(It was just a sudo-problem…)
Maybe a few weeks ago, I logged in to one of my Linux boxen and tried to use sudo to start the VPN client. It said that my user was not authorized to use sudo. “Huh,” I thought. So instead I just su’d to start the client, and that worked. I checked /etc/sudoers, but didn’t see anything that looked amiss.
Then, I think last week, I couldn’t connect to the VPN even using this strategy. I thought I had uninstalled one too many kernel modules (when the auto-updater shows the packages that are going to be updated, several times I’ve noticed packages I don’t need, and uninstalled them before updating, to save time and disk space — I don’t really need ALL the localization packages for Firefox, for instance)…
Solving the Connection Problem
It turns out the second issue had an easy solution: the VPN access point had changed, and I just needed to edit /etc/vpnc/name-of-vpnc-configuration.conf and update the IP address on the IPSec gateway line.
Solving the Sudo Problem
Now that the VPN connection was working, I was motivated to see if I could also get sudo working again.
The part of my /etc/sudoers file that looked like it had anything to do with anything was this:
%vpnusers localhost=/usr/sbin/vpnc %vpnusers localhost=NOPASSWD: /usr/sbin/vpnc-disconnect
I verified that my user is a member of the vpnusers group (besides, this had been working, and I didn’t remember removing my user from any groups)… I looked over the EXAMPLES section of the Sudoers Manual, and after some cogitation, it hit me: I had recently changed the hostname of my Linux box from simply localhost to something else. Using visudo, I changed these lines so that vpnusers have permissions on the somethingelse host instead of on localhost:
%vpnusers somethingelse=/usr/sbin/vpnc %vpnusers somethingelse=NOPASSWD: /usr/sbin/vpnc-disconnect
And now sudo works again.