[sudo-users] script runs using sudo but not as root

Russell Van Tassell russell+sudo-users at loosenut.com
Thu Jan 22 04:34:23 EST 2009

Well, cfengine still "keeps state" based on when it last ran, what it
did, etc... and it generally uses BDB to do so (I believe that it
normally ends up in /var/cfengine, but many installations, particularly
old ones, seem to change that spot).

So here, it sounds like cfagent *might* be missing a shared symbol or
library from the Berkeley DB distro...  and again, that might be tied
to NFS and/or permissions.  Or it can be as simple as a shared library
and/or / dynamic linker path (maybe a homedir change that messed that
up).  But it doesn't sounds like a sudo issue, directly...

You can try "ldd" on the cfengine binaries under different user ids, and
maybe see if something turns up missing, there... that might give you
some additional hints as to what's going on here.

On Thu, Jan 22, 2009 at 10:19:40AM +0100, Mike Gallamore wrote:
> The cfengine script "just" maintains the permissions on the common  
> security files (group, sudoers, shadow and passwd for example), and  
> makes sure that all the nodes are configured with the same nfs mounts.
> It was kept on a NFS directory because all the other systems in the  
> VLAN are PXE booted off this fileserver, so it is the only system that  
> isn't going to be reinstalled on a frequent basis. The script gives:
> /opt/cfengine/sbin/cfagent: symbol lookup error: /opt/cfengine/sbin/ 
> cfagent: undefined symbol: db_create
> When run as root, but not when sudoed from other user accounts or even  
> root. Binary incompatibility, anything is possible I suppose, but the  
> version of cfengine wasn't changed, it was installed on the 64-bit  
> nodes, but it was already installed and working on the 32-bit nodes  
> for years. Could it be something as simple as a binary log file being  
> touched last by a 64-bit node and then the 32-bit ones can no longer  
> read it? Not sure how to determine that.
> On Jan 21, 2009, at 8:04 PM, Russell Van Tassell wrote:
> >Well, sounds like you eliminated too many details... such as even  
> >saying
> >what or how the script fails -- what does it fail to do?  What are the
> >errors you're receiving?

Russell M. Van Tassell
russell at loosenut.com

"My expectations were reduced to zero when I was 21. Everything since
 then has been a bonus."                              -- Stephen Hawking

More information about the sudo-users mailing list