[sudo-users] ldap authentication and local sudoers
Tiago Barros
tiago at me.com
Wed Feb 26 18:14:03 MST 2014
Hello,
I have upgraded a machine from Debian squeeze to wheezy and found that sudo no longer works.
I am using LDAP authentication (openldap) on these machines and since the upgrade every time I try to use sudo I get the following error:
ldap-client:/etc> sudo ls
[sudo] password for tiago:
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: unable to open /var/lib/sudo/tiago/0: Operation not permitted
sudo: unable to set supplementary group IDs: Operation not permitted
sudo: unable to execute /bin/ls: Operation not permitted
This is true regardless if I populate the sudo group locally (on /etc/group) or via the LDAP server.
I also found that an older version of sudo (1.7.10-8) works, but not the current version used by wheezy or the latest version available on www.sudo.ws. sudo on a REHL 6 ldap client also works fine.
I'm completely out of ideas now and would be very thankful if someone could give me some help. I apologize if I'm providing too little information. Please let me know if that is the case.
Thank you very much,
Tiago
#############################################
Additional information:
ldap-client:~> more /etc/pam.d/sudo
#%PAM-1.0
@include common-auth
@include common-account
@include common-session-noninteractive
More information about the sudo-users
mailing list