Yes, I know 777 is a really bad idea.
I just gave it a shot running out of ideas.
I did tar up the original dir and put it back.
Lol, yes f makes more sense.
[ccheltenham-ext@devsso03 ~]$ rpm -Vf /etc/pam.d/sudo
S.5....T. c /etc/pam.d/sudo
.......T. c /etc/pam.d/sudo-i
..?...... c /etc/sudo-ldap.conf
..?...... c /etc/sudo.conf
S.?....T. c /etc/sudoers
..?...... /usr/bin/sudo
..?...... /usr/bin/sudoreplay
missing /var/db/sudo/lectured (Permission denied)
[ccheltenham-ext@devsso03 ~]$ rpm -Vf /etc/pam.d/sudo-i
S.5....T. c /etc/pam.d/sudo
.......T. c /etc/pam.d/sudo-i
..?...... c /etc/sudo-ldap.conf
..?...... c /etc/sudo.conf
S.?....T. c /etc/sudoers
..?...... /usr/bin/sudo
..?...... /usr/bin/sudoreplay
missing /var/db/sudo/lectured (Permission denied)
PAM account management error: Permission denied
-
- Posts: 12
- Joined: 2018/12/05 15:21:23
Re: PAM account management error: Permission denied
So that's interesting output. You might try mkdir -m 700 /var/db/sudo since that directory appears to be missing entirely. I'd also like to know why you get ? in your verify output. Running man rpm says
That seems odd too. And since one of those files marked that way is the sudo executable itself... at which point I start to get worried about the integrity of your system.A single "." (period) means the test passed, while a single "?" (question mark) indicates the test could not be performed (e.g. file permissions prevent reading).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 12
- Joined: 2018/12/05 15:21:23
Re: PAM account management error: Permission denied
Trevor.
That's file is there already
[root@devsso03 db]# ll
total 8
-rw-r--r-- 1 root root 5345 Apr 10 2018 Makefile
drwx------. 3 root root 21 Jun 27 14:03 sudo
[root@devsso04 db]#
Yes this is all very odd.
and this system was fine before I upgraded the 7.6
That's file is there already
[root@devsso03 db]# ll
total 8
-rw-r--r-- 1 root root 5345 Apr 10 2018 Makefile
drwx------. 3 root root 21 Jun 27 14:03 sudo
[root@devsso04 db]#
Yes this is all very odd.
and this system was fine before I upgraded the 7.6
-
- Posts: 12
- Joined: 2018/12/05 15:21:23
Re: PAM account management error: Permission denied
Trevor.
When i run rpm -Vf as ROOT i do not get and "?"
Sorry about that.
Unfortunately I cannot cp/paste the output form the console.
When i run rpm -Vf as ROOT i do not get and "?"
Sorry about that.
Unfortunately I cannot cp/paste the output form the console.
-
- Posts: 12
- Joined: 2018/12/05 15:21:23
Re: PAM account management error: Permission denied
Trevor,
Just wondering if you had any more thoughts on why I am getting that permission denied.
Also, why doesn't this forum allow me to attach an M$ doc or a pdf?
Just wondering if you had any more thoughts on why I am getting that permission denied.
Also, why doesn't this forum allow me to attach an M$ doc or a pdf?
Re: PAM account management error: Permission denied
My only other thought would be to disable the selinux dontaudit rules by running semodule -DB then recreate the problem in permissive mode and see if you get any new entries in aureport -a. To reverse that you need to run semodule -B.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 12
- Joined: 2018/12/05 15:21:23
Re: PAM account management error: Permission denied
Thanks Trevor.
Seems like long shot but not a bad exercise to run through.
Seems like long shot but not a bad exercise to run through.