[sudo-users] Sudoreplay: Permissions error and sefault - 1.8.19p2
Rudi Kramer
rudi.kramer at gmail.com
Wed Mar 8 06:25:00 MST 2017
Apologies, I forgot to mention that the /var/log/sudo-io folder is a NFS
share mounted as follows:
/etc/fstab:
some.server.com:/fs/data on /var/log/sudo-io type nfs (rw,soft,addr=x.x.x.x)
Here are the file permissions:
/var/log:
drw------T 9 root root 1 Mar 8 12:28 sudo-io
/var/log/sudo-io/:
drwx------ 3 root root 1 Mar 8 09:11 username
/var/log/sudo-io/username/:
-r-------- 1 root root 7 Mar 8 11:19 seq
The current issue I'm having is that the seq file says 000004 but
/var/log/sudo-io/username/00/00/05 exists so I'm getting the following
error message:
sudo: unable to create /var/log/sudo-io/f5030161/00/00/05/log: Permission
denied
There is nothing in the audit.log and it's happening across a few different
systems.
2 Systems:
LSB Version:
:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: RedHatEnterpriseServer
Description: Red Hat Enterprise Linux Server release 6.8 (Santiago)
Release: 6.8
Codename: Santiago
2 Systems:
Distributor ID: Ubuntu
Description: Ubuntu 12.04.5 LTS
Release: 12.04
Codename: precise
Regards
Rudi
On Tue, 7 Mar 2017 at 17:59 Todd C. Miller <Todd.Miller at courtesan.com>
wrote:
On Tue, 07 Mar 2017 07:45:23 +0000, Rudi Kramer wrote:
> I am busy implementing sudoreplay on several servers and for some reason,
> the seq file seems to not update correctly which results in a permission
> denied error message when using the sudo command. I have also noticed a
> segfault at around the same time so I am not sure if the two are related.
Can you verify that /var/log/sudo-io/username/seq exists, is owned
by root and is mode 0600?
What OS are you running? If Linux, is SELinux enabled? If so,
check the audit log for avc denials related to sudo.
- todd
More information about the sudo-users
mailing list