[sudo-users] sudo fails after version 1.8.23 upgrade in Centos7

Fory Horio Fory.Horio at roguewave.com
Thu Dec 6 18:02:53 MST 2018


We have CentOS Linux release 7.6.1810 (Core) with SELINUX enforced with ssh login with "no password login". Users' password are never set.


 sudo was upgraded from:

Sudo version 1.8.19p2
to:
Sudo version 1.8.23

After the upgrade, sudo no longer works:

sudo ls
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization

tail -20 /var/log/secure
Dec  7 00:58:23 gw-a2-eu sudo: pam_unix(sudo:account): account shorio has expired (failed to change password)
Dec  7 00:58:23 gw-a2-eu sudo:  shorio : TTY=pts/0 ; PWD=/home/shorio ; USER=root ; COMMAND=/bin/ls
Dec  7 00:58:23 gw-a2-eu sudo: PAM pam_set_item: NULL pam handle passed
Dec  7 00:58:23 gw-a2-eu sudo: PAM pam_setcred: NULL pam handle passed
Dec  7 00:58:23 gw-a2-eu sudo: PAM pam_open_session: NULL pam handle passed
Dec  7 00:58:23 gw-a2-eu sudo:  shorio : pam_open_session: System error ; TTY=pts/0 ; PWD=/home/shorio ; USER=root ; COMMAND=/bin/ls


In /var/log/audit/audit.log
type=USER_ACCT msg=audit(1544144303.743:379362): pid=767 uid=1003 auid=4294967295 ses=4294967295 subj=unconfined_u:un
confined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=? acct="shorio" exe="/usr/bin/sudo" hostname=?
 addr=? terminal=/dev/pts/0 res=failed'




More information about the sudo-users mailing list