[sudo-users] sudo on Solaris 10 non global zone with Powerbroker Open 7

Todd C. Miller Todd.Miller at courtesan.com
Wed Jun 27 15:15:42 EDT 2012


On Wed, 27 Jun 2012 15:03:48 EDT, "Todd C. Miller" wrote:

> It is possible that the problem is with the Powerbroken Open nss
> module when resolving groups.  You could try using local groups
> file in /etc/nsswitch.conf and see if sudo returns more quickly.

Alternately, you could create /etc/sudo.conf with a line like:

Debug sudo /var/log/sudo_debug nss at trace

then run a sudo command.  If you look in /var/log/sudo_debug
for the lines that contain:

    -> make_grlist_item

and

    <- make_grlist_item 

and compare the timestamps for the -> (function entered) and <-
(function exit) lines, if you see that function taking several
minutes then the problem is with group ID to name resolution in the
Powerbroken Open nss module.

 - todd



More information about the sudo-users mailing list