Web lists-archives.com

Re: jessie to stretch upgrade Killed sudo.




Am 06.05.19 um 14:29 schrieb Martin McCormick:
> After upgrading 2 older I86 systems to stretch, sudo works on one
> and fails on the other but I am writing about both.  The problem
> was probably on the failing system all along but su still allowed
> a su to root under jessie but won't allow it under stretch.
> 
> sudo: pam_open_session: Permission denied
> sudo: policy plugin failed session initialization

Ok, this where to start: Have a look at your pam config:
- Have there been any changes? Not just recently, but at any time.
- What are the modification dates in /etc/pam.d/?
- What pam modules are installed? -> dpkg -l | grep pam
If I'm not wrong, a systemd module 'libpam-systemd' was introduced with stretch. This has to be present!

> 
> 	The first thing I did was classic finger-pointing.  I
> de-installed sudo on the limping system and reinstalled it at
> which point the problem persisted.  A look at /var/log/auth.log
> tells me something but I am not sure what.
> 
> 	If you look in auth.log, it is peppered with
> 
> May  5 13:11:32 audio3 sudo: PAM no modules loaded for `sudo' service
> 
> 	This occurs both before and after the upgrade which
> succeeds before and fails after.
> 
> 	The other system which totally survived the upgrade never
> shows this message so it seems that the pam service is partly
> broken on one and OK on the other.  Right now, I can ssh in to
> the broken system and do anything but sudo commands.  What is the
> safest way to rescue the system while still remotely attached via
> ssh?
> 
> 	As I said, the problem may have been here for quite some
> time so the upgrade didn't cause it.  It just accentuates it
> since sudo now complains.
> 	Thanks for all constructive ideas.
> 
> 
> Martin McCormick WB5AGZ
>