Re: sudo Signal 11 (334 Views)
Reply
Advisor
VKV
Posts: 17
Registered: ‎07-14-2011
Message 1 of 6 (401 Views)

Sudo memorydump

Hi UNIX gurus,

 

I am trying to provide sudo access to a uaer ID test. The following is what I added in sudoers file.

 

Defaults timestampdir=/var/adm/sudo
###########################################
User_Alias DC_MIGRATION = test
Cmnd_Alias CMND_DCM_UNIX = /usr/sbin/cmviewcl, \
        /usr/bin/crontab -[elr]*, !/usr/bin/crontab -[er] root,\
        /usr/bin/du, \
        /usr/bin/g*zip, \
        /usr/contrib/bin/g*zip, \
        /usr/bin/strings /etc/lvmtab, \
        /usr/sbin/fstyp, \
        /usr/sbin/ifconfig -a, \
        /usr/sbin/mount, \
        /opt/OV/bin/OpC/opcagt, \
        /opt/perf/bin/mwa, \
        /opt/perf/bin/ovpa, \
        /opt/perf/bin/perfstat, \
        /usr/bin/ls, \
        /usr/bin/sar, \
        /usr/bin/diff, \
        /usr/bin/mailx, \
        /usr/sbin/dmesg, \
        /usr/sbin/ioscan *, \
        /usr/bin/ls, \
        /usr/lbin/getprpw, \
        /usr/bin/top, \
        /usr/sbin/diskinfo, \
        /usr/sbin/swapinfo, \
        /usr/sbin/lvlnboot -v, \
        /usr/bin/find, !/usr/bin/find *-exec*, \
        /usr/sbin/*parstatus, \
        /usr/sbin/vgexport -p -v
DC_MIGRATION ALL = CMND_DCM_UNIX

On loging in as user test sudo -l is working fine.

 

{test@server:/home/test}sudo -l
Password:
Matching Defaults entries for test on this host:
    log_output, logfile=/var/adm/sudo/sudo.log, timestampdir=/var/adm/sudo

Runas and Command-specific defaults for test:

User test may run the following commands on this host:
    (root) /usr/sbin/cmviewcl, /usr/bin/crontab -[elr]*, !/usr/bin/crontab -[er] root, /usr/bin/du, /usr/bin/g*zip, /usr/contrib/bin/g*zip, /usr/bin/strings /etc/lvmtab,
    /usr/sbin/fstyp, /usr/sbin/ifconfig -a, /usr/sbin/mount, /opt/OV/bin/OpC/opcagt, /opt/perf/bin/mwa, /opt/perf/bin/ovpa, /opt/perf/bin/perfstat, /usr/bin/ls, /usr/bin/sar,
    /usr/bin/diff, /usr/bin/mailx, /usr/sbin/dmesg, /usr/sbin/ioscan *, /usr/bin/ls, /usr/lbin/getprpw, /usr/bin/top, /usr/sbin/diskinfo, /usr/sbin/swapinfo, /usr/sbin/lvlnboot
    -v, /usr/bin/find, !/usr/bin/find *-exec*, /usr/sbin/*parstatus, /usr/sbin/vgexport -p -v -s -m *

 

But when the user issues sudo <command> he gets the following error.


{test@server:/home/test}sudo /usr/sbin/dmesg
Memory fault(coredump)

Could any of you please help?

 

Thanks

 

 

Please use plain text.
Acclaimed Contributor
Dennis Handly
Posts: 24,877
Registered: ‎03-06-2006
Message 2 of 6 (382 Views)

Re: sudo Signal 11

>{test@server:/home/test}sudo /usr/sbin/dmesg

 

You have a corefile so use gdb to debug it:

$ gdb path-to-sudo/sudo core

(gdb) bt

(gdb) info reg

(gdb) disas $pc-16*4 $pc+16*4

(gdb) quit

Please use plain text.
Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 3 of 6 (372 Views)

Re: sudo Signal 11

First use the "file core" command to see whether the core was produced by sudo or by dmesg. The error message does not exactly tell which one it was.

MK
Please use plain text.
Advisor
VKV
Posts: 17
Registered: ‎07-14-2011
Message 4 of 6 (340 Views)

Re: Sudo memorydump

Sorry for the late reply. It was a long weekend here in Australia.

 

 

Hi Dennis,

 

> You have a corefile so use gdb to debug it:

 

I could not find any core file. The sudo website (http://www.sudo.ws/sudo/man/1.8.6/sudoers.man.html) talks about /etc/sudo.conf file. I think this entry need to be set to false to enable coredump.

 

#   Set disable_coredump true

 

However I could not find this file either which is OK as per sudo website.

 

 

Hi MK,

 

> First use the "file core" command to see whether the core was produced by sudo or by dmesg.

 

Any command prefixed with sudo generates the coredump error.

 

{test@server:/home/test}sudo /usr/sbin/mount

Memory fault(coredump)

 

But when I reduced the number the number of commands in the Cmnd_Alias section sudo is working.

 

Now my suoders file looks like

 

####################

User_Alias DC_MIGRATION = test

Cmnd_Alias CMND_DCM_UNIX = /usr/sbin/cmviewcl, \

        /usr/sbin/vgexport -p -v -s -m *, \

        /usr/sbin/diskinfo *, \

        /usr/sbin/dmesg

DC_MIGRATION ALL = CMND_DCM_UNIX

 

I don’t think it was a syntax error earlier as I always used visudo –s to edit the file. I will continue to add commands as per user requirement and post if I find a “threshold” on number of commands.

Meanwhile please share your thoughts.

Please use plain text.
Acclaimed Contributor
Dennis Handly
Posts: 24,877
Registered: ‎03-06-2006
Message 5 of 6 (334 Views)

Re: sudo Signal 11

>I could not find any core file.

 

It's there somewhere.  The following means you got one:  Memory fault(coredump)

If you use coreadm(1m), that could place it elsewhere.

 

>Any command prefixed with sudo generates the coredump error. ...

>But when I reduced the number the number of commands in the Cmnd_Alias section sudo is working.

 

Then it is likely sudo that's aborting.

Please use plain text.
Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 6 of 6 (320 Views)

Re: Sudo memorydump

It sure seems like you're hitting some kind of a threshold in sudo, quite possibly in the Cmnd_Alias length.

 

What is your sudo version (please run "sudo -V |head")?

 

(I'm guessing that you might have an old version of sudo, which might contain a bug that is already fixed in newer versions.)

MK
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation