User login loop after added to sudoers

Jeremy Ciaramella

Registered
May 25, 2019
1
0
1
Tempe
cPanel Access Level
Root Administrator
We installed Jenkins on our server and linked it with a Github account. The user associated with the Jenkins processes needed sudoer-level privileges. I logged in as root, ran the command usermod -G wheel $sudouser, where $sudouser was also a cPanel account.

Then when the user went to the cPanel login, it would not error out, it would just reset the login over and over. (e.g. https://ourserver.tld:2083) On a hunch, I tried to login to the WHM with said $sudouser and was able to login to a stripped down WHM.

I discovered later there is an "add-user to sudoers" function in WHM. I saw the user there, removed them, tried to login (same thing), removed the user via the command line, tried to login, (same thing). Changed the owner of the account. To be clear, the new $sudouser is no longer listed in the sudoers in WHM or command line.

This is what is logged in the "/user/local/cpanel/logs/login_log" when this user tries to login:
[2019-05-25 18:10:43 +0000] info [cpaneld] 70.176.115.194 - $sudouser "GET /cpsess9889668778/frontend/paper_lantern/index.html?login=1&post_login=30066699817051 HTTP/1.1" DEFERRED LOGIN cpaneld: switchuser: uid or gid passed user switch is less than 99

That user's entry in the /etc/password and /etc/shadow
$sudouser:x:1001:10::/home/$sudouser:/bin/bash
$sudouser:[herebesomehashedupgobblygookstuff]:18041::99999:7:::

I tried to submit a support ticket using the email address where cPanel folks sent the receipts and the bills. Apparently, this email is not in their system and I don't get the "password reset links." (Yes I check my "spam" mails...)

Thoughts?