[Freeipa-users] sudo rules question on ubuntu 16.0.1

Jeff Goddard jgoddard at emerlyn.com
Fri Aug 12 12:31:52 UTC 2016 

Jakub,

I apologize for my ignorance, can you give me the syntax for that? In the
file I created I only added the statement "debug_level=9". Adding a
"log_file=/var/log/sudo.log" statement does not produce a file. Googling
for syntax returns a bunch of results for the sudoers file. Also of note,
digging around and looking at the auth.log file I see entries such as this:

Aug 12 08:16:27 docker-dev-01 login[29210]: pam_sss(login:auth):
authentication success; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser=
rhost= user=jgoddard
Aug 12 08:16:29 docker-dev-01 login[29210]: pam_unix(login:session):
session opened for user jgoddard by LOGIN(uid=0)
Aug 12 08:16:29 docker-dev-01 systemd: pam_unix(systemd-user:session):
session opened for user jgoddard by (uid=0)
Aug 12 08:16:29 docker-dev-01 systemd-logind[3252]: New session 77 of user
jgoddard.
Aug 12 08:16:37 docker-dev-01 sudo: pam_unix(sudo:auth): authentication
failure; logname=jgoddard uid=320000001 euid=0 tty=/dev/tty1 ruser=jgoddard
rhost=  user=jgoddard
Aug 12 08:16:37 docker-dev-01 sudo: pam_sss(sudo:auth): authentication
success; logname=jgoddard uid=320000001 euid=0 tty=/dev/tty1 ruser=jgoddard
rhost= user=jgoddard
Aug 12 08:16:38 docker-dev-01 sudo: jgoddard : command not allowed ;
TTY=tty1 ; PWD=/home/jgoddard ; USER=root ; COMMAND=list



On Fri, Aug 12, 2016 at 3:52 AM, Jakub Hrozek <jhrozek at redhat.com> wrote:

> On Thu, Aug 11, 2016 at 05:02:49PM -0400, Jeff Goddard wrote:
> > Manually creating the file and then restarting the service and performing
>
> So according to this:
>
> > (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> > Returning info for user [jgoddard at internal.emerlyn.com]
> > (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> > Retrieving rules for [jgoddard] from [internal.emerlyn.com]
> > (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> > "ltdb_callback": 0x6dbce0
>
> at least one rule was passed on to sudo to process. Can you look into
> the sudo log (not sssd_sudo, but really the log from the sudo
> executable, the one you asked sudo to create in /etc/sudo.conf) and see
> why sudo didn't allow you to execute anything?
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>



Thanks,

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/2d6eec0e/attachment.htm>

More information about the Freeipa-users mailing list