Check Password Policy for sudo fails when attempting to deploy a Deployment Procedure

In order to deploy a Deployment Procedure for an Oracle Home or CRS image you will need to have sudo configured correctly.

This document will detail two sudo configuration issues that will be detected by the Analyze phase of the deployment procedures.

sudo: sorry, you must have a tty to run sudo

Oracle Enterprise Linux (applies to RHEL as well) has the requiretty option set in the /etc/sudoers configuration file. The requiretty option requires the user executing sudo to be logged into a real tty session. Using visudo to edit the /etc/sudoers file you will see that the requiretty option is set.

Note: The visudo command is the recommended method to modify the /etc/sudoers file.

# Disable "ssh hostname sudo <cmd>", because it will show the password in clear. 
#         You have to run "ssh -t hostname sudo <cmd>".
Defaults    requiretty

You could remove the requiretty option by adding a comment in front of Defaults in the line.

#Defaults    requiretty

This will any user to execute sudo without requiring a real tty session. While this will resolve the problem at hand, a better solution would be to just allow the oracle user to execute sudo without a real tty session.

Defaults            requiretty
Defaults:oracle     !requiretty

The above lines will allow the oracle user to run sudo without a tty session but require a tty session for all other users.

[sudo] password for oracle: Sorry, try again.

The Deployment Procedure requires to ability to issue sudo commands without the need of a password.

To resolve this issue use visudo to change the /etc/sudoers file.

Change the line

oracle  ALL=(root)              ALL


oracle  ALL=(root)              NOPASSWD: ALL

Leave a Reply

Your email address will not be published. Required fields are marked *