On Tuesday, December 3, 2019, Ivan Apolonio <ivan(a)apolonio.com.br> wrote:
This line shuts logging, worth to comment it out during check. Plus, do you have an #includedir setting in your /etc/sudoers file?
The vdsm.log snippet seems later than the error in the engine.log, could you provide one covering the failing attempt? Hello, Amit.
It looks that commenting out that last line (Defaults:vdsm !syslog) did the trick to help identify the problem. According to /var/log/secure log file, vdsm uid is being blocked to sudo due to pam requirements: Dec 4 10:53:36 Rosinha sudo: pam_unix(sudo:auth): authentication failure; logname=root uid=36 euid=0 tty=/dev/pts/0 ruser=vdsm rhost= user=vdsm Dec 4 10:53:36 Rosinha sudo: pam_succeed_if(sudo:auth): requirement "uid >= 1000" not met by user "vdsm" Dec 4 10:58:38 Rosinha sudo: pam_unix(sudo:auth): conversation failed Dec 4 10:58:38 Rosinha sudo: pam_unix(sudo:auth): auth could not identify password for [vdsm] Dec 4 10:58:38 Rosinha sudo: pam_succeed_if(sudo:auth): requirement "uid >= 1000" not met by user "vdsm" This "uid >= 1000" requirement is the CentOS 7 default. What is the best way to work around it? I'm asking that because if I just comment this rule on pam configuration files, it is going to allow other system users to sudo, which would lead to security issues. Thanks, Ivan