On Mon, 06 May 2019 07:29:07 -0500 "Martin McCormick" <[email protected]> wrote:
> After upgrading 2 older I86 systems to stretch, sudo works on one > and fails on the other but I am writing about both. The problem > was probably on the failing system all along but su still allowed > a su to root under jessie but won't allow it under stretch. > > sudo: pam_open_session: Permission denied > sudo: policy plugin failed session initialization > > The first thing I did was classic finger-pointing. I > de-installed sudo on the limping system and reinstalled it at > which point the problem persisted. A look at /var/log/auth.log > tells me something but I am not sure what. > > If you look in auth.log, it is peppered with > > May 5 13:11:32 audio3 sudo: PAM no modules loaded for `sudo' service > > This occurs both before and after the upgrade which > succeeds before and fails after. > > The other system which totally survived the upgrade never > shows this message so it seems that the pam service is partly > broken on one and OK on the other. Right now, I can ssh in to > the broken system and do anything but sudo commands. What is the > safest way to rescue the system while still remotely attached via > ssh? > > As I said, the problem may have been here for quite some > time so the upgrade didn't cause it. It just accentuates it > since sudo now complains. > Thanks for all constructive ideas. > > > Martin McCormick WB5AGZ > I don't use sudo myself (I consider ita security risk). So, have little experience with it, but the first thing I'd check is "Are you a 'permitted' user?" You have to be to use it. Whether this permission is part of policy or there is a config file somewhere or both, I don't know. Start with "man sudo." B
