[sudo-users] sudo and nss_db fails to find group
Todd C. Miller
Todd.Miller at courtesan.com
Tue Mar 3 09:14:02 MST 2015
You need to provide some more information. What operating system
are you running? What versions of sudo are on the machines? Are
the ones where sudo works as expected the same version of sudo as
the ones where it does not?
Sudo uses the group vector set by the kernel to determine what
groups the user is a member of (set when the user logs in). If
there appear to be more groups than the kernel can store it will
use the getgrouplist() function instead.
You can use the "getent initgroups" to look up the groups as sudo
would. For example:
$ getent initgroups skesterson
If this doesn't list the gid for eanops_sudo then that is the
problem.
Also, if you have a sudoers rule after %eanops_sudo that grants
privileges without NOPASSWD to user skesterson that could be causing
you grief. Running "sudo -l" as skesterson should make that clear.
- todd
More information about the sudo-users
mailing list