Apt-Get 升级修改的 Sudoers 文件

tag-icon tag-icon apt upgrade sudo
Apt-Get 升级修改的 Sudoers 文件

Ubuntu 16.04LTS -

我刚刚跑了apt-get update && apt-get upgrade -y

完成后,我尝试运行另一个命令,sudo 但出现以下错误:

username is not in the sudoers file.  This incident will be reported.

我尝试使用另一个具有 sudo 权限的帐户,但收到相同的消息。到底发生了什么?

我看到以下软件包已更新:

will@will-laptop:/mnt/c/Users/wdavis$ cat updates.txt
Setting up perl-base (5.22.1-9ubuntu0.3) ...
Setting up libpam0g:amd64 (1.1.8-3.2ubuntu2.1) ...
Setting up libpam-modules-bin (1.1.8-3.2ubuntu2.1) ...
Setting up libpam-modules:amd64 (1.1.8-3.2ubuntu2.1) ...
Setting up libpam-runtime (1.1.8-3.2ubuntu2.1) ...
Setting up perl-modules-5.22 (5.22.1-9ubuntu0.3) ...
Setting up libperl5.22:amd64 (5.22.1-9ubuntu0.3) ...
Setting up perl (5.22.1-9ubuntu0.3) ...
Setting up grub-common (2.02~beta2-36ubuntu3.18) ...
Setting up grub2-common (2.02~beta2-36ubuntu3.18) ...
Setting up grub-pc-bin (2.02~beta2-36ubuntu3.18) ...
Setting up grub-pc (2.02~beta2-36ubuntu3.18) ...
Setting up libprocps4:amd64 (2:3.3.10-4ubuntu2.4) ...
Setting up procps (2:3.3.10-4ubuntu2.4) ...
Setting up distro-info-data (0.28ubuntu0.8) ...
Setting up ifupdown (0.8.10ubuntu1.4) ...
Setting up libssl1.0.0:amd64 (1.0.2g-1ubuntu4.12) ...
Setting up linux-base (4.5ubuntu1~16.04.1) ...
Setting up hdparm (9.48+ds-1ubuntu0.1) ...
Setting up libldap-2.4-2:amd64 (2.4.42+dfsg-2ubuntu3.3) ...
Setting up libcurl3-gnutls:amd64 (7.47.0-1ubuntu2.8) ...
Setting up curl (7.47.0-1ubuntu2.8) ...
Setting up ldap-utils (2.4.42+dfsg-2ubuntu3.3) ...
Setting up libelf1:amd64 (0.165-3ubuntu1.1) ...
Setting up libdw1:amd64 (0.165-3ubuntu1.1) ...
Setting up libplymouth4:amd64 (0.9.2-3ubuntu13.5) ...
Setting up openssl (1.0.2g-1ubuntu4.12) ...
Setting up plymouth (0.9.2-3ubuntu13.5) ...
Setting up plymouth-theme-ubuntu-text (0.9.2-3ubuntu13.5) ...
Setting up wget (1.17.1-1ubuntu1.4) ...
Setting up xdg-user-dirs (0.15-2ubuntu6.16.04.1) ...
Setting up python3-problem-report (2.20.1-0ubuntu2.18) ...
Setting up python3-apport (2.20.1-0ubuntu2.18) ...
Setting up apport (2.20.1-0ubuntu2.18) ...
Setting up docker-ce (18.03.1~ce-0~ubuntu) ...
Setting up git-man (1:2.7.4-0ubuntu1.4) ...
Setting up git (1:2.7.4-0ubuntu1.4) ...
Setting up linux-cloud-tools-common (4.4.0-127.153) ...
Setting up linux-cloud-tools-virtual-lts-xenial (4.4.0.127.133) ...
Setting up linux-firmware (1.157.19) ...
Setting up linux-libc-dev:amd64 (4.4.0-127.153) ...
Setting up linux-tools-common (4.4.0-127.153) ...
Setting up linux-tools-virtual-lts-xenial (4.4.0.127.133) ...
Setting up linux-virtual-lts-xenial (4.4.0.127.133) ...
Setting up patch (2.7.5-1ubuntu0.16.04.1) ...
Setting up snapd (2.32.9) ...
Setting up cloud-guest-utils (0.27-0ubuntu25.1) ...
Setting up datadog-agent (1:6.2.1-1) ...
Setting up grub-legacy-ec2 (18.2-4-g05926e48-0ubuntu1~16.04.2) ...
Setting up python-sss (1.13.4-1ubuntu1.11) ...
Setting up libsss-idmap0 (1.13.4-1ubuntu1.11) ...
Setting up libsss-nss-idmap0 (1.13.4-1ubuntu1.11) ...
Setting up sssd-common (1.13.4-1ubuntu1.11) ...
Setting up sssd-tools (1.13.4-1ubuntu1.11) ...
Setting up sssd-proxy (1.13.4-1ubuntu1.11) ...
Setting up sssd-krb5-common (1.13.4-1ubuntu1.11) ...
Setting up sssd-ldap (1.13.4-1ubuntu1.11) ...
Setting up sssd-krb5 (1.13.4-1ubuntu1.11) ...
Setting up libipa-hbac0 (1.13.4-1ubuntu1.11) ...
Setting up sssd-ad-common (1.13.4-1ubuntu1.11) ...
Setting up sssd-ipa (1.13.4-1ubuntu1.11) ...
Setting up sssd-ad (1.13.4-1ubuntu1.11) ...
Setting up sssd (1.13.4-1ubuntu1.11) ...
Setting up libnss-sss:amd64 (1.13.4-1ubuntu1.11) ...
Setting up libpam-sss:amd64 (1.13.4-1ubuntu1.11) ...
Setting up libsss-sudo (1.13.4-1ubuntu1.11) ...
Setting up vlan (1.9-3.2ubuntu1.16.04.5) ...
Setting up python3-distupgrade (1:16.04.25) ...
Setting up python3-update-manager (1:16.04.13) ...
Setting up ubuntu-release-upgrader-core (1:16.04.25) ...
Setting up update-manager-core (1:16.04.13) ...

团体输出

[email protected]@DockerSwarm02:~$ groups
domain [email protected] domain [email protected] enterprise [email protected] denied rodc password replication [email protected] sql [email protected] [email protected] [email protected] [email protected] syn [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] vpn [email protected] [email protected] [email protected]

syn@DockerSwarm02:~$ groups
syn adm cdrom sudo dip plugdev lxd lpadmin sambashare

nsswitch.conf 的输出

syn@DockerSwarm02:~$ cat cat /etc/nsswitch.conf
cat: cat: No such file or directory
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat sss
group:          compat sss
shadow:         compat sss
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files sss
ethers:         db files
rpc:            db files

netgroup:       nis sss
sudoers:        file sss

更新 SUDOERS:

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
%Domain\ [email protected] ALL=(ALL) ALL
%domain\ [email protected] ALL=(ALL) ALL

更新 PKEXEC:

syn@DockerSwarm02:~$ pkexec cat /etc/sudoers
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
Authentication is needed to run `/bin/cat' as the super user
Authenticating as: syn,,, (syn)
Password:
polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized

This incident has been reported.

更新 PAM.D/SUDO

root@DockerSwarm02:/etc/pam.d# cat sudo
#%PAM-1.0

session    required   pam_env.so readenv=1 user_readenv=0
session    required   pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
@include common-auth
@include common-account
@include common-session-noninteractive

更新 SSS

从 nsswitch.conf 中删除 sss 后,一切又恢复正常。看来 SSS 的这次更新破坏了一些东西。

相关内容