HPE Community
Operating System - HP-UX
1753856 Members
7054 Online
108809 Solutions
New Discussion юеВ

Re: sudo log entries are entered with delay of 6 hours

 
SOLVED
Go to solution
Voda
Advisor

тАО07-26-2007 08:03 PM

тАО07-26-2007 08:03 PM

sudo log entries are entered with delay of 6 hours

Hi All,
Could someone help me.
I have restarted the OV and OVPA processes. The ov agent is running as a normal user and we have configured this user to use SUDO for certain comands it cannot run. Have a look on the sudolog file:
Jul 27 03:43:35 2007 : ov_agent : HOST=node1 : TTY=unknown ;
PWD=/var/opt/OV/tmp ; USER=root ; COMMAND=/sbin/dmesg -
Jul 27 09:43:36 2007 : otheruser : HOST=node1 : TTY=pts/3 ; PWD=/home/otheruser
; USER=root ; COMMAND=/bin/crontab -e
Jul 27 03:44:34 2007 : ov_agent : HOST=node1 : TTY=unknown ;
PWD=/var/opt/OV/tmp ; USER=root ; COMMAND=/sbin/dmesg -

Thanks in advance
0 Kudos
15 REPLIES 15
Andrew Young_2
Honored Contributor

тАО07-26-2007 08:57 PM

тАО07-26-2007 08:57 PM

Re: sudo log entries are entered with delay of 6 hours

Hi Voda

I think you may need to check that either root or the other user have their timezone set incorrectly, or not set at all.

Regards

Andrew Y
Si hoc legere scis, nimis eruditionis habes
0 Kudos
Yogeeraj_1
Honored Contributor

тАО07-26-2007 09:00 PM

тАО07-26-2007 09:00 PM

Re: sudo log entries are entered with delay of 6 hours

hi Voda,

this has certainly to do with the timezone settings or like.

Can you verify the user profile and do some basic tests?

e.g. connect as user and run the date command.


kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Voda
Advisor

тАО07-28-2007 01:32 AM

тАО07-28-2007 01:32 AM

Re: sudo log entries are entered with delay of 6 hours

Hi,
I logged on as root and like the user which the agent is running and issued the command date and it looks correct.
Any other idea is welcome.

thanks
0 Kudos
Bill Hassell
Honored Contributor

тАО07-28-2007 04:21 AM

тАО07-28-2007 04:21 AM

Re: sudo log entries are entered with delay of 6 hours

All timestamps like date and log entries are translated by the TZ variable. While the date may appear just fine for root, what is important is the environment of the user and perhaps the user's use of sudo -k option. If no TZ value is defined, then timestamps will be kept using EST5EDT as the timezone. See man date. Is your local timezone 6 hours different than US Eastern timezone?


Bill Hassell, sysadmin
0 Kudos
Voda
Advisor

тАО07-28-2007 05:04 AM

тАО07-28-2007 05:04 AM

Re: sudo log entries are entered with delay of 6 hours

I checked the TZ variable and was set for both Root and user_agent TZ=MET-1METDST which is UTC+2.

When i run dmesg manually with sudo as the user_agent it shows the correct timestamp(the second case is issued manually):
1)Jul 28 12:50:11 2007 : user_agent : HOST=node1 : TTY=unknown ;
PWD=/var/opt/OV/tmp ; USER=root ; COMMAND=/sbin/dmesg -
2)Jul 28 18:50:17 2007 : user_agent : HOST=node1 : TTY=pts/3 ; PWD=/home/ov_agent
; USER=root ; COMMAND=/sbin/dmesg
0 Kudos
OldSchool
Honored Contributor

тАО07-30-2007 06:17 AM

тАО07-30-2007 06:17 AM

Re: sudo log entries are entered with delay of 6 hours

a) is TZ being changed in root's profile?
b) as root, does "echo $TZ" match what's is in /etc/TIMEZONE?

if the two are different, then the "sudo'd" command doesn't run root's profile and is relying on /etc/TIMEZONE
0 Kudos
Voda
Advisor

тАО07-30-2007 08:21 AM

тАО07-30-2007 08:21 AM

Re: sudo log entries are entered with delay of 6 hours

Hi,
This are the printouts:
node1:/root# echo $TZ
MET-1METDST
node1:/root# more /etc/TIMEZONE
TZ=MET-1METDST
export TZ
Please other suggestion are welcome.

thanks
0 Kudos
Andrew Young_2
Honored Contributor

тАО07-30-2007 09:44 AM

тАО07-30-2007 09:44 AM

Re: sudo log entries are entered with delay of 6 hours

Hi.

I just need to get one thing straight with this. This ov_agent runs as this otheruser and uses SUDO to call other commands such as crontab -e to edit the crontab. Am I correct?

To indicate if this is a problem with sudo itself or with command it is running could you cut and paste the relevant section of the /var/adm/sulog (sudolog) file.

In addition could you provide a listing of the following command:

date ; ls -l /var/run/sudo/

Does the date of the /var/run/sudo/otheruser (timestamp) file update to the correct date and time or is it off when you run the following command as otheruser: sudo -v

If the /var/run/sudo/otheruser timestamp is still out, please run sudo -k as the otheruser. This should remove the users timestamp file. However the next time you run sudo it will prompt for a password. Check if this fixes the problem by again checking the date and time on the timestamp file.

Lastly you may find that running the command without a shell (in a daemon instead of within a TTY) may cause different behaviour. I suspect could be part of your problem.

It would be helpful to know what shell you are running as so please run pwget -n otheruser as root. If this is not a trusted system remove the passwd fields contents before you post the result.

Regards

Andrew Y
Si hoc legere scis, nimis eruditionis habes
0 Kudos
Voda
Advisor

тАО07-30-2007 09:04 PM

тАО07-30-2007 09:04 PM

Re: sudo log entries are entered with delay of 6 hours

"This ov_agent runs as this otheruser and uses SUDO to call other commands such as crontab -e to edit the crontab. Am I correct?" ....

The ov_agent is the user which use SUDO to call commands as root.

" /var/adm/sulog (sudolog) "....
This is the command i run as ov_agent user manually.
Jul 31 10:16:01 2007 : ov_agent : HOST=node1 : TTY=pts/1 ; PWD=/home/ov_agent
; USER=snadmin ; COMMAND=list

This is the command i run as me.
Jul 31 10:17:38 2007 : user-me : HOST=node1 : TTY=pts/1 ; PWD=/home/user-me ;
USER=root ; COMMAND=/sbin/dmesg
This is the command which is run automatically by the user ov_agent every 1 min. this commands are defined in the templates of the OVO Server.
Jul 31 04:18:12 2007 : ov_agent : HOST=node1 : TTY=unknown ;
PWD=/var/opt/OV/tmp ; USER=root ; COMMAND=/sbin/dmesg -

date ; ls -l /var/run/sudo/
Tue Jul 31 10:42:32 METDST 2007
total 0
drwx------ 2 root bin 96 Nov 8 2006 user1
drwx------ 2 root bin 96 Jan 8 2007 user2
drwx------ 2 root bin 96 Jan 25 2007 user-me
drwx------ 2 root bin 96 Jan 19 2007 user4
drwx------ 2 root bin 96 Nov 30 2006 user5
drwx------ 2 root bin 96 Feb 20 15:09 user6

The directory /var/run/sudo/ov_agent doesn't exist.I run sudo -v but it still was not there. Also the timestamp of the other users don't update when i run sudo -v or something else.

When type sudo -k and then sudo -v as user_me
before sudo -k
drwx------ 2 root bin 96 Jan 25 2007 user-me

after sudo -k
drwx------ 2 root bin 96 Jan 1 1970 user-me

ov_agent:......./.../opt/tcsh/bin/tcsh

I want to notice that this is implemented also in other systems but the timestamp of the sudo log is ok.
Also in the other system i have noticed the same behavior when i run:
date ; ls -l /var/run/sudo/ and sudo -k

Thanks for you reply
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.