> On Tuesday, December 3, 2019, Ivan Apolonio <ivan(a)apolonio.com.br> wrote: > > > This line shuts logging, worth to comment it out during check. Plus, do you > have an #includedir setting in your /etc/sudoers file? > > The vdsm.log snippet seems later than the error in the engine.log, could > you provide one covering the failing attempt? Hello, Amit.
It looks that commenting out that last line (Defaults:vdsm !syslog) did the trick to help identify the problem. According to /var/log/secure log file, vdsm uid is being blocked to sudo due to pam requirements: Dec 4 10:53:36 Rosinha sudo: pam_unix(sudo:auth): authentication failure; logname=root uid=36 euid=0 tty=/dev/pts/0 ruser=vdsm rhost= user=vdsm Dec 4 10:53:36 Rosinha sudo: pam_succeed_if(sudo:auth): requirement "uid >= 1000" not met by user "vdsm" Dec 4 10:58:38 Rosinha sudo: pam_unix(sudo:auth): conversation failed Dec 4 10:58:38 Rosinha sudo: pam_unix(sudo:auth): auth could not identify password for [vdsm] Dec 4 10:58:38 Rosinha sudo: pam_succeed_if(sudo:auth): requirement "uid >= 1000" not met by user "vdsm" This "uid >= 1000" requirement is the CentOS 7 default. What is the best way to work around it? I'm asking that because if I just comment this rule on pam configuration files, it is going to allow other system users to sudo, which would lead to security issues. Thanks, Ivan _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/7NKVMVBQ5Z746JRV5U6UCVEW4SW2UFOS/
