, then run sudo commands and not be prompted for a password they don't know.
Original Message:
Sent: 09-05-2019 01:17 PM
From: Luis Alberto Huallpa Torre
Subject: Set a global command for transparent login (SSH)
Hi Josh, Kevin,
I used "sudo/pbrun" transparent login,
but when i write something like sudo ls it shows "supervisor is not in the sudoers file. This incident will be reported"
Original Message:
Sent: 09-05-2019 11:26 AM
From: Kevin Dedcovich
Subject: Set a global command for transparent login (SSH)
Hi,
You can do it on sudo as a whole, as depicted above.
Or you can do it for certain commands.
To do this in the PAM UI >> Configuration >> Security >> Access >> Turn On "Command String"
Than you have two options in the drop down.
Using the first option -> any command with sudo in front of it will work (even sudo su -)
the second option (command string) - you can just link to a specific sudo command -> ie: sudo ls
Regards,
Kevin D.
Original Message:
Sent: 09-05-2019 11:14 AM
From: Josh Dilocker
Subject: Set a global command for transparent login (SSH)
Hello, Are you able to select a Transparent Login type of "sudo/pbrun" like the screenshot below? This would then insert the password for any use of sudo.
Thanks,
Josh
Original Message:
Sent: 09-04-2019 05:05 PM
From: Luis Alberto Huallpa Torre
Subject: Set a global command for transparent login (SSH)
Hi,
is it possible set a global comand like 'sudo' on pam for SSH Transparent Login, so when the users need to elevete their privileges something like 'sudo ls' or 'sudo mkdir demo' (just an example) pam inject the password.
Or I necesary have to inser all the commands that the users are going to use??
Regards.