- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Serious issue with sudo (A.16.00-1.7.4p4.001)
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2011 04:39 PM - edited 07-18-2011 04:39 PM
07-18-2011 04:39 PM - edited 07-18-2011 04:39 PM
Serious issue with sudo (A.16.00-1.7.4p4.001)
The permissions on the directory /var/adm are changed from 755 to 700 each time a command is issued using sudo.
I have used sudo for many years and installed the latest version a few months ago and, even though this problem was introduced with this version, it has not caused any problems until recently. However, a few weeks ago we needed to reinstall Oracle RAC on two servers in a Serviceguard cluster and this problem caused the installation to fail (ie, there were no cluster members listed in the OUI) even though cluvfy always succeeded (it only issued a few ignorable warnings). The DBA and I spent two frustrating weeks trying to get oracle installed and for most of that time we believed the problem was oracle related.
It was not easy to identify the cause of the problem because lsnodes (the command used by the OUI to determine the cluster members) worked for root but not for oracle. Fortunately tusc provided the information I needed - lsnodes (when run by oracle) could not access /var/adm/cmcluster/.cmgmsd_local_socket.
I reset the permissions on /var/adm but a short time later discovered they had been changed to 700 again. I knew it wasn't being changed by a cron job and it took me quite a while to work out why the permissions kept changing - I never would have suspected sudo!
Having discovered it was the culprit I looked on the sudo website (http://www.gratisoft.us/sudo/) for the changes that were introduced in 1.7.4:
Major changes between version 1.7.3 and 1.7.4
Time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this.
Based on the information above I created the directories /var/db and /var/lib to see if I could get sudo to create it's time stamp file in one of these directories and, therefore, leave /var/adm alone, but this didn't work (seems the HP-UX version isn't implemented this way).
I have reported this problem to the IEX Team and received the following reply:
We are looking into this issue and will get back to you shortly.
Meanwhile, we just want to make sure that, as mentioned in the link
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1131
you are aware that,
----------------------------------------------------------------------------------------------------------------
HP-UX Internet Express Support
HP does not provide support for components listed in Table 1 that are delivered through HP-UX Internet Express either through Web download or through the HP-UX 11i media kits. However, you can notify the HP Internet Express team if you find defects. HP will report defects to the related open source communities and incorporate the appropriate fixes in each new release.
I have confirmed that this problem does not affect the previous version of sudo (A.15.00-1.7.2p6.001).
- Tags:
- sudo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2011 05:50 AM
07-19-2011 05:50 AM
Re: Serious issue with sudo (A.16.00-1.7.4p4.001)
Shalom,
sudo is touchy. There are issues with it from time to time.
If this is a serious enough issue, you may wish to roll sudo back to a previous version.
We standardized on this:
sudo 1.6.8p12 Sudo (superuser do) IA version 1.6.8p12
Because of the nature of the environment, we evaluated subsequent releases but found flaws and never upgraded. There has not been a serious enough issue with sudo to force an upgrade due to audit purposes.
Your current version is broken, IMO and I recommend a roll back.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2011 04:01 PM
07-19-2011 04:01 PM
Re: Serious issue with sudo (A.16.00-1.7.4p4.001)
I recommend a roll back.
When I discovered the problem I rolled to sudo A.15.00-1.7.2p6.001.
I posted this information to alert others to the problem.