Feb 17 16:58:09.973 sudo[6881280] sudo_get_grlist: looking up group names for KSchuema Feb 17 16:58:09.974 sudo[6881280] aix_getauthregistry_v1: saved authentication registry for user KSchuema is LDAP Feb 17 16:58:09.974 sudo[6881280] <- aix_getauthregistry_v1 @ ./aix.c:190 := 0 Feb 17 16:58:09.974 sudo[6881280] -> sudo_make_grlist_item @ ./pwutil_impl.c:368 Feb 17 16:58:09.974 sudo[6881280] -> sudo_get_gidlist @ ./pwutil.c:985 Feb 17 16:58:09.974 sudo[6881280] sudo_get_gidlist: looking up group-IDs for KSchuema Feb 17 16:58:09.974 sudo[6881280] -> aix_getauthregistry_v1 @ ./aix.c:162 Feb 17 16:58:09.976 sudo[6881280] aix_getauthregistry_v1: saved authentication registry for user KSchuema is LDAP Feb 17 16:58:09.976 sudo[6881280] <- sudo_get_gidlist @ ./pwutil.c:1038 := 3002f708 Feb 17 16:58:09.976 sudo[6881280] -> aix_setauthdb_v2 @ ./aix.c:213 Feb 17 16:58:09.976 sudo[6881280] -> aix_getauthregistry_v1 @ ./aix.c:162 Feb 17 16:58:09.977 sudo[6881280] aix_getauthregistry_v1: saved authentication registry for user KSchuema is LDAP Feb 17 16:58:09.977 sudo[6881280] <- aix_getauthregistry_v1 @ ./aix.c:190 := 0 Feb 17 16:58:09.977 sudo[6881280] aix_setauthdb_v2: setting authentication registry to LDAP Feb 17 16:58:09.977 sudo[6881280] <- aix_setauthdb_v2 @ ./aix.c:234 := 0 Feb 17 16:58:09.977 sudo[6881280] -> sudo_getgrgid @ ./pwutil.c:517 Feb 17 16:58:09.977 sudo[6881280] sudo_getgrgid: gid 10100 [LDAP] -> group G-ACCESS-UNIXADM-INT [LDAP] (cached) Feb 17 16:58:09.978 sudo[6881280] aix_restoreauthdb_v1: setting authentication registry to Feb 17 16:58:09.978 sudo[6881280] sudo_get_grlist: user KSchuema is a member ofgroup G-ACCESS-UNIXADM-INT Feb 17 16:58:09.978 sudo[6881280] <- sudo_get_grlist @ ./pwutil.c:901 := 30030cb8 Feb 17 16:58:09.978 sudo[6881280] -> sudo_grlist_delref @ ./pwutil.c:814 Feb 17 16:58:09.978 sudo[6881280] -> sudo_grlist_delref_item @ ./pwutil.c:803 Feb 17 16:58:09.978 sudo[6881280] <- sudo_grlist_delref_item @ ./pwutil.c:808 Feb 17 16:58:09.978 sudo[6881280] <- sudo_grlist_delref @ ./pwutil.c:816 Feb 17 16:58:09.978 sudo[6881280] user_in_group: user KSchuema in group G-ACCESS-UNIXADM-INT Feb 17 16:58:09.978 sudo[6881280] <- user_in_group @ ./pwutil.c:1187 := true Feb 17 16:58:09.978 sudo[6881280] user KSchuema matches group G-ACCESS-UNIXADM-INT: true @ usergr_matches() ./match.c:552 Feb 17 16:58:09.978 sudo[6881280] host hbax48 (hbax48) matches sudoers host ALL: true Feb 17 16:58:09.978 sudo[6881280] host hbax48 (hbax48) matches sudoers host ADMININT_HOSTS: true Feb 17 16:58:09.978 sudo[6881280] user root matches sudoers user root: true @ userpw_matches() ./match.c:464 Feb 17 16:58:09.978 sudo[6881280] user command "/usr/bin/rootsh" matches sudoers command "/usr/bin/rootsh": true @ command_matches() ./match_command.c:890 Feb 17 16:58:09.978 sudo[6881280] userspec matched @ /etc/sudoers.d/Admin_int2root:6:45: allowed @ sudoers_lookup_check() ./parse.c:210 Feb 17 16:58:09.978 sudo[6881280] <- sudo_nss_can_continue @ ./sudo_nss.c:263 := true Feb 17 16:58:09.980 sudo[6881280] <- env_file_next_local @ ./env.c:1289 := PATH= /usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/java8/jre/bin:/usr/java8/bin Feb 17 16:58:09.980 sudo[6881280] -> sudo_putenv @ ./env.c:417 Feb 17 16:58:09.980 sudo[6881280] sudo_putenv: PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/java8/jre/bin:/usr/java8/bin Feb 17 16:58:09.980 sudo[6881280] sudo_putenv: TZ=Europe/Berlin Feb 17 16:58:09.980 sudo[6881280] sudo_putenv: LANG=en_US Feb 17 16:58:09.980 sudo[6881280] <- env_file_next_local @ ./env.c:1289 := LOCPATH=/usr/lib/nls/loc Feb 17 16:58:09.980 sudo[6881280] sudo_putenv: LOCPATH=/usr/lib/nls/loc Feb 17 16:58:09.981 sudo[6881280] keep _=/usr/bin/sudo: NO Feb 17 16:58:09.983 sudo[6881280] keep LOGIN=KSchuema: NO Feb 17 16:58:09.984 sudo[6881280] keep CLCMD_PASSTHRU=1: NO Feb 17 16:58:09.984 sudo[6881280] keep PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/us r/bin/X11:/sbin:/usr/java8/jre/bin:/usr/java8/bin:/oracle/app/12.1.0.2/grid/bin: .: YES Feb 17 16:58:09.984 sudo[6881280] sudo_putenv: PATH=/usr/bin:/etc:/usr/sbin:/usr /ucb:/usr/bin/X11:/sbin:/usr/java8/jre/bin:/usr/java8/bin:/oracle/app/12.1.0.2/grid/bin:. Feb 17 16:58:09.987 sudo[6881280] keep HOSTNAME=hbax48: YES Feb 17 16:58:09.989 sudo[6881280] keep KRB5CCNAME=FILE:/var/krb5/security/creds/krb5cc_x0000000000000001: YES Feb 17 16:58:09.989 sudo[6881280] sudo_putenv: KRB5CCNAME=FILE:/var/krb5/security/creds/krb5cc_x0000000000000001 Feb 17 16:58:09.992 sudo[6881280] keep SSH_CONNECTION=10.111.60.101 47988 10.111.60.148 22: NO Feb 17 16:58:09.993 sudo[6881280] keep SSH_CLIENT=10.111.60.101 47988 22: NO Feb 17 16:58:09.995 sudo[6881280] sudo_putenv: MAIL=/var/spool/mail/root Feb 17 16:58:09.995 sudo[6881280] sudo_putenv: LOGIN=root Feb 17 16:58:09.995 sudo[6881280] sudo_putenv: LOGNAME=root Feb 17 16:58:09.995 sudo[6881280] sudo_putenv: USER=root Feb 17 16:58:09.995 sudo[6881280] sudo_putenv: HOME=/root Feb 17 16:58:09.995 sudo[6881280] sudo_putenv: SHELL=/usr/bin/ksh Feb 17 16:58:09.995 sudo[6881280] sudo_putenv: SUDO_COMMAND=/usr/bin/rootsh Feb 17 16:58:09.995 sudo[6881280] sudo_putenv: SUDO_USER=KSchuema Feb 17 16:58:09.995 sudo[6881280] sudo_putenv: SUDO_UID=10002 Feb 17 16:58:09.995 sudo[6881280] sudo_putenv: SUDO_GID=10100 Feb 17 16:58:09.996 sudo[6881280] checking /var/run/sudo/ts @ ts_secure_opendir() ./timestamp.c:242 Feb 17 16:58:09.996 sudo[6881280] ts_match_record:1 session leader start time mismatch Feb 17 16:58:09.996 sudo[6881280] ts_match_record:2 record tty mismatch (want 0x150000, got 0x150001) Feb 17 16:58:10.000 sudo[6881280] checking /var/lib/sudo/lectured @ ts_secure_opendir() ./timestamp.c:242 Feb 17 16:58:10.000 sudo[6881280] -> tgetpass @ ./tgetpass.c:122 Feb 17 16:58:10.000 sudo[6881280] -> sudo_term_noecho_v1 @ ./term.c:163 Feb 17 16:58:10.000 sudo[6881280] <- sudo_term_noecho_v1 @ ./term.c:174 := true Feb 17 16:58:10.000 sudo[6881280] -> getln @ ./tgetpass.c:380 Feb 17 16:58:14.028 sudo[6881280] <- getln @ ./tgetpass.c:447 := ********* Feb 17 16:58:14.028 sudo[6881280] -> tgetpass_display_error @ ./tgetpass.c:89 Feb 17 16:58:14.028 sudo[6881280] <- tgetpass_display_error @ ./tgetpass.c:104 Feb 17 16:58:14.028 sudo[6881280] -> sudo_term_restore_v1 @ ./term.c:144 Feb 17 16:58:14.028 sudo[6881280] <- sudo_term_restore_v1 @ ./term.c:152 := true Feb 17 16:58:14.028 sudo[6881280] <- tgetpass @ ./tgetpass.c:282 := ********* Feb 17 16:58:14.028 sudo[6881280] -> tgetpass_display_error @ ./tgetpass.c:89 Feb 17 16:58:14.028 sudo[6881280] <- tgetpass_display_error @ ./tgetpass.c:104 Feb 17 16:58:14.028 sudo[6881280] -> sudo_term_restore_v1 @ ./term.c:144 Feb 17 16:58:14.028 sudo[6881280] <- sudo_term_restore_v1 @ ./term.c:152 := true Feb 17 16:58:14.028 sudo[6881280] <- tgetpass @ ./tgetpass.c:282 := ********* Feb 17 16:58:14.181 sudo[6881280] <- sudo_aix_verify @ ./auth/aix_auth.c:320 :=3 Feb 17 16:58:14.181 sudo[6881280] -> log_auth_failure @ ./logging.c:474 Feb 17 16:58:14.181 sudo[6881280] -> audit_failure @ ./audit.c:136 Feb 17 16:58:14.181 sudo[6881280] -> vaudit_failure @ ./audit.c:110 Feb 17 16:58:14.181 sudo[6881280] -> sudoers_setlocale @ ./locale.c:87 Feb 17 16:58:14.181 sudo[6881280] sudoers_setlocale: setting locale to C (sudoers) Feb 17 16:58:14.181 sudo[6881280] <- sudoers_setlocale @ ./locale.c:128 := true Feb 17 16:58:14.181 sudo[6881280] -> audit_failure_int @ ./audit.c:83 Feb 17 16:58:14.181 sudo[6881280] <- audit_failure_int @ ./audit.c:102 := 0 Feb 17 16:58:14.181 sudo[6881280] -> sudoers_setlocale @ ./locale.c:87 Feb 17 16:58:14.181 sudo[6881280] sudoers_setlocale: setting locale to en_US en_ US en_US en_US en_US en_US (user) Feb 17 16:58:14.181 sudo[6881280] <- sudoers_setlocale @ ./locale.c:128 := true Feb 17 16:58:14.181 sudo[6881280] <- vaudit_failure @ ./audit.c:128 := 0 Feb 17 16:58:14.181 sudo[6881280] <- audit_failure @ ./audit.c:142 := 0 Feb 17 16:58:14.181 sudo[6881280] -> sudoers_setlocale @ ./locale.c:87 Feb 17 16:58:14.181 sudo[6881280] <- sudoers_setlocale @ ./locale.c:128 := false Feb 17 16:58:14.181 sudo[6881280] a password is required @ log_auth_failure() ./logging.c:535 Feb 17 16:58:14.182 sudo[6881280] <- sudoers_policy_check @ ./policy.c:1195 := -1 Feb 17 16:58:14.182 sudo[6881280] policy plugin returns -1 (authentication failure) Feb 17 16:58:14.182 sudo[6881280] sudoers_policy: calling policy close with errno 13 means 13 Permission denied drwx------ 2 root system 256 Feb 16 19:12 /var/run/sudo/ts/ -rw------- 1 root G-ACCESS 216 Feb 17 16:45 KSchuema drwx--x--x 2 root system 256 Feb 03 11:06 /var/lib/sudo/lectured/ -rw------- 1 root G-ACCESS 0 Dec 22 17:00 KSchuema