Jakub, I apologize for my ignorance, can you give me the syntax for that? In the file I created I only added the statement "debug_level=9". Adding a "log_file=/var/log/sudo.log" statement does not produce a file. Googling for syntax returns a bunch of results for the sudoers file. Also of note, digging around and looking at the auth.log file I see entries such as this:
Aug 12 08:16:27 docker-dev-01 login[29210]: pam_sss(login:auth): authentication success; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=jgoddard Aug 12 08:16:29 docker-dev-01 login[29210]: pam_unix(login:session): session opened for user jgoddard by LOGIN(uid=0) Aug 12 08:16:29 docker-dev-01 systemd: pam_unix(systemd-user:session): session opened for user jgoddard by (uid=0) Aug 12 08:16:29 docker-dev-01 systemd-logind[3252]: New session 77 of user jgoddard. Aug 12 08:16:37 docker-dev-01 sudo: pam_unix(sudo:auth): authentication failure; logname=jgoddard uid=320000001 euid=0 tty=/dev/tty1 ruser=jgoddard rhost= user=jgoddard Aug 12 08:16:37 docker-dev-01 sudo: pam_sss(sudo:auth): authentication success; logname=jgoddard uid=320000001 euid=0 tty=/dev/tty1 ruser=jgoddard rhost= user=jgoddard Aug 12 08:16:38 docker-dev-01 sudo: jgoddard : command not allowed ; TTY=tty1 ; PWD=/home/jgoddard ; USER=root ; COMMAND=list On Fri, Aug 12, 2016 at 3:52 AM, Jakub Hrozek <[email protected]> wrote: > On Thu, Aug 11, 2016 at 05:02:49PM -0400, Jeff Goddard wrote: > > Manually creating the file and then restarting the service and performing > > So according to this: > > > (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400): > > Returning info for user [[email protected]] > > (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400): > > Retrieving rules for [jgoddard] from [internal.emerlyn.com] > > (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event > > "ltdb_callback": 0x6dbce0 > > at least one rule was passed on to sudo to process. Can you look into > the sudo log (not sssd_sudo, but really the log from the sudo > executable, the one you asked sudo to create in /etc/sudo.conf) and see > why sudo didn't allow you to execute anything? > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > Thanks, Jeff
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
