I tried this solution on a freshly installed and updated NS7.8
With the proposed powerusers file in sudoers.d did not work when naming the file 90_powerusers
However, the order seems relevant. Changing the name to 10_powerusers did work.
Problem was with logging in to cockpit. With an LDAP user de values in cockpit did not load. After changing the name of the file, the values did load.
@giacomo@stephdl@davidep Is there anything why changing the name of the powerusers file should not start with 10? Would it be better if it is later in the list? Can you give some clarification why I encountered this behavior?
I was troubleshooting this with Markus, but even adding wheel to the user gave an error with cockpit. The values just didn;t load and in the end it throws an error:
Error
The following command has failed:
system-task/read
Unfortunately we couldnât catch the exact error. If you want to help, please click on the button below to copy the failed command to the clipboard, paste it into the Terminal and submit command output to the developers.
I had to use the above mentioned trick, but this only worked when the âpowerusersâ file was processed earlier than with name starting with 90
Yes it would be there to do the job. But I encountered an issue with logging into cockpit. The only accounts that would load the values in cockpit (for example in the dashboard) were admin from LDAP and root.
Later created accounts can log into cockpit but values are not shown. After a time out, cockpit throws an error:
Error
The following command has failed:
system-task/read
Unfortunately we couldnât catch the exact error. If you want to help, please click on the button below to copy the failed command to the clipboard, paste it into the Terminal and submit command output to the developers.
Then pasting the command in terminal gives no clues what happened.
I encountered this on a freshly installed NS7.8 with all updates. @mrmarkuz experienced the same on his own server. IMO there is some bug in cockpit permissions that blocks users from getting output. Creating the âpowerusersâ group and adding a file, that allows all for the powerusers, to the sudoers.d directory only works if it is not last in the list.
maybe @quality_team could try and confirm this?
To me, depending and relying on a order of execution of files seems a bit tricky and hacky. Is this how we want to grant users sudo rights?