[sudo-users] Sudoreplay: Permissions error and sefault - 1.8.19p2

Rudi Kramer rudi.kramer at gmail.com
Wed Mar 8 06:25:00 MST 2017

Apologies, I forgot to mention that the /var/log/sudo-io folder is a NFS
share mounted as follows:

some.server.com:/fs/data on /var/log/sudo-io type nfs (rw,soft,addr=x.x.x.x)

Here are the file permissions:

drw------T   9 root   root           1 Mar  8 12:28 sudo-io

drwx------   3 root root    1 Mar  8 09:11 username

-r-------- 1 root root 7 Mar  8 11:19 seq

The current issue I'm having is that the seq file says 000004 but
 /var/log/sudo-io/username/00/00/05 exists so I'm getting the following
error message:

sudo: unable to create /var/log/sudo-io/f5030161/00/00/05/log: Permission

There is nothing in the audit.log and it's happening across a few different

2 Systems:

LSB Version:
Distributor ID: RedHatEnterpriseServer
Description: Red Hat Enterprise Linux Server release 6.8 (Santiago)
Release: 6.8
Codename: Santiago

2 Systems:

Distributor ID: Ubuntu
Description: Ubuntu 12.04.5 LTS
Release: 12.04
Codename: precise


On Tue, 7 Mar 2017 at 17:59 Todd C. Miller <Todd.Miller at courtesan.com>

On Tue, 07 Mar 2017 07:45:23 +0000, Rudi Kramer wrote:

> I am busy implementing sudoreplay on several servers and for some reason,
> the seq file seems to not update correctly which results in a permission
> denied error message when using the sudo command. I have also noticed a
> segfault at around the same time so I am not sure if the two are related.

Can you verify that /var/log/sudo-io/username/seq exists, is owned
by root and is mode 0600?

What OS are you running?  If Linux, is SELinux enabled?  If so,
check the audit log for avc denials related to sudo.

 - todd

More information about the sudo-users mailing list