Sabayon Community

[linuxfluesterer]

Hallo guys.
Since some days (actually from /var/log messages it started on 29/01/ after an upgrade with Rigo), I see, that there is some process writing permanently on my ssd. So, when I start to watch /var/log/messages as root with command:

Code: Select all

tail -f /var/log/messages

then I see the following:

Code: Select all

Feb  1 22:37:10 localhost sudo: pam_unix(sudo:auth): conversation failed
Feb  1 22:37:10 localhost sudo: pam_unix(sudo:auth): auth could not identify password for [linuxfluesterer]
Feb  1 22:37:11 localhost sudo: pam_unix(sudo:auth): conversation failed
Feb  1 22:37:10 localhost sudo: pam_unix(sudo:auth): auth could not identify password for [linuxfluesterer]
Feb  1 22:37:11 localhost sudo: pam_unix(sudo:auth): conversation failed
Feb  1 22:37:10 localhost sudo: pam_unix(sudo:auth): auth could not identify password for [linuxfluesterer]
Feb  1 22:37:11 localhost sudo: pam_unix(sudo:auth): conversation failed
Feb  1 22:37:10 localhost sudo: pam_unix(sudo:auth): auth could not identify password for [linuxfluesterer]
Feb  1 22:37:11 localhost sudo: pam_unix(sudo:auth): conversation failed
.
.
.


These messages are repeated about 3 times per second and written into my /var/log/messages file. In between there are thousand of the same messages.
But these messages appear only, when I am logged in into my GUI (KDE 4.9.5). When I leave the GUI session, these messages stop.

So, what can I do to find out is the origin for auth failure? (Which process works in my name as 'sudo')?
And how can I stop it?

As all I remember, I haven't installed a new program or plasmoid...
The only script I launch with a 'sudo', is an rsync script for my backups.

I'd really appreciate your help. Thank you in advance.

-Linuxfluesterer (I love KDE ...)

Core i5, 8GB Ram, 240 GB ssd, NVidia GT630M, with Kernel 3.7.4 and KDE 4.9.5.

[linuxfluesterer]

Update: When adding the following line to /etc/sudoers as root with 'visudo'

Code: Select all

linuxfluesterer  ALL=NOPASSWD: ALL

then sudo doesn't ask me for any password (I know, dangerous!),
but in that moment the auth failure messages stop.
When I change this line to

Code: Select all

linuxfluesterer  ALL=ALL

then password is required for sudo and the auth failure messages appear again.

-Linuxfluesterer (I love KDE ...)

[linuxfluesterer]

...
Update: Of course, in between, I was looking around for more information about the messages, I received.
So, one thing I did was, that I created a file named /etc/sudo.conf, which contains:

Code: Select all

Debug sudo /tmp/sudo_dbg.log all@trace,plugin@info

That leads into the effect, that there is a new debug (sudo) login file in /tmp with name sudo_dbg.log. It doesn't exist per default. And when you don't use the debug any more, then delete that file or outmark it with a '#'.
Ok after done this, I relogged in to KDE and the results of my logins (and those I am not conscious of) are written into that file. It's a lot because growing fast. I loose overview.
So, finally, I decided to do a radical cut. I restored my backup of the whole partition /dev/sda1 (my Root partition for SL X) and the problem doesn't appear anymore.
I haven't found the answer, why the sudo pam authentification failed, neither I could fix it.
But I got nervoes, and because my own data in home directory is up to date, I haven't lost much.
Anyway, it was good to learn how to restore.
In fact, sudo and sudoers is a hard topic. I really prefer the 'su' to the 'sudo' command. Since SuSE I did and I also always created a root password in Kubuntu then to have root access.

Thank you for reading this thread.

-Linuxfluesterer (I love KDE ...)

[Fitzcarraldo]

Update: When adding the following line to /etc/sudoers as root with 'visudo'

Code: Select all

linuxfluesterer  ALL=NOPASSWD: ALL

then sudo doesn't ask me for any password (I know, dangerous!),
but in that moment the auth failure messages stop.
When I change this line to

Code: Select all

linuxfluesterer  ALL=ALL

then password is required for sudo and the auth failure messages appear again.

-Linuxfluesterer (I love KDE ...)

Use the following instead:

Code: Select all

linuxfluesterer ALL=(ALL) NOPASSWD: ALL

Very insecure, mind you.

Or, if you want to force the entry of a user password:

Code: Select all

linuxfluesterer ALL=(ALL) ALL

[linuxfluesterer]

Update: When adding the following line to /etc/sudoers as root with 'visudo'

Code: Select all

1.linuxfluesterer  ALL=NOPASSWD: ALL

Use the following instead:

Code: Select all

linuxfluesterer ALL=(ALL) NOPASSWD: ALL

Very insecure, mind you.

Pls, what is the difference to 1.?
I know, that this is insecure, so, for that reason, I don't want to change the original rules in /etc/sudoers.

Or, if you want to force the entry of a user password:

Code: Select all

linuxfluesterer ALL=(ALL) ALL

With that entry, sudo produces an auth failure message "Could not identify password for ..." , which I can't find, why.
Finally, I want to use the pure Sabayon /etc/sudoers with the only activated lines:

Code: Select all

# User privilege specification
root    ALL=(ALL) ALL
..
#Added by Sabayon Installer
%wheel  ALL=ALL

I assume, that I have installed a plasmoid or superkaramba widget in last days (I forgot, which one).
And to prevent insecurity of lacking password or permanently writing auth failure messages, when pw is forced,
I have restored a SL X partition backup from 27/01/2013.
Now, I'm content, though I don't know how to correct the auth failure message.

Thank you anyway for your support, Fitzcarraldo.

-Linuxfluesterer (I love KDE ...)