Power

 View Only
Expand all | Collapse all

Running commands with sudo is very slow

  • 1.  Running commands with sudo is very slow

    Posted 5 hours ago

    Hello,

    I'm using sudo version 1.9.5p2 on my AIX 7.2 system :

    [17:05:35-ad19144@CUDB2ST1:~] > sudo -V
    Sudo version 1.9.5p2
    Sudoers policy plugin version 1.9.5p2
    Sudoers file grammar version 48
    Sudoers I/O plugin version 1.9.5p2
    Sudoers audit plugin version 1.9.5p2

    I'm connected with a user which defined on Active Directory.

    When I run commend with sudo it taked about 15s to be launched. For instance with a simple sudo -l :
    [17:08:50-ad19144@CUDB2ST1:~] > time sudo -l
    Matching Defaults entries for ad19144 on CUDB2ST1:
        log_year, logfile=/var/log/sudo/sudo.log, use_pty

    User ad19144 may run the following commands on CUDB2ST1:
        (ALL) NOPASSWD: /usr/sbin/lsvg, /usr/sbin/lslv, /usr/sbin/chfs, /opt/outils_local/dba/, /opt/outils_local/dba/db2/, /usr/local/bin/monitor
        (ALL) NOPASSWD: /bin/su - db2*
        (ALL) NOPASSWD: /bin/su - ipw

    real    0m16.829s
    user    0m0.048s
    sys     0m0.071s

    Another example :
    [17:13:56-ad19144@CUDB2ST1:~] > time sudo su - db2tect1 -c exit

    real    0m16.526s
    user    0m0.036s
    sys     0m0.060s

    I noticed in the debug log file that it takes about 15s for the policy plugin to answer :
    Jul 19 17:14:01 sudo[25100760] settings: plugin_dir=/opt/freeware/libexec/sudo/
    Jul 19 17:14:01 sudo[25100760] -> sudo_new_key_val_v1 @ ./key_val.c:43
    Jul 19 17:14:01 sudo[25100760] <- sudo_new_key_val_v1 @ ./key_val.c:55 := plugin_dir=/opt/freeware/libexec/sudo/
    Jul 19 17:14:01 sudo[25100760] <- format_plugin_settings @ ./sudo.c:1056 := 20031628
    Jul 19 17:14:01 sudo[25100760] <- policy_open @ ./sudo.c:1108
    Jul 19 17:14:01 sudo[25100760] -> policy_check @ ./sudo.c:1164
    Jul 19 17:14:17 sudo[25100760] policy plugin returns 1 ()
    Jul 19 17:14:17 sudo[25100760] -> audit_accept @ ./sudo.c:1689
    Jul 19 17:14:17 sudo[25100760] <- audit_accept @ ./sudo.c:1714
    Jul 19 17:14:17 sudo[25100760] <- policy_check @ ./sudo.c:1204
    Jul 19 17:14:17 sudo[25100760] -> approval_check @ ./sudo.c:1851
    Jul 19 17:14:17 sudo[25100760] <- approval_check @ ./sudo.c:1908

    Do you have an idea of what can be slow ?

    Regards,

    Marc Baguelin



    ------------------------------
    Marc Baguelin
    ------------------------------