[sudo-users] What should I check?

Mon Dec 21 11:18:04 MST 2015

We have had this happen on CentOS7 and Ubunto 14.04 LTS recently. Login then do sudo -i, enter a correct password at the password prompt only to get: 

sudo: unable to open /var/log/sudo-io/seq: Read-only file system 

We haven't tampered with 'seq' (per direction in reponse to a previous question). A reboot solves the problem. 

egrep -v '^#|^$' /etc/sudoers on CentOS7 produces: 

Defaults requiretty 
Defaults !visiblepw 
Defaults always_set_home 
Defaults env_reset 
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" 
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" 
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" 
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" 
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" 
Defaults log_output 
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin 
root ALL=(ALL) ALL 
%wheel ALL=(ALL) ALL 

CentOS7 doesn't support MaxSeq, the highest directory under /var/log/sudo-io/00/00 is 4P. 'df -h' shows: 

/dev/sda1 12G 98M 11G 1% /var/log 

egrep -v '^#|^$' /etc/sudoers on Ubuntu 14.04 LTS produces: 

Defaults env_reset 
Defaults mail_badpass 
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 
Defaults log_output 
Defaults maxseq=400 
root ALL=(ALL:ALL) ALL 
%admin ALL=(ALL) ALL 
%sudo ALL=(ALL:ALL) ALL 
ALL ALL=NOPASSWD: /usr/bin/msmtp 

'df -h' shows: 

/dev/sdb1 9.8G 687M 8.6G 8% /var/log 

Confidentiality Notice | This email and any included attachments may be privileged, confidential and/or otherwise protected from disclosure.  Access to this email by anyone other than the intended recipient is unauthorized.  If you believe you have received this email in error, please contact the sender immediately and delete all copies.  If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.