sudo failing to retrieve rules from sssd

Support for security such as Firewalls and securing linux
Post Reply
brookssw
Posts: 1
Joined: 2018/12/21 15:49:49

sudo failing to retrieve rules from sssd

Post by brookssw » 2019/01/14 18:43:24

I'm attempting to implement sudo/AD integration in an environment consiting of a mix of centos 6 and 7 servers. I have 7 working perfectly, however debug logs show that on 6, the sudo rules are not being pulled successfully from the sssd cache. I've confirmed with ldbsearch that the rules are present in the sssd cache, and the debug log shows "returning 2 rules..." but then immediately disconnects instead of getting the rules. Log snippet below. I can provide a similar log from a centos 7 machine where this works, if that would help.

sssd_sudo.log snippet:

Code: Select all

(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/<DOMAIN>/<USER>]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_user] (0x0200): Requesting info about [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving rules for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoU
ser=%Administrators)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*))(&(dataExpireTimestamp<=1547488602)))]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About to get sudo rules from cache
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoUser=%Administra
tors)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*)))]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 2 rules for [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:45 2019) [sssd[sudo]] [client_recv] (0x0200): Client disconnected!
(Mon Jan 14 12:56:45 2019) [sssd[sudo]] [client_destructor] (0x2000): Terminated client [0x1ab2a80][20]
(Mon Jan 14 12:56:52 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:56:52 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [accept_fd_handler] (0x0400): Client connected!
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_cmd_get_version] (0x0200): Received client version [1].
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_cmd_get_version] (0x0200): Offered version [1].
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using protocol version [1]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_cmd_parse_query_done] (0x0200): Requesting default options for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/<DOMAIN>/<USER>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_user] (0x0200): Requesting info about [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving default options for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoU
ser=%Administrators)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*))(&(dataExpireTimestamp<=1547488616)))]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About to get sudo rules from cache
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules for [<default options>@<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using protocol version [1]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/<DOMAIN>/<USER>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_user] (0x0200): Requesting info about [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving rules for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoU
ser=%Administrators)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*))(&(dataExpireTimestamp<=1547488616)))]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About to get sudo rules from cache
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoUser=%Administra
tors)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*)))]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 2 rules for [<USER>@<DOMAIN>]
(Mon Jan 14 12:57:02 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:02 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:57:04 2019) [sssd[sudo]] [client_recv] (0x0200): Client disconnected!
(Mon Jan 14 12:57:04 2019) [sssd[sudo]] [client_destructor] (0x2000): Terminated client [0x1ab1050][20]
(Mon Jan 14 12:57:12 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:12 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:57:22 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:22 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:57:32 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:32 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:57:42 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:42 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:57:52 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:52 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

Edit: additional logs from another test, which involved logging in via ssh, attempting to perform "sudo chmod" then logging out again

Code: Select all

sssd_sudo.log


(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser
=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoUser=%Adminis
trators)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*)))]
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x15608e0

(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x15609a0

(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x15608e0 "ltdb_callback"

(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x15609a0 "ltdb_timeout"

(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x15608e0 "ltdb_callback"

(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 2 rules for [<USER>@<DOMAIN>]
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1560ca0][20]
(Mon Jan 14 16:14:00 2019) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1560ca0][20]
(Mon Jan 14 16:14:00 2019) [sssd[sudo]] [client_recv] (0x0200): Client disconnected!
(Mon Jan 14 16:14:00 2019) [sssd[sudo]] [client_destructor] (0x2000): Terminated client [0x1560ca0][20]
(Mon Jan 14 16:14:06 2019) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x154b670
(Mon Jan 14 16:14:06 2019) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.
(Mon Jan 14 16:14:06 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd
/service
(Mon Jan 14 16:14:06 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 16:14:16 2019) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x154b670
(Mon Jan 14 16:14:16 2019) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.
(Mon Jan 14 16:14:16 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 16:14:16 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit


/var/log/secure:

Jan 14 16:13:52 deploy-test2 sshd[12287]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost.localdomain user=<USER>@<SHORTDOMAIN>
Jan 14 16:13:52 deploy-test2 sshd[12287]: Accepted password for <USER>@<SHORTDOMAIN> from 127.0.0.1 port 42134 ssh2
Jan 14 16:13:52 deploy-test2 sshd[12287]: pam_unix(sshd:session): session opened for user <USER>@<SHORTDOMAIN> by (uid=0)
Jan 14 16:13:52 deploy-test2 sshd[12287]: pam_tty_audit(sshd:session): changed status from 0 to 0
Jan 14 16:14:00 deploy-test2 sudo: pam_unix(sudo:auth): authentication failure; logname=<USER>@<DOMAIN> uid=1289601113 euid=0 tty=/dev/pts/1 ruser=<USER>@<DOMAIN> rhost=  user=<USER>@<DOMAIN>
Jan 14 16:14:00 deploy-test2 sudo: pam_sss(sudo:auth): authentication success; logname=<USER>@<DOMAIN> uid=1289601113 euid=0 tty=/dev/pts/1 ruser=<USER>@<DOMAIN> rhost= user=<USER>@<DOMAIN>
Jan 14 16:14:00 deploy-test2 sudo: <USER>@<DOMAIN> : user NOT authorized on host ; TTY=pts/1 ; PWD=/mnt/nfs/home/<USER>@<DOMAIN> ; USER=root ; COMMAND=/bin/chmod
Jan 14 16:14:15 deploy-test2 sshd[12300]: Received disconnect from 127.0.0.1: 11: disconnected by user
Jan 14 16:14:15 deploy-test2 sshd[12287]: pam_unix(sshd:session): session closed for user <USER>@<SHORTDOMAIN>



sudo debug log:

Jan 14 16:13:58 sudo[12342] <- expand_prompt @ ./check.c:398 := [sudo] password for <USER>@<DOMAIN>:
Jan 14 16:13:58 sudo[12342] -> verify_user @ ./auth/sudo_auth.c:193
Jan 14 16:13:58 sudo[12342] -> sudo_pam_verify @ ./auth/pam.c:127
Jan 14 16:13:58 sudo[12342] -> converse @ ./auth/pam.c:301
Jan 14 16:13:58 sudo[12342] -> auth_getpass @ ./auth/sudo_auth.c:347
Jan 14 16:13:58 sudo[12342] -> tgetpass @ ./tgetpass.c:76
Jan 14 16:13:58 sudo[12342] -> tty_present @ ./tgetpass.c:329
Jan 14 16:13:58 sudo[12342] <- tty_present @ ./tgetpass.c:333 := true
Jan 14 16:13:58 sudo[12342] -> term_noecho @ ./term.c:88
Jan 14 16:13:58 sudo[12342] <- term_noecho @ ./term.c:99 := 1
Jan 14 16:13:58 sudo[12342] -> getln @ ./tgetpass.c:272
Jan 14 16:14:00 sudo[12342] <- getln @ ./tgetpass.c:315 := **************
Jan 14 16:14:00 sudo[12342] -> term_restore @ ./term.c:73
Jan 14 16:14:00 sudo[12342] <- term_restore @ ./term.c:82 := 1
Jan 14 16:14:00 sudo[12342] <- tgetpass @ ./tgetpass.c:202 := **************
Jan 14 16:14:00 sudo[12342] <- auth_getpass @ ./auth/sudo_auth.c:365 := **************
Jan 14 16:14:00 sudo[12342] <- converse @ ./auth/pam.c:383 := 0
Jan 14 16:14:00 sudo[12342] <- sudo_pam_verify @ ./auth/pam.c:138 := 0
Jan 14 16:14:00 sudo[12342] <- verify_user @ ./auth/sudo_auth.c:282 := 1
Jan 14 16:14:00 sudo[12342] -> sudo_auth_cleanup @ ./auth/sudo_auth.c:160
Jan 14 16:14:00 sudo[12342] -> sudo_pam_cleanup @ ./auth/pam.c:185
Jan 14 16:14:00 sudo[12342] <- sudo_pam_cleanup @ ./auth/pam.c:189 := 0
Jan 14 16:14:00 sudo[12342] <- sudo_auth_cleanup @ ./auth/sudo_auth.c:177 := 0
Jan 14 16:14:00 sudo[12342] -> sudo_pw_delref @ ./pwutil.c:249
Jan 14 16:14:00 sudo[12342] -> sudo_pw_delref_item @ ./pwutil.c:238
Jan 14 16:14:00 sudo[12342] <- sudo_pw_delref_item @ ./pwutil.c:243
Jan 14 16:14:00 sudo[12342] <- sudo_pw_delref @ ./pwutil.c:251
Jan 14 16:14:00 sudo[12342] <- check_user @ ./check.c:189 := true
Jan 14 16:14:00 sudo[12342] -> log_failure @ ./logging.c:323
Jan 14 16:14:00 sudo[12342] -> log_denial @ ./logging.c:256
Jan 14 16:14:00 sudo[12342] -> audit_failure @ ./audit.c:68
Jan 14 16:14:00 sudo[12342] -> linux_audit_command @ ./linux_audit.c:70
Jan 14 16:14:00 sudo[12342] -> linux_audit_open @ ./linux_audit.c:49
Jan 14 16:14:00 sudo[12342] <- linux_audit_open @ ./linux_audit.c:61 := 15
Jan 14 16:14:00 sudo[12342] <- linux_audit_command @ ./linux_audit.c:97 := 3
Jan 14 16:14:00 sudo[12342] <- audit_failure @ ./audit.c:81
Jan 14 16:14:00 sudo[12342] -> new_logline @ ./logging.c:756
Jan 14 16:14:00 sudo[12342] <- new_logline @ ./logging.c:877 := user NOT authorized on host ; TTY=pts/1 ; PWD=/mnt/nfs/home/<USER>@<DOMAIN> ; USER=root
 ; COMMAND=/bin/chmod
Jan 14 16:14:00 sudo[12342] -> set_perms @ ./set_perms.c:116
Jan 14 16:14:00 sudo[12342] set_perms: PERM_ROOT: uid: [1289601113, 0, 0] -> [0, 0, 0]
Jan 14 16:14:00 sudo[12342] set_perms: PERM_ROOT: gid: [1289600513, 1289600513, 1289600513] -> [1289600513, 0, 1289600513]
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_addref @ ./pwutil.c:796
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_addref @ ./pwutil.c:798
Jan 14 16:14:00 sudo[12342] <- set_perms @ ./set_perms.c:358 := true
Jan 14 16:14:00 sudo[12342] -> should_mail @ ./logging.c:722
Jan 14 16:14:00 sudo[12342] <- should_mail @ ./logging.c:727 := false
Jan 14 16:14:00 sudo[12342] -> do_syslog @ ./logging.c:138
Jan 14 16:14:00 sudo[12342] -> mysyslog @ ./logging.c:96
Jan 14 16:14:00 sudo[12342] <- mysyslog @ ./logging.c:119
Jan 14 16:14:00 sudo[12342] <- do_syslog @ ./logging.c:185
Jan 14 16:14:00 sudo[12342] -> restore_perms @ ./set_perms.c:371
Jan 14 16:14:00 sudo[12342] restore_perms: uid: [0, 0, 0] -> [1289601113, 0, 0]
Jan 14 16:14:00 sudo[12342] restore_perms: gid: [1289600513, 0, 1289600513] -> [1289600513, 1289600513, 1289600513]
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref @ ./pwutil.c:816
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref_item @ ./pwutil.c:805
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref_item @ ./pwutil.c:810
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref @ ./pwutil.c:818
Jan 14 16:14:00 sudo[12342] <- restore_perms @ ./set_perms.c:415
Jan 14 16:14:00 sudo[12342] <- log_denial @ ./logging.c:314
Jan 14 16:14:00 sudo[12342] <- log_failure @ ./logging.c:346
Jan 14 16:14:00 sudo[12342] -> rewind_perms @ ./set_perms.c:90
Jan 14 16:14:00 sudo[12342] -> restore_perms @ ./set_perms.c:371
Jan 14 16:14:00 sudo[12342] restore_perms: uid: [1289601113, 0, 0] -> [1289601113, 0, 0]
Jan 14 16:14:00 sudo[12342] restore_perms: gid: [1289600513, 1289600513, 1289600513] -> [1289600513, 1289600513, 1289600513]
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref @ ./pwutil.c:816
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref_item @ ./pwutil.c:805
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref_item @ ./pwutil.c:810
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref @ ./pwutil.c:818
Jan 14 16:14:00 sudo[12342] <- restore_perms @ ./set_perms.c:415
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref @ ./pwutil.c:816
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref_item @ ./pwutil.c:805
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref_item @ ./pwutil.c:810
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref @ ./pwutil.c:818
Jan 14 16:14:00 sudo[12342] <- rewind_perms @ ./set_perms.c:96
Jan 14 16:14:00 sudo[12342] -> sudo_endpwent @ ./pwutil.c:443
Jan 14 16:14:00 sudo[12342] -> sudo_freepwcache @ ./pwutil.c:426
Jan 14 16:14:00 sudo[12342] -> rbdestroy @ ./redblack.c:359
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_pw_delref_item @ ./pwutil.c:238
Jan 14 16:14:00 sudo[12342] <- sudo_pw_delref_item @ ./pwutil.c:243
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] <- rbdestroy @ ./redblack.c:362
Jan 14 16:14:00 sudo[12342] -> rbdestroy @ ./redblack.c:359
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_pw_delref_item @ ./pwutil.c:238
Jan 14 16:14:00 sudo[12342] <- sudo_pw_delref_item @ ./pwutil.c:243
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] <- rbdestroy @ ./redblack.c:362
Jan 14 16:14:00 sudo[12342] <- sudo_freepwcache @ ./pwutil.c:437
Jan 14 16:14:00 sudo[12342] <- sudo_endpwent @ ./pwutil.c:448
Jan 14 16:14:00 sudo[12342] -> sudo_endgrent @ ./pwutil.c:861
Jan 14 16:14:00 sudo[12342] -> sudo_freegrcache @ ./pwutil.c:840
Jan 14 16:14:00 sudo[12342] -> rbdestroy @ ./redblack.c:359
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] <- rbdestroy @ ./redblack.c:362
Jan 14 16:14:00 sudo[12342] -> rbdestroy @ ./redblack.c:359
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_gr_delref_item @ ./pwutil.c:657
Jan 14 16:14:00 sudo[12342] <- sudo_gr_delref_item @ ./pwutil.c:662
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_gr_delref_item @ ./pwutil.c:657
Jan 14 16:14:00 sudo[12342] <- sudo_gr_delref_item @ ./pwutil.c:662
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_gr_delref_item @ ./pwutil.c:657
Jan 14 16:14:00 sudo[12342] <- sudo_gr_delref_item @ ./pwutil.c:662
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] <- rbdestroy @ ./redblack.c:362
Jan 14 16:14:00 sudo[12342] -> rbdestroy @ ./redblack.c:359
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref_item @ ./pwutil.c:805
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref_item @ ./pwutil.c:810
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref_item @ ./pwutil.c:805
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref_item @ ./pwutil.c:810
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] <- rbdestroy @ ./redblack.c:362
Jan 14 16:14:00 sudo[12342] <- sudo_freegrcache @ ./pwutil.c:855
Jan 14 16:14:00 sudo[12342] <- sudo_endgrent @ ./pwutil.c:866
Jan 14 16:14:00 sudo[12342] <- sudoers_policy_main @ ./sudoers.c:773 := false
Jan 14 16:14:00 sudo[12342] <- sudoers_policy_check @ ./sudoers.c:786 := false
Jan 14 16:14:00 sudo[12342] <- policy_check @ ./sudo.c:1204 := false
Jan 14 16:14:00 sudo[12342] policy plugin returns 0

Post Reply