journalctl shows the problem with the auid and session values being 0xFFFFFFFF (-1) when calling a sudo command:
Aug 02 01:18:20 hephaestion.lan.iam.tj audit[5094]: USER_AUTH pid=5094 uid=1000 auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct="tj" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success' and trying to tail syslog: tj ~ tail -f /var/log/syslog tail: cannot open '/var/log/syslog' for reading: Permission denied tail: no files remaining tj ~ ls -ld /var /var/log /var/log/syslog drwxr-xr-x 16 root root 4096 Apr 2 13:02 /var drwxrwxr-x 25 root syslog 4096 Aug 2 01:16 /var/log -rw-r----- 1 syslog adm 235432 Aug 2 01:31 /var/log/syslog tj ~ groups $USER tj : tj root adm disk lp dialout cdrom floppy sudo audio video plugdev users netdev lpadmin kvm libvirtd wireshark lxd libvirtd tj ~ groups tj -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1784964 Title: Regression due to CVE-2018-1116 (processes not inheriting user ID or groups ) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1784964/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
