sssd_sudo.log snippet:
Code: Select all
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/<DOMAIN>/<USER>]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_user] (0x0200): Requesting info about [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving rules for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoU
ser=%Administrators)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*))(&(dataExpireTimestamp<=1547488602)))]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About to get sudo rules from cache
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoUser=%Administra
tors)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*)))]
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
(Mon Jan 14 12:56:42 2019) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 2 rules for [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:45 2019) [sssd[sudo]] [client_recv] (0x0200): Client disconnected!
(Mon Jan 14 12:56:45 2019) [sssd[sudo]] [client_destructor] (0x2000): Terminated client [0x1ab2a80][20]
(Mon Jan 14 12:56:52 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:56:52 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [accept_fd_handler] (0x0400): Client connected!
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_cmd_get_version] (0x0200): Received client version [1].
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_cmd_get_version] (0x0200): Offered version [1].
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using protocol version [1]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_cmd_parse_query_done] (0x0200): Requesting default options for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/<DOMAIN>/<USER>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_user] (0x0200): Requesting info about [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving default options for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoU
ser=%Administrators)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*))(&(dataExpireTimestamp<=1547488616)))]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About to get sudo rules from cache
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules for [<default options>@<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using protocol version [1]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name '<USER>@<DOMAIN>' matched expression for domain '<DOMAIN>', user is <USER>
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/<DOMAIN>/<USER>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_user] (0x0200): Requesting info about [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [<USER>@<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving rules for [<USER>] from [<DOMAIN>]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoU
ser=%Administrators)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*))(&(dataExpireTimestamp<=1547488616)))]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About to get sudo rules from cache
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoUser=%Administra
tors)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*)))]
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
(Mon Jan 14 12:56:56 2019) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 2 rules for [<USER>@<DOMAIN>]
(Mon Jan 14 12:57:02 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:02 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:57:04 2019) [sssd[sudo]] [client_recv] (0x0200): Client disconnected!
(Mon Jan 14 12:57:04 2019) [sssd[sudo]] [client_destructor] (0x2000): Terminated client [0x1ab1050][20]
(Mon Jan 14 12:57:12 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:12 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:57:22 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:22 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:57:32 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:32 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:57:42 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:42 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 12:57:52 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 12:57:52 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
Edit: additional logs from another test, which involved logging in via ssh, attempting to perform "sudo chmod" then logging out again
Code: Select all
sssd_sudo.log
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser
=<USER>)(sudoUser=<USER>)(sudoUser=#1289601113)(sudoUser=%sg-serveradmin-all)(sudoUser=%Domain\20Admins)(sudoUser=%Schema\20Admins)(sudoUser=%Adminis
trators)(sudoUser=%Denied\20RODC\20Password\20Replication\20Group)(sudoUser=%Domain\20Users)(sudoUser=+*)))]
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x15608e0
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x15609a0
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x15608e0 "ltdb_callback"
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x15609a0 "ltdb_timeout"
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x15608e0 "ltdb_callback"
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 2 rules for [<USER>@<DOMAIN>]
(Mon Jan 14 16:13:58 2019) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1560ca0][20]
(Mon Jan 14 16:14:00 2019) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1560ca0][20]
(Mon Jan 14 16:14:00 2019) [sssd[sudo]] [client_recv] (0x0200): Client disconnected!
(Mon Jan 14 16:14:00 2019) [sssd[sudo]] [client_destructor] (0x2000): Terminated client [0x1560ca0][20]
(Mon Jan 14 16:14:06 2019) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x154b670
(Mon Jan 14 16:14:06 2019) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.
(Mon Jan 14 16:14:06 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd
/service
(Mon Jan 14 16:14:06 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan 14 16:14:16 2019) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x154b670
(Mon Jan 14 16:14:16 2019) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.
(Mon Jan 14 16:14:16 2019) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Mon Jan 14 16:14:16 2019) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
/var/log/secure:
Jan 14 16:13:52 deploy-test2 sshd[12287]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost.localdomain user=<USER>@<SHORTDOMAIN>
Jan 14 16:13:52 deploy-test2 sshd[12287]: Accepted password for <USER>@<SHORTDOMAIN> from 127.0.0.1 port 42134 ssh2
Jan 14 16:13:52 deploy-test2 sshd[12287]: pam_unix(sshd:session): session opened for user <USER>@<SHORTDOMAIN> by (uid=0)
Jan 14 16:13:52 deploy-test2 sshd[12287]: pam_tty_audit(sshd:session): changed status from 0 to 0
Jan 14 16:14:00 deploy-test2 sudo: pam_unix(sudo:auth): authentication failure; logname=<USER>@<DOMAIN> uid=1289601113 euid=0 tty=/dev/pts/1 ruser=<USER>@<DOMAIN> rhost= user=<USER>@<DOMAIN>
Jan 14 16:14:00 deploy-test2 sudo: pam_sss(sudo:auth): authentication success; logname=<USER>@<DOMAIN> uid=1289601113 euid=0 tty=/dev/pts/1 ruser=<USER>@<DOMAIN> rhost= user=<USER>@<DOMAIN>
Jan 14 16:14:00 deploy-test2 sudo: <USER>@<DOMAIN> : user NOT authorized on host ; TTY=pts/1 ; PWD=/mnt/nfs/home/<USER>@<DOMAIN> ; USER=root ; COMMAND=/bin/chmod
Jan 14 16:14:15 deploy-test2 sshd[12300]: Received disconnect from 127.0.0.1: 11: disconnected by user
Jan 14 16:14:15 deploy-test2 sshd[12287]: pam_unix(sshd:session): session closed for user <USER>@<SHORTDOMAIN>
sudo debug log:
Jan 14 16:13:58 sudo[12342] <- expand_prompt @ ./check.c:398 := [sudo] password for <USER>@<DOMAIN>:
Jan 14 16:13:58 sudo[12342] -> verify_user @ ./auth/sudo_auth.c:193
Jan 14 16:13:58 sudo[12342] -> sudo_pam_verify @ ./auth/pam.c:127
Jan 14 16:13:58 sudo[12342] -> converse @ ./auth/pam.c:301
Jan 14 16:13:58 sudo[12342] -> auth_getpass @ ./auth/sudo_auth.c:347
Jan 14 16:13:58 sudo[12342] -> tgetpass @ ./tgetpass.c:76
Jan 14 16:13:58 sudo[12342] -> tty_present @ ./tgetpass.c:329
Jan 14 16:13:58 sudo[12342] <- tty_present @ ./tgetpass.c:333 := true
Jan 14 16:13:58 sudo[12342] -> term_noecho @ ./term.c:88
Jan 14 16:13:58 sudo[12342] <- term_noecho @ ./term.c:99 := 1
Jan 14 16:13:58 sudo[12342] -> getln @ ./tgetpass.c:272
Jan 14 16:14:00 sudo[12342] <- getln @ ./tgetpass.c:315 := **************
Jan 14 16:14:00 sudo[12342] -> term_restore @ ./term.c:73
Jan 14 16:14:00 sudo[12342] <- term_restore @ ./term.c:82 := 1
Jan 14 16:14:00 sudo[12342] <- tgetpass @ ./tgetpass.c:202 := **************
Jan 14 16:14:00 sudo[12342] <- auth_getpass @ ./auth/sudo_auth.c:365 := **************
Jan 14 16:14:00 sudo[12342] <- converse @ ./auth/pam.c:383 := 0
Jan 14 16:14:00 sudo[12342] <- sudo_pam_verify @ ./auth/pam.c:138 := 0
Jan 14 16:14:00 sudo[12342] <- verify_user @ ./auth/sudo_auth.c:282 := 1
Jan 14 16:14:00 sudo[12342] -> sudo_auth_cleanup @ ./auth/sudo_auth.c:160
Jan 14 16:14:00 sudo[12342] -> sudo_pam_cleanup @ ./auth/pam.c:185
Jan 14 16:14:00 sudo[12342] <- sudo_pam_cleanup @ ./auth/pam.c:189 := 0
Jan 14 16:14:00 sudo[12342] <- sudo_auth_cleanup @ ./auth/sudo_auth.c:177 := 0
Jan 14 16:14:00 sudo[12342] -> sudo_pw_delref @ ./pwutil.c:249
Jan 14 16:14:00 sudo[12342] -> sudo_pw_delref_item @ ./pwutil.c:238
Jan 14 16:14:00 sudo[12342] <- sudo_pw_delref_item @ ./pwutil.c:243
Jan 14 16:14:00 sudo[12342] <- sudo_pw_delref @ ./pwutil.c:251
Jan 14 16:14:00 sudo[12342] <- check_user @ ./check.c:189 := true
Jan 14 16:14:00 sudo[12342] -> log_failure @ ./logging.c:323
Jan 14 16:14:00 sudo[12342] -> log_denial @ ./logging.c:256
Jan 14 16:14:00 sudo[12342] -> audit_failure @ ./audit.c:68
Jan 14 16:14:00 sudo[12342] -> linux_audit_command @ ./linux_audit.c:70
Jan 14 16:14:00 sudo[12342] -> linux_audit_open @ ./linux_audit.c:49
Jan 14 16:14:00 sudo[12342] <- linux_audit_open @ ./linux_audit.c:61 := 15
Jan 14 16:14:00 sudo[12342] <- linux_audit_command @ ./linux_audit.c:97 := 3
Jan 14 16:14:00 sudo[12342] <- audit_failure @ ./audit.c:81
Jan 14 16:14:00 sudo[12342] -> new_logline @ ./logging.c:756
Jan 14 16:14:00 sudo[12342] <- new_logline @ ./logging.c:877 := user NOT authorized on host ; TTY=pts/1 ; PWD=/mnt/nfs/home/<USER>@<DOMAIN> ; USER=root
; COMMAND=/bin/chmod
Jan 14 16:14:00 sudo[12342] -> set_perms @ ./set_perms.c:116
Jan 14 16:14:00 sudo[12342] set_perms: PERM_ROOT: uid: [1289601113, 0, 0] -> [0, 0, 0]
Jan 14 16:14:00 sudo[12342] set_perms: PERM_ROOT: gid: [1289600513, 1289600513, 1289600513] -> [1289600513, 0, 1289600513]
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_addref @ ./pwutil.c:796
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_addref @ ./pwutil.c:798
Jan 14 16:14:00 sudo[12342] <- set_perms @ ./set_perms.c:358 := true
Jan 14 16:14:00 sudo[12342] -> should_mail @ ./logging.c:722
Jan 14 16:14:00 sudo[12342] <- should_mail @ ./logging.c:727 := false
Jan 14 16:14:00 sudo[12342] -> do_syslog @ ./logging.c:138
Jan 14 16:14:00 sudo[12342] -> mysyslog @ ./logging.c:96
Jan 14 16:14:00 sudo[12342] <- mysyslog @ ./logging.c:119
Jan 14 16:14:00 sudo[12342] <- do_syslog @ ./logging.c:185
Jan 14 16:14:00 sudo[12342] -> restore_perms @ ./set_perms.c:371
Jan 14 16:14:00 sudo[12342] restore_perms: uid: [0, 0, 0] -> [1289601113, 0, 0]
Jan 14 16:14:00 sudo[12342] restore_perms: gid: [1289600513, 0, 1289600513] -> [1289600513, 1289600513, 1289600513]
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref @ ./pwutil.c:816
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref_item @ ./pwutil.c:805
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref_item @ ./pwutil.c:810
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref @ ./pwutil.c:818
Jan 14 16:14:00 sudo[12342] <- restore_perms @ ./set_perms.c:415
Jan 14 16:14:00 sudo[12342] <- log_denial @ ./logging.c:314
Jan 14 16:14:00 sudo[12342] <- log_failure @ ./logging.c:346
Jan 14 16:14:00 sudo[12342] -> rewind_perms @ ./set_perms.c:90
Jan 14 16:14:00 sudo[12342] -> restore_perms @ ./set_perms.c:371
Jan 14 16:14:00 sudo[12342] restore_perms: uid: [1289601113, 0, 0] -> [1289601113, 0, 0]
Jan 14 16:14:00 sudo[12342] restore_perms: gid: [1289600513, 1289600513, 1289600513] -> [1289600513, 1289600513, 1289600513]
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref @ ./pwutil.c:816
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref_item @ ./pwutil.c:805
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref_item @ ./pwutil.c:810
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref @ ./pwutil.c:818
Jan 14 16:14:00 sudo[12342] <- restore_perms @ ./set_perms.c:415
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref @ ./pwutil.c:816
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref_item @ ./pwutil.c:805
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref_item @ ./pwutil.c:810
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref @ ./pwutil.c:818
Jan 14 16:14:00 sudo[12342] <- rewind_perms @ ./set_perms.c:96
Jan 14 16:14:00 sudo[12342] -> sudo_endpwent @ ./pwutil.c:443
Jan 14 16:14:00 sudo[12342] -> sudo_freepwcache @ ./pwutil.c:426
Jan 14 16:14:00 sudo[12342] -> rbdestroy @ ./redblack.c:359
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_pw_delref_item @ ./pwutil.c:238
Jan 14 16:14:00 sudo[12342] <- sudo_pw_delref_item @ ./pwutil.c:243
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] <- rbdestroy @ ./redblack.c:362
Jan 14 16:14:00 sudo[12342] -> rbdestroy @ ./redblack.c:359
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_pw_delref_item @ ./pwutil.c:238
Jan 14 16:14:00 sudo[12342] <- sudo_pw_delref_item @ ./pwutil.c:243
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] <- rbdestroy @ ./redblack.c:362
Jan 14 16:14:00 sudo[12342] <- sudo_freepwcache @ ./pwutil.c:437
Jan 14 16:14:00 sudo[12342] <- sudo_endpwent @ ./pwutil.c:448
Jan 14 16:14:00 sudo[12342] -> sudo_endgrent @ ./pwutil.c:861
Jan 14 16:14:00 sudo[12342] -> sudo_freegrcache @ ./pwutil.c:840
Jan 14 16:14:00 sudo[12342] -> rbdestroy @ ./redblack.c:359
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] <- rbdestroy @ ./redblack.c:362
Jan 14 16:14:00 sudo[12342] -> rbdestroy @ ./redblack.c:359
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_gr_delref_item @ ./pwutil.c:657
Jan 14 16:14:00 sudo[12342] <- sudo_gr_delref_item @ ./pwutil.c:662
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_gr_delref_item @ ./pwutil.c:657
Jan 14 16:14:00 sudo[12342] <- sudo_gr_delref_item @ ./pwutil.c:662
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_gr_delref_item @ ./pwutil.c:657
Jan 14 16:14:00 sudo[12342] <- sudo_gr_delref_item @ ./pwutil.c:662
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] <- rbdestroy @ ./redblack.c:362
Jan 14 16:14:00 sudo[12342] -> rbdestroy @ ./redblack.c:359
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> _rbdestroy @ ./redblack.c:341
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref_item @ ./pwutil.c:805
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref_item @ ./pwutil.c:810
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] -> sudo_grlist_delref_item @ ./pwutil.c:805
Jan 14 16:14:00 sudo[12342] <- sudo_grlist_delref_item @ ./pwutil.c:810
Jan 14 16:14:00 sudo[12342] <- _rbdestroy @ ./redblack.c:349
Jan 14 16:14:00 sudo[12342] <- rbdestroy @ ./redblack.c:362
Jan 14 16:14:00 sudo[12342] <- sudo_freegrcache @ ./pwutil.c:855
Jan 14 16:14:00 sudo[12342] <- sudo_endgrent @ ./pwutil.c:866
Jan 14 16:14:00 sudo[12342] <- sudoers_policy_main @ ./sudoers.c:773 := false
Jan 14 16:14:00 sudo[12342] <- sudoers_policy_check @ ./sudoers.c:786 := false
Jan 14 16:14:00 sudo[12342] <- policy_check @ ./sudo.c:1204 := false
Jan 14 16:14:00 sudo[12342] policy plugin returns 0