Sudo not working on fs-web02

kcoldron is not in the sudoers file. This incident will be reported.

[root@fs-web02 kcoldron]# ipa sudorule-find

ipa: ERROR: Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (39756044): Credential cache is empty

Jun 12 19:08:35 ipa.freeside.co.uk sudo[2124]: pam_sss(sudo:auth): authentication success; logname=kcoldron uid=1602800010 euid=0 tty=/dev/pts/0 ruser=kcoldron rhost= user=kcoldron
Jun 12 19:08:35 ipa.freeside.co.uk audit[2124]: USER_AUTH pid=2124 uid=1602800010 auid=1602800010 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_succeed_if,pam_succeed_if,pam_sss acct="kcoldron" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
Jun 12 19:08:36 ipa.freeside.co.uk audit[2124]: USER_ACCT pid=2124 uid=1602800010 auid=1602800010 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="kcoldron" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
Jun 12 19:08:36 ipa.freeside.co.uk sudo[2124]: kcoldron : user NOT in sudoers ; TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/rm /var/lib/sss/db/ccache_*
Jun 12 19:08:36 ipa.freeside.co.uk audit[2124]: USER_CMD pid=2124 uid=1602800010 auid=1602800010 ses=9 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/" cmd=726D202F7661722F6C69622F7373732F64622F6363616368655F2A terminal=pts/0 res=failed'

Fixed by adding sudoers: files sss to /etc/nsswitch.conf. Will now replicate on all the other servers.

1 Like