Web lists-archives.com

Re: jessie to stretch upgrade Killed sudo.




On Mon, 06 May 2019 07:29:07 -0500
"Martin McCormick" <martin.m@xxxxxxxxxxxxxx> wrote:

> After upgrading 2 older I86 systems to stretch, sudo works on one
> and fails on the other but I am writing about both.  The problem
> was probably on the failing system all along but su still allowed
> a su to root under jessie but won't allow it under stretch.
> 
> sudo: pam_open_session: Permission denied
> sudo: policy plugin failed session initialization
> 
> 	The first thing I did was classic finger-pointing.  I
> de-installed sudo on the limping system and reinstalled it at
> which point the problem persisted.  A look at /var/log/auth.log
> tells me something but I am not sure what.
> 
> 	If you look in auth.log, it is peppered with
> 
> May  5 13:11:32 audio3 sudo: PAM no modules loaded for `sudo' service
> 
> 	This occurs both before and after the upgrade which
> succeeds before and fails after.
> 
> 	The other system which totally survived the upgrade never
> shows this message so it seems that the pam service is partly
> broken on one and OK on the other.  Right now, I can ssh in to
> the broken system and do anything but sudo commands.  What is the
> safest way to rescue the system while still remotely attached via
> ssh?
> 
> 	As I said, the problem may have been here for quite some
> time so the upgrade didn't cause it.  It just accentuates it
> since sudo now complains.
> 	Thanks for all constructive ideas.
> 
> 
> Martin McCormick WB5AGZ
> 

I don't use sudo myself (I consider ita security risk).  So, have
little experience with it, but the first thing I'd check is "Are you a
'permitted' user?"  You have to be to use it. Whether this permission
is part of policy or there is a config file somewhere or both, I don't
know. Start with "man sudo."

B