|
Bugzilla – Full Text Bug Listing |
| Summary: | does not work with fc 23 , I had to downgrade | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | alcol |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | low | ||
| Version: | 1.8.15 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Attachments: |
screen of login
debug |
||
|
Description
alcol
2016-01-29 01:38:43 MST
Are you using an /etc/sudoers file or is the sudoers info in LDAP or SSSD? Do you get any kind of error message from sudo? If you add the following lines to /etc/sudo.conf sudo will create a /var/log/sudo file with debugging info that may help track down the problem: Debug sudo /var/log/sudo_debug all@debug Debug sudoers.so /var/log/sudo_debug all@debug I use sudoers edited via visudo statement I get no errors simply I have back system prompt after I write right password. If I write wrong password , I'm prompted for it again example USER1$ sudo su - Password: USER1$ every try to access root items as files or other I get access denied. simply su - statement work fine I installed sudo from yum / dnf or compiled from me as I do from years wirh new versions as last I checked what version was (last compiled from me) on other production systems so I used an old version and all worked fine getting # prompt instead of $ on sudo su - I installed fc23 in a VM and had no trouble with the sudo-1.8.15-1.fc23 package installed via dnf or compiled from source. In order to debug this I'll need the debug log or a copy of your sudoers file. I believe this is fixed in sudo 1.8.17. Please re-open if not. Created attachment 477 [details]
screen of login
I used another not critical machine to make a test ever fc 23 server 32 bit is installed on a simple pc uname -a Linux fw.sistinf.it 4.5.6-200.fc23.i686+PAE #1 SMP Wed Jun 1 21:53:08 UTC 2016 i686 i686 i386 GNU/Linux [colosi@fw ~]$ sudo --version Sudo version 1.8.17p1 Sudoers policy plugin version 1.8.17p1 Sudoers file grammar version 45 Sudoers I/O plugin version 1.8.17p1 I've installed a 32-bit fedora 23 system and I still can't reproduce your problem. $ uname -a Linux fedora23-x86.courtesan.com 4.6.6-200.fc23.i686+PAE #1 SMP Thu Aug 11 01:17:59 UTC 2016 i686 i686 i386 GNU/Linux $ sudo -V Sudo version 1.8.17p1 Sudoers policy plugin version 1.8.17p1 Sudoers file grammar version 45 Sudoers I/O plugin version 1.8.17p1 $ sudo su - # id uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Please provide the output of "echo $?" after the "sudo su -" that is not working. That may indicate that the shell was killed by a signal (and if so, which one). If you can generate a debug log as I mentioned previously that will help immensely. (In reply to Todd C Miller from comment #7) > I've installed a 32-bit fedora 23 system and I still can't reproduce > your problem. > > $ uname -a > Linux fedora23-x86.courtesan.com 4.6.6-200.fc23.i686+PAE #1 SMP Thu > Aug 11 01:17:59 UTC 2016 i686 i686 i386 GNU/Linux > > $ sudo -V > Sudo version 1.8.17p1 > Sudoers policy plugin version 1.8.17p1 > Sudoers file grammar version 45 > Sudoers I/O plugin version 1.8.17p1 > > $ sudo su - > # id > uid=0(root) gid=0(root) groups=0(root) > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > Please provide the output of "echo $?" after the "sudo su -" that is > not working. That may indicate that the shell was killed by a > signal (and if so, which one). > > If you can generate a debug log as I mentioned previously that will > help immensely. I'm trying with debug I compile with ./configure --enable-shell-sets-home --with-pam --with-logging --with-logpath=/var/log --with-tty-tickets --with-pam-login --with-logging=both --with-passwd-tries=3 --with-password-timeout=1 --with-goons-insults --with-insults --with-all-insults --with-hal-insults possible is there the problem ? Created attachment 482 [details]
debug
debug
I compiled sudo-1.8.17p1 without parameters on configure and with no compile option work what's wrong with ./configure --enable-shell-sets-home --with-pam --with-logging --with-logpath=/var/log --with-tty-tickets --with-pam-login --with-logging=both --with-passwd-tries=3 --with-password-timeout=1 --with-goons-insults --with-insults --with-all-insults --with-hal-insults What is happening is that when sudo tries to log to the log file it encounters an error and exits. This could happen, for example, when the filesystem the log file is located on is full. The error is sent via email if possible but is not displayed to the standard error. You have the following configure options: --with-logpath=/var/log --with-logging=both based on that, sudo will try to log to /var/log the directory and not, for example, a file like /var/log/sudo.log Older versions of sudo ignored failures to write to the log file. In sudo 1.8.18 this will be configurable, with the default being to allow the command to be run even if the log cannot be written. This is more consistent with how syslog works. Also, the message is written to the standard error in 1.8.18. For example: $ sudo -V Sudo version 1.8.18b2 Sudoers policy plugin version 1.8.18b2 Sudoers file grammar version 45 Sudoers I/O plugin version 1.8.18b2 $ sudo id sudo: unable to open log file: /var/log: Is a directory uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) Setting the logpath properly should resolve your issue. If you are interested in trying the sudo 1.8.18 beta, you can find it at: https://www.sudo.ws/dist/beta/sudo-1.8.18b1.tar.gz Fixed in sudo 1.8.18 |