[sudo-users] Only some group members can sudo -l
Johnnie W Adams
jxadams at ualr.edu
Mon Mar 14 13:37:38 MDT 2022
That did make it work. Thanks!
I realize I'm sliding out of scope, but: What other log files would you
check?
On Mon, Mar 14, 2022 at 12:11 PM Todd C. Miller <Todd.Miller at sudo.ws> wrote:
> On Mon, 14 Mar 2022 11:49:43 -0500, Johnnie W Adams wrote:
>
> > Or presumably do other sudo things, but that's where I'm stuck. My
> > only clue is that the two users who can sudo -l have 2xxx UID/GIDs,
> whereas
> > all the others have 65xxx GIDs.
> >
> > I'm using version 1.8.29 on RHEL 8.5.
> >
> > The command line error:
> >
> > ~]$ sudo -l
> >
> > sudo: PAM account management error: Permission denied
> >
> > The /var/log/secure entry:
> >
> > Mar 14 11:45:10 degreeworksapp4 sudo[69765]: <user> : PAM account
> > management error: Permission denied ; TTY=pts/0 ;
>
> Since there seems to be a problem with PAM account management, you
> could try disabling that in sudoers. For example:
>
> Defaults !pam_acct_mgmt
>
> and see if that makes a difference. You may be able to find more
> information about the PAM failure in one of the other log files.
>
> - todd
>
--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams at ualr.edu | http://ualr.edu/itservices
*UA Little Rock*
Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.
More information about the sudo-users
mailing list