"Sorry, user root is not allowed to execute"...

Originally posted on 2021-02-10

This error message is truly odd in my humble opinion. I was working on a project today with someone and they saw this error message in their log file. Basically it appeared that root was not allowed to switch users and run a Python script as a different user.

Shouldn't root be able to change into any user? You'd think, but apparently not.

How do you fix it? Stack Overflow bails us out again. The gist is that you need to update /etc/sudoers (with visudo!) and add this line if it is missing:

root    ALL=(ALL:ALL) ALL

For reference, a default Ubuntu /etc/sudoers that has this in it looks like this:

# This file MUST be edited with the 'visudo' command as root.
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
# See the man page for details on how to write a sudoers file.
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
ubuntu    ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown