summaryrefslogtreecommitdiff
path: root/www/posts/linux/2020-07-13/sudo-sorry-you-must-have-a-tty-to-run-sudo/index.html
blob: cb7c3d388b59ed7bc0ee5fcdea7a49f071cf03ef (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

<!doctype html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <title>Sudo: sorry, you must have a tty to run sudo</title>
        <link rel="shortcut icon" href="/images/favicon.png">
        <link rel="stylesheet" href="/css/site.css">
        <link href="/posts/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts"/>
        <link href="/posts/arch/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Arch"/>
        <link href="/posts/gemini/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Gemini"/>
        <link href="/posts/jigsaw/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Jigsaw"/>
        <link href="/posts/laravel/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Laravel"/>
        <link href="/posts/linux/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Linux"/>
        <link href="/posts/markdown/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Markdown"/>
        <link href="/posts/netlify/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Netlify"/>
        <link href="/posts/nextcloud/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Nextcloud"/>
        <link href="/posts/php/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About PHP"/>
    </head>
    <body>
        <section><h1>Sudo: sorry, you must have a tty to run sudo</h1><blockquote>Mon 13th July 2020 By David T. Sadler.</blockquote><p>I have found Deployer to be a great tool for deploying PHP applications. However when first setting out to use it I soon came across the error message &#039;sudo: sorry, you must have a tty to run sudo&#039;. After some investigation I found that the error was triggered when Deployer was running commands via sudo. For those that don&#039;t know Deployer works by executing commands on your servers via ssh and depending on your server&#039;s configuration there could be issues when sudo is one of those commands.</p><h2>What is meant by &#039;sudo: sorry, you must have a tty to run sudo&#039;?</h2><p>When sudo is executed the file /etc/sudoers is read to determine which users or groups can use sudo and what commands they can run. It actually does a bit more than that and you should read the manual for more information.</p><p>If you examine the sudoers file you will find that it contains the setting Defaults requiretty. This means that sudo can only be ran from a real tty. In other words if a user wants to run sudo they must have logged into a terminal before hand. This is normally a security feature so that sudo can&#039;t be ran from things such as cron jobs. However, it also means that you will have issues when running sudo from another machine via ssh as you also won&#039;t be logged into an actual terminal.</p><h2>How to resolve the issue?</h2><p>If you&#039;re happy to change the setting for all users simply use visudo to edit /etc/sudoers and change Defaults requiretty to Defaults !requiretty. Alternatively you can remove the tty requirement for a single user. In fact that is what I do when using Deployer. Since it connects to the server using a user called deployer I add the below configuration with visudo.</p><pre><code class="shell">Defaults:deployer !requiretty
deployer ALL=(ALL) NOPASSWD:/usr/bin/chown, /usr/bin/tee, /usr/sbin/apachectl</code></pre><p>This configuration allows the deployer user to execute sudo when not logged into a real terminal and additionally not prompt for a password when executing chown, tee, and apachectl.</p><h2>Using Pseudo-tty</h2><p>An alternative is to use the pseudo-tty option when connecting via ssh.</p><pre><code class="shell">$ ssh -t user@example.com sudo apachectl restart</code></pre><h3>Links</h3><a href="https://deployer.org/">Deployer - A Deployment Tool for PHP.</a><a href="https://www.sudo.ws/man/sudoers.man.html">Sudo Manual.</a><a href="/posts/linux/">Linux - Read More Posts.</a><p>I don&#039;t have comments as I don&#039;t want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></section>
        <script defer src="/js/highlight.min.js"></script>
        <script defer src="/js/site.js"></script>
    </body>
</html>