Are you facing the error, sudo: sorry you must have a tty to run sudo?

This guide is for you.

Sudo is a command-line program that allows users to run programs with the security privileges of another user or group which default to the superuser.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform Linux SSH Command line queries.

In this context, we shall look into how to fix this error on Linux or Unix based systems

Nature of the error sudo: sorry you must have a tty to run sudo ?

Here, TTY stands for teletypewriter. It is a command we use to provide the file name of the terminal connected to the standard input.

For example, /dev/ttys001.

We found that this error occurs when we run the following command:

ssh user@ibmimedia.example.com sudo command1 /path/to/file

The error message stated:

sudo: sorry, you must have a tty to run sudo

OR

sudo: no tty present and no askpass program specified

This is common to Fedora, RHEL, CentOS, many other Linux distribution, and Unix-like systems for security concerns as it shows the password in clear text format.

Moving ahead, this error occurs because the sudo command tries to execute a command that requires a tty.

This happens mostly because we run on a Linux distribution with sudo configured by default to require a tty.

Generally, this was a matter of security concern. However, in reality, this does not provide any real security benefit.

We can enforce it by setting Defaults requiretty in the /etc/sudoers. 

sudo: sorry you must have a tty to run sudo error - How to resolve this error?

1. Use pseudo tty

In order to avoid this error, we have to run ssh command as follows:

ssh -t hostname sudo command
ssh -t user@hostname sudo command
ssh -t user@ibmimedia.example.com sudo command1 /path/to/file

The -t option forces pseudo-tty allocation.

We can use it to execute arbitrary screen-based programs on a remote machine, which can be very useful, for example, when implementing menu services. Multiple -t options force tty allocation, though the ssh has no local tty.

If we encounter the error "Pseudo-terminal will not be allocated because stdin is not a terminal", then we use -tt to force a pseudo-terminal. 

If we do not need a pseudo-terminal, then use -T to simply disable pseudo-tty allocation.

2. The requiretty option in the sudoers file

The requiretty if set in sudo config file sudoers, will only run when the user is logged in to a real tty.

When this flag is set, sudo can only run from a login session and not via other means such as cron, shell/perl/python, or cgi-bin scripts.

Edit /etc/sudoers, file:

# visudo

Find the line that read as follows:

Defaults requiretty

Either comment it out or delete the line:

#Defaults requiretty

Eventually, save and close the file.

To run the command without using the -t option, we can use the su command instead of the sudo command:

## NOTE: RHEL/CentOS specific syntax ##

su –session-command="/path/to/command1 arg1 arg2"

## others ##

su -c '/path/to/command1 arg1 arg2'

OR

ssh user@ibmimedia.example.com su –session-command="/path/to/command1 arg1 arg2"

OR

ssh user@ibmimedia.example.com su -c '/path/to/command1 arg1 arg2'

We can run /scripts/job1 as ibmimedia user using the same syntax:

ssh user@ibmimedia.example.com su –session-command=”/scripts/job1 /nas” ibmimedia

OR

ssh user@ibmimedia.example.com su ibmimedia -c "/scripts/job1 /nas"

Another option is to use the following syntax:

echo -e "\n"|sudo -S command

[Need urgent help with the sudo error resolution? We'd be happy to assist. ]