fix error : sudo: sorry, you must have a tty to run sudo

That’s probably because your /etc/sudoers file (or any file it includes) has:

…which makes sudo require a TTY. Red Hat systems (RHEL, Fedora…) have been known to require a TTY in default sudoers file. That provides no real security benefit and can be safely removed.

Red Hat have acknowledged the problem and it will be removed in future releases.

Solution 1: Change the configuration of the server

Solution 2:  If changing the configuration of the server is not an option, as a work-around for that mis-configuration, you could use the -t or -tt options to ssh which spawns a pseudo-terminal on the remote side, but beware that it has a number of side effects.

-tt is meant for interactive use. It puts the local terminal in raw mode so that you interact with the remote terminal. That means that if ssh I/O is not from/to a terminal, that will have side effects. For instance, all the input will be echoed back, special terminal characters (^?, ^C, ^U) will cause special processing; on output, LFs will be converted to CRLFs… (see this answer to Why is this binary file being changed? for more details.

To minimise the impact, you could invoke it as:

The < <(cat) will avoid the setting of the local terminal (if any) in raw mode. And we’re using stty raw -echo to set the line discipline of the remote terminal as pass through (effectively so it behaves like the pipe that would be used instead of a pseudo-terminal without -tt, though that only applies after that command is run, so you need to delay sending something for input until that happens).

Note that since the output of the remote command will go to a terminal, that will still affect its buffering (which will be line-based for many applications) and bandwidth efficiency since TCP_NODELAY is on. Also with -tt, ssh sets the IPQoS to lowdelay as opposed to throughput. You could work around both with:

Also, note that it means the remote command cannot detect end-of-file on its stdin and the stdout and stderr of the remote command are merged into a single stream.

So, not so good a work around after all.

If you’ve a got a way to spawn a pseudo-terminal on the remote host (like with expect, zsh, socat, perl’s IO::Pty…), then it would be better to use that to create the pseudo-terminal to attach sudo to (but not for I/O), and use ssh without -t.

For example, with expect:

Leave a Reply

Your email address will not be published. Required fields are marked *