我有一个运行 Debian 9 (Stretch) 的虚拟机。
我可以很好地登录我自己的用户帐户。
但是,每次我尝试使用 切换用户时sudo su,在输入密码(即时)后,需要几分钟才能成功。其他用户是 root 还是其他用户帐户并不重要。
使用其他命令sudo,例如sudo echo,工作得很好(我已经尝试了一般调试缓慢 sudo 命令的步骤,包括与解析主机名相关的问题,一切都应该没问题。)
我检查了涉及的其他进程sudo,但没有发现任何结果。
我尝试运行sudo strace sudo su,并得到以下输出(仅显示最后几行;这个过程再次花了几分钟才成功):
fcntl(8, F_SETLKW, {l_type=F_RDLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0
read(8, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(8, "\6\0\0\0\213\2\0\0ttyS0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(8, "\6\0\0\0\214\2\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(8, "\1\0\0\0005\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(8, "\7\0\0\0e\32\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(8, "\7\0\0\0TL\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl(8, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0
alarm(0) = 10
rt_sigaction(SIGALRM, {sa_handler=0x55dacfaa8200, sa_mask=~[KILL STOP RTMIN RT_1], sa_flags=SA_RESTORER|SA_INTERRUPT|SA_SIGINFO, sa_restorer=0x7f8ab6d33060}, NULL, 8) = 0
close(8) = 0
getuid() = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 8
connect(8, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = 0
sendto(8, "<86>Mar 4 00:20:35 sudo: pam_un"..., 95, MSG_NOSIGNAL, NULL, 0) = 95
socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 9
fcntl(9, F_SETFD, FD_CLOEXEC) = 0
sendto(9, {{len=120, type=0x451 /* NLMSG_??? */, flags=NLM_F_REQUEST|NLM_F_ACK, seq=3, pid=0}, "op=PAM:session_open acct=\"root\" "...}, 120, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 120
poll([{fd=9, events=POLLIN}], 1, 500) = 1 ([{fd=9, revents=POLLIN}])
recvfrom(9, {{len=36, type=NLMSG_ERROR, flags=0, seq=3, pid=2859367897}, "\0\0\0\0x\0\0\0Q\4\5\0\3\0\0\0\0\0\0\0"}, 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, [12]) = 36
recvfrom(9, {{len=36, type=NLMSG_ERROR, flags=0, seq=3, pid=2859367897}, "\0\0\0\0x\0\0\0Q\4\5\0\3\0\0\0\0\0\0\0"}, 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, [12]) = 36
close(9) = 0
getpgrp() = 23062
rt_sigaction(SIGCHLD, {sa_handler=0x55dacfaa8200, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_INTERRUPT|SA_SIGINFO, sa_restorer=0x7f8ab6d33060}, NULL, 8) = 0
rt_sigaction(SIGCONT, {sa_handler=0x55dacfaa8200, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_INTERRUPT|SA_SIGINFO, sa_restorer=0x7f8ab6d33060}, NULL, 8) = 0
rt_sigaction(SIGTSTP, {sa_handler=0x55dacfaa8140, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_INTERRUPT|SA_SIGINFO, sa_restorer=0x7f8ab6d33060}, NULL, 8) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f8ab7d1ff50) = 23072
close(7) = 0
poll([{fd=3, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1) = 1 ([{fd=6, revents=POLLIN|POLLHUP}])
recvfrom(6, "", 8, MSG_WAITALL, NULL, NULL) = 0
poll([{fd=3, events=POLLIN}], 1, -1) = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
restart_syscall(<... resuming interrupted poll ...>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
restart_syscall(<... resuming interrupted restart_syscall ...>
很难准确地说进程在哪一行停止,因为它似乎没有刷新缓冲区(它将在不完整的行上暂停),但从 开始的日志末尾的行poll似乎restart_syscall是进程被延迟。
我不知道如何解释这个strace输出,所以任何指针或提示都值得赞赏。
我的问题:根据此strace输出,为什么切换用户使用sudo需要这么长时间?
编辑:感谢评论中 @Ferenc Wágner 的提示,我添加-f并strace发现正在sudo su分叉许多似乎一遍又一遍循环的进程。我仍然不确定到底是什么问题。 (我在以下日志中对域名进行了匿名处理。我认为这些 IP 地址是标准的 Google Cloud IP。)
以下是 的输出示例sudo strace -f -t sudo su。输出非常大且快,但似乎在不同的分叉中一遍又一遍地重复相同的过程。
pid 17113] 17:29:51 poll(NULL, 0, 4strace: Process 20730 attached
<unfinished ...>
[pid 20730] 17:29:51 set_robust_list(0x7fa609e0a9e0, 24) = 0
[pid 20730] 17:29:51 getpid() = 17113
[pid 20730] 17:29:51 open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 3
[pid 20730] 17:29:51 fstat(3, {st_mode=S_IFREG|0644, st_size=154, ...}) = 0
[pid 20730] 17:29:51 read(3, "domain us-central1-a.c.my-domai"..., 4096) = 154
[pid 20730] 17:29:51 read(3, "", 4096) = 0
[pid 20730] 17:29:51 close(3) = 0
[pid 20730] 17:29:51 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
[pid 20730] 17:29:51 fstat(3, {st_mode=S_IFREG|0644, st_size=453, ...}) = 0
[pid 20730] 17:29:51 read(3, "127.0.0.1\tlocalhost my-domain i"..., 4096) = 453
[pid 20730] 17:29:51 read(3, "", 4096) = 0
[pid 20730] 17:29:51 close(3) = 0
[pid 20730] 17:29:51 madvise(0x7fa60960a000, 8368128, MADV_DONTNEED) = 0
[pid 20730] 17:29:51 exit(0) = ?
[pid 20730] 17:29:51 +++ exited with 0 +++
[pid 17113] 17:29:51 <... poll resumed> ) = 0 (Timeout)
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
[pid 17113] 17:29:51 setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
[pid 17113] 17:29:51 fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
[pid 17113] 17:29:51 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 17113] 17:29:51 connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("169.254.169.254")}, 16) = -1 EINPROGRESS (Operation now in progress)
[pid 17113] 17:29:51 poll([{fd=3, events=POLLOUT|POLLWRNORM}], 1, 0) = 0 (Timeout)
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 poll([{fd=3, events=POLLOUT}], 1, 199) = 1 ([{fd=3, revents=POLLOUT}])
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 poll([{fd=3, events=POLLOUT|POLLWRNORM}], 1, 0) = 1 ([{fd=3, revents=POLLOUT|POLLWRNORM}])
[pid 17113] 17:29:51 getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
[pid 17113] 17:29:51 getpeername(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("169.254.169.254")}, [128->16]) = 0
[pid 17113] 17:29:51 getsockname(3, {sa_family=AF_INET, sin_port=htons(37960), sin_addr=inet_addr("10.128.0.2")}, [128->16]) = 0
[pid 17113] 17:29:51 sendto(3, "GET /computeMetadata/v1/oslogin/"..., 134, MSG_NOSIGNAL, NULL, 0) = 134
[pid 17113] 17:29:51 poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 poll([{fd=3, events=POLLIN}], 1, 198) = 1 ([{fd=3, revents=POLLIN}])
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 1 ([{fd=3, revents=POLLIN|POLLRDNORM}])
[pid 17113] 17:29:51 recvfrom(3, "HTTP/1.1 404 Not Found\r\nMetadata"..., 16384, 0, NULL, NULL) = 496
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 close(3) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 stat("/var/google-users.d/root", 0x7fff47fdaf50) = -1 ENOENT (No such file or directory)
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 clone(child_stack=0x7fa609e09fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7fa609e0a9d0, tls=0x7fa609e0a700, child_tidptr=0x7fa609e0a9d0) = 20732
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 poll(NULL, 0, 4strace: Process 20732 attached
<unfinished ...>
所以这无疑是一个网络问题,但不确定我明白问题出在哪里。
该/etc/hosts文件如下所示:
127.0.0.1 localhost my-domain my-domain.site.com
127.0.1.1 localhost my-domain my-domain.site.com # trying to resolve this issue, probably not needed
::1 localhost ip6-localhost ip6-loopback my-domain my-domain.site.com
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.128.0.2 my-domain.us-central1-a.c.my-domain.internal my-domain # Added by Google
169.254.169.254 metadata.google.internal # Added by Google
文件/etc/resolv.conf内容如下:
domain us-central1-a.c.my-domain.internal
search us-central1-a.c.my-domain.internal. c.my-domain.internal. google.internal.
nameserver 169.254.169.254
该命令hostname给出:
my-domain
我读过,sudo某种程度上取决于hostname,但我不确定sudo su试图在这里查找(例如)sudo echo不感兴趣的内容。
答案1
虽然没有直接回答你的问题,但这避免了延迟
sudo su可以简化为sudo -s.如果您想更改为其他用户,可以直接这样做,例如sudo -s -u otheruser