>
> I have sudo configured with:
>
> # Allow all members of the sudoers group (in LDAP) to run all commands.
> %sudoers ALL=(ALL) NOPASSWD: ALL
>
> I'm a member of the sudoers group, but it is failing to authenticate
> me and this shows up in syslog:
>
> Aug 16 16:04:28 f18test [sssd[krb5_child[16009]]]: Credential cache
> directory /run/user/10325/ccdir does not exist
>
> All but the ccdir does indeed exist. Seeing krb5 mentioned here, I
> should note that system-auth uses Kerberos against an AD server.
Debugging this a little further, I've manually created the required ccdir directory and made myself its owner. Running "groups" as myself, I can confirm my membership to the "sudoers" group. However, sudo still claims "testuser is not in the sudoers file. This incident will be reported." The relevant logs capture:
==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo: pam_unix(sudo:auth): authentication failure; logname=testuser uid=10325 euid=0 tty=/dev/pts/3 ruser=testuser rhost= user=testuser
==> /var/log/audit/audit.log <==
type=USER_AUTH msg=audit(1345210476.895:3118): pid=0 uid=0 auid=10325 ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="testuser" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=success'
==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo: pam_sss(sudo:auth): authentication success; logname=testuser uid=10325 euid=0 tty=/dev/pts/3 ruser=testuser rhost= user=testuser
==> /var/log/audit/audit.log <==
type=USER_ACCT msg=audit(1345210476.896:3119): pid=0 uid=0 auid=10325 ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="testuser" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/3 res=success'
type=USER_CMD msg=audit(1345210476.897:3120): pid=0 uid=0 auid=10325 ses=56 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/00/testuser" cmd="date" terminal=pts/3 res=failed'
==> /var/log/secure <==
Aug 17 09:34:36 f18test sudo: testuser : user NOT in sudoers ; TTY=pts/3 ; PWD=/home/00/testuser ; USER=root ; ENV=PROPHILE=/var/lib/prophile.d/jflorian GVIMINIT=source /var/lib/prophile.d/jflorian/vim/gvimrc VIMINIT=source /var/lib/prophile.d/jflorian/vim/vimrc ; COMMAND=/bin/date
I'm not sure what else I can do to dig further into why sudo is failing.
--
John Florian
-- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test