Spent a bit too long fixing a sudo problem right after an apt-get upgrade on a Debian machine.
The original problem:
# sudo ls
sudo: unable to initialize PAM: No such file or directory
1 2 |
# sudo ls
sudo: unable to initialize PAM: No such file or directory
|
Sudo errors are logged with syslog by default. Some message should be in one of the /var/log/xx.log files. If you don’t know which, run
# cd /var/log
# grep pam *.log
auth.log:Nov 21 22:35:14 mach sudo: PAM _pam_load_conf_file: unable to open /etc/pam.d/common-session-noninteractive
auth.log:Nov 21 22:35:14 mach sudo: PAM _pam_init_handlers: error reading /etc/pam.d/sudo
auth.log:Nov 21 22:35:14 mach sudo: PAM _pam_init_handlers: [Critical error - immediate abort]
auth.log:Nov 21 22:35:14 mach sudo: PAM pam_start: failed to initialize handlers
auth.log:Nov 21 22:35:14 mach sudo: PAM pam_end: NULL pam handle passed
1 2 3 4 5 6 7 |
# cd /var/log
# grep pam *.log
auth.log:Nov 21 22:35:14 mach sudo: PAM _pam_load_conf_file: unable to open /etc/pam.d/common-session-noninteractive
auth.log:Nov 21 22:35:14 mach sudo: PAM _pam_init_handlers: error reading /etc/pam.d/sudo
auth.log:Nov 21 22:35:14 mach sudo: PAM _pam_init_handlers: [Critical error - immediate abort]
auth.log:Nov 21 22:35:14 mach sudo: PAM pam_start: failed to initialize handlers
auth.log:Nov 21 22:35:14 mach sudo: PAM pam_end: NULL pam handle passed
|
One configuration file was missing. This PAM debian page told me what the file was supposed to contain. Somehow that file was not created in the upgrade.
# cat /etc/pam.d/common-session-noninteractive
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_unix.so
1 2 3 4 5 |
# cat /etc/pam.d/common-session-noninteractive
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_unix.so
|
Fixed.
