[sudo-users] Calling sudo from PHP script under Apache httpd

Thu Feb 11 04:26:48 MST 2021

Hi Róbert,

Thanks for your answere.

Thursday, February 11, 2021, 12:59:24 PM, Вы написали:

> Since audit plugin open fails, you might want to check the logs of that 
> also, that seems to be under /var/log/sudo_plugin.log in your config.
  I can't, because there is no such file at all.

> Just an idea: a difference might be some selinux rules limiting what 
> apache service is allowed to do?
  By default SElinux on Debian is turned off and no action from my side to activate it in past.
  So, SELinux is not in use.

> On 2/11/21 10:45 AM, Dima Goncharuck wrote:
>> Hi All,
>> 
>> I have some problem with subj and I can't detect a source(s) of a problem(s).
>> 
>>   So, I need to run some command by php script via Apache HTTPD.
>>   And it's not working at all. In httpd log file (/var/log/apache/error.log) I can see this:
>>   
>> sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
>> sudo: unable to initialize policy plugin
>> 
>> With turned on sudo debug I can see this (/var/log/sudo_debug.log):
>> 
>> Feb 10 13:28:31 sudo[30657] parse_variable: /etc/sudo.conf:3: Set disable_coredump false
>> Feb 10 13:28:31 sudo[30657] get_user_groups: got 1 groups via getgroups()
>> Feb 10 13:28:31 sudo[30657] unable to resolve tty via /proc/self/stat: No such file or directory @ get_process_ttyname() ./ttyname.c:269
>> Feb 10 13:28:31 sudo[30657] -> sudo_load_plugins @ ./load_plugins.c:482
>> Feb 10 13:28:31 sudo[30657] -> sudo_load_plugin @ ./load_plugins.c:272
>> Feb 10 13:28:31 sudo[30657] -> sudo_check_plugin @ ./load_plugins.c:112
>> Feb 10 13:28:31 sudo[30657] -> sudo_stat_plugin @ ./load_plugins.c:46
>> Feb 10 13:28:31 sudo[30657] <- sudo_stat_plugin @ ./load_plugins.c:104 := 0
>> Feb 10 13:28:31 sudo[30657] <- sudo_check_plugin @ ./load_plugins.c:144 := true
>> Feb 10 13:28:31 sudo[30657] -> fill_container @ ./load_plugins.c:160
>> Feb 10 13:28:31 sudo[30657] <- fill_container @ ./load_plugins.c:177 := true
>> Feb 10 13:28:31 sudo[30657] <- sudo_load_plugin @ ./load_plugins.c:365 := true
>> Feb 10 13:28:31 sudo[30657] -> sudo_load_plugin @ ./load_plugins.c:272
>> Feb 10 13:28:31 sudo[30657] -> sudo_check_plugin @ ./load_plugins.c:112
>> Feb 10 13:28:31 sudo[30657] -> sudo_stat_plugin @ ./load_plugins.c:46
>> Feb 10 13:28:31 sudo[30657] <- sudo_stat_plugin @ ./load_plugins.c:104 := 0
>> Feb 10 13:28:31 sudo[30657] <- sudo_check_plugin @ ./load_plugins.c:144 := true
>> Feb 10 13:28:31 sudo[30657] -> sudo_insert_plugin @ ./load_plugins.c:242
>> Feb 10 13:28:31 sudo[30657] -> plugin_exists @ ./load_plugins.c:204
>> Feb 10 13:28:31 sudo[30657] <- plugin_exists @ ./load_plugins.c:210 := false
>> Feb 10 13:28:31 sudo[30657] -> new_container @ ./load_plugins.c:185
>> Feb 10 13:28:31 sudo[30657] -> fill_container @ ./load_plugins.c:160
>> Feb 10 13:28:31 sudo[30657] <- fill_container @ ./load_plugins.c:177 := true
>> Feb 10 13:28:31 sudo[30657] <- new_container @ ./load_plugins.c:194 := 0x564fcf853480
>> Feb 10 13:28:31 sudo[30657] <- sudo_insert_plugin @ ./load_plugins.c:259 := true
>> Feb 10 13:28:31 sudo[30657] <- sudo_load_plugin @ ./load_plugins.c:365 := true
>> Feb 10 13:28:31 sudo[30657] -> sudo_load_plugin @ ./load_plugins.c:272
>> Feb 10 13:28:31 sudo[30657] -> sudo_check_plugin @ ./load_plugins.c:112
>> Feb 10 13:28:31 sudo[30657] -> sudo_stat_plugin @ ./load_plugins.c:46
>> Feb 10 13:28:31 sudo[30657] <- sudo_stat_plugin @ ./load_plugins.c:104 := 0
>> Feb 10 13:28:31 sudo[30657] <- sudo_check_plugin @ ./load_plugins.c:144 := true
>> Feb 10 13:28:31 sudo[30657] -> sudo_insert_plugin @ ./load_plugins.c:242
>> Feb 10 13:28:31 sudo[30657] -> plugin_exists @ ./load_plugins.c:204
>> Feb 10 13:28:31 sudo[30657] <- plugin_exists @ ./load_plugins.c:210 := false
>> Feb 10 13:28:31 sudo[30657] -> new_container @ ./load_plugins.c:185
>> Feb 10 13:28:31 sudo[30657] -> fill_container @ ./load_plugins.c:160
>> Feb 10 13:28:31 sudo[30657] <- fill_container @ ./load_plugins.c:177 := true
>> Feb 10 13:28:31 sudo[30657] <- new_container @ ./load_plugins.c:194 := 0x564fcf8534d0
>> Feb 10 13:28:31 sudo[30657] <- sudo_insert_plugin @ ./load_plugins.c:259 := true
>> Feb 10 13:28:31 sudo[30657] <- sudo_load_plugin @ ./load_plugins.c:365 := true
>> Feb 10 13:28:31 sudo[30657] -> plugin_exists @ ./load_plugins.c:204
>> Feb 10 13:28:31 sudo[30657] <- plugin_exists @ ./load_plugins.c:208 := true
>> Feb 10 13:28:31 sudo[30657] -> sudo_init_event_alloc @ ./load_plugins.c:424
>> Feb 10 13:28:31 sudo[30657] <- sudo_init_event_alloc @ ./load_plugins.c:438
>> Feb 10 13:28:31 sudo[30657] -> sudo_register_hooks @ ./load_plugins.c:386
>> Feb 10 13:28:31 sudo[30657] <- sudo_register_hooks @ ./load_plugins.c:417
>> Feb 10 13:28:31 sudo[30657] <- sudo_load_plugins @ ./load_plugins.c:548 := true
>> Feb 10 13:28:31 sudo[30657] settings: progname=sudo
>> Feb 10 13:28:31 sudo[30657] settings: network_addrs=192.168.255.4/255.255.255.240 192.168.88.166/255.255.255.0
>> Feb 10 13:28:31 sudo[30657] settings: plugin_dir=/usr/lib/sudo/
>> Feb 10 13:28:31 sudo[30657] error initializing audit plugin sudoers_audit @ audit_open() ./sudo.c:1591

-- 
С уважением,
 Dima                            mailto:dgoncharuk at neocm.com