[sudo-users] Only some group members can sudo -l
Todd C. Miller
Todd.Miller at sudo.ws
Mon Mar 14 11:11:14 MDT 2022
On Mon, 14 Mar 2022 11:49:43 -0500, Johnnie W Adams wrote:
> Or presumably do other sudo things, but that's where I'm stuck. My
> only clue is that the two users who can sudo -l have 2xxx UID/GIDs, whereas
> all the others have 65xxx GIDs.
>
> I'm using version 1.8.29 on RHEL 8.5.
>
> The command line error:
>
> ~]$ sudo -l
>
> sudo: PAM account management error: Permission denied
>
> The /var/log/secure entry:
>
> Mar 14 11:45:10 degreeworksapp4 sudo[69765]: <user> : PAM account
> management error: Permission denied ; TTY=pts/0 ;
Since there seems to be a problem with PAM account management, you
could try disabling that in sudoers. For example:
Defaults !pam_acct_mgmt
and see if that makes a difference. You may be able to find more
information about the PAM failure in one of the other log files.
- todd
More information about the sudo-users
mailing list