[sudo-users] What should I check?
Leroy Tennison
leroy at datavoiceint.com
Mon Dec 21 11:18:04 MST 2015
We have had this happen on CentOS7 and Ubunto 14.04 LTS recently. Login then do sudo -i, enter a correct password at the password prompt only to get:
sudo: unable to open /var/log/sudo-io/seq: Read-only file system
We haven't tampered with 'seq' (per direction in reponse to a previous question). A reboot solves the problem.
egrep -v '^#|^$' /etc/sudoers on CentOS7 produces:
Defaults requiretty
Defaults !visiblepw
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults log_output
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
CentOS7 doesn't support MaxSeq, the highest directory under /var/log/sudo-io/00/00 is 4P. 'df -h' shows:
/dev/sda1 12G 98M 11G 1% /var/log
egrep -v '^#|^$' /etc/sudoers on Ubuntu 14.04 LTS produces:
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Defaults log_output
Defaults maxseq=400
root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
ALL ALL=NOPASSWD: /usr/bin/msmtp
'df -h' shows:
/dev/sdb1 9.8G 687M 8.6G 8% /var/log
Confidentiality Notice | This email and any included attachments may be privileged, confidential and/or otherwise protected from disclosure. Access to this email by anyone other than the intended recipient is unauthorized. If you believe you have received this email in error, please contact the sender immediately and delete all copies. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
More information about the sudo-users
mailing list