From: Joe N. <jo...@jo...> - 2012-03-31 20:20:27
|
On 31 Mar 2012, at 18:37, Jamie Cameron wrote: > On 31/Mar/2012 03:35 Joe Nyland <jo...@jo...> wrote .. >> >> On 30 Mar 2012, at 23:46, Jamie Cameron wrote: >> >>> On 30/Mar/2012 01:33 Joe Nyland <jo...@jo...> wrote .. >>>> -----Original message----- >>>>>> >>>>>> Here's the output from 'sudo -l -S': >>>>>> >>>>>> joe@MailServer1:~$ sudo -l -S >>>>>> [sudo] password for joe: >>>>>> Matching Defaults entries for joe on this host: >>>>>> env_reset >>>>>> >>>>>> User joe may run the following commands on this host: >>>>>> joe@MailServer1:~$ >>>>>> >>>>>> Does that look right to you? >>>>>> >>>>>> Thank you for your help. >>>>> >>>>> That doesn't look like it includes all the needed permissions. >>>>> >>>>> It should be more like : >>>>> >>>>> User jcameron may run the following commands on this host: >>>>> (ALL) ALL >>>>> (ALL) ALL >>>>> >>>>> - Jamie >>>> >>>> Ok, this is a bit strange; 'sudo -l -S' now gives: >>>> >>>> joe@MailServer1:~$ sudo -l -S >>>> [sudo] password for joe: >>>> Matching Defaults entries for joe on this host: >>>> env_reset >>>> >>>> User joe may run the following commands on this host: >>>> (ALL) ALL >>>> joe@MailServer1:~$ >>>> >>>> But I still can't login to Webmin. >>>> >>>> Sudo from an SSH connection still continues to work. Also, I've checked the >> above >>>> command output on my file server which I can login to Webmin fine on, and that >>>> gives the same output as above: >>>> >>>> joe@FileServer1:~$ sudo -l -S >>>> Matching Defaults entries for joe on this host: >>>> env_reset >>>> >>>> User joe may run the following commands on this host: >>>> (ALL) ALL >>>> joe@FileServer1:~$ >>>> >>>> I'm not sure how to proceed with this. I'm tempted to do a reinstall of Webmin >>>> on this server, but I'm not convinced this will help. >>> >>> The (ALL) ALL is what Webmin is looking for .. so I would expect the login >>> as a sudo-capable user to work now. >>> >>> What gets logged to the debug file now when you try to login? >>> >>> - Jamie >> >> Here's a login attempt I just made, which has been taken from miniserv.debug: >> >> handle_request: passed timeout check >> handle_request reqline=POST /session_login.cgi HTTP/1.1 >> handle_request: got headline Host: mailserver1:10000 >> handle_request: got headline User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X >> 10.7; rv:11.0) Gecko/20100101 Firefox/11.0 >> handle_request: got headline Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> handle_request: got headline Accept-Language: en-gb,en;q=0.5 >> handle_request: got headline Accept-Encoding: gzip, deflate >> handle_request: got headline Connection: keep-alive >> handle_request: got headline Referer: https://mailserver1:10000/session_login.cgi >> handle_request: got headline Cookie: testing=1 >> handle_request: got headline Content-Type: application/x-www-form-urlencoded >> handle_request: got headline Content-Length: 29 >> clen_read=29 clen=29 posted_data=29 >> handle_request: posted_data=page=%2F&user=joe&pass=**** >> handle_request: Need authentication >> validate_user: user=joe pass=**** host=mailserver1 >> can_user_login: Validate with PAM >> validate_user: canuser=joe canmode=2 notexist=0 webminuser=root sudo=1 >> validate_user: unix val=1 >> check_sudo_permissions: querying cache for joe >> main: inline readsudo joe >> check_sudo_permissions: cache said 0 >> validate_user: sudo failed >> handle_login: requesting delay vu=joe acptip=192.168.1.205 ok=0 >> main: inline delay joe 192.168.1.205 0 >> handle_login: delay=2 blocked=0 >> handle_request: page=/session_login.cgi simple=/session_login.cgi >> handle_request: initial full= >> handle_request: full=/usr/share/webmin/session_login.cgi >> handle_request: executing CGI >> REMOTE_USER = >> BASE_REMOTE_USER = >> main: Done handle_request loop pid=7801 >> main: inline EOF >> >> For completeness, I checked my sudo privileges again, after the login attempt: >> >> joe@MailServer1:~$ sudo -l -S >> Matching Defaults entries for joe on this host: >> env_reset >> >> User joe may run the following commands on this host: >> (ALL) ALL >> >> However, still: "Login failed. Please try again." >> >> I'm happy to perform a reinstall of Webmin, if you think this will resolve anything. >> However, this would also remove any hope of finding what this issue is, so that >> it can be worked around in the future, if it crops up again. > > Looks like Webmin was caching the response from sudo in that check .. I can tell > from the message "check_sudo_permissions: cache said 0" > > Try running /etc/webmin/restart , and then immediately after attempting a login > and post what gets logged to the debug file. > > I'm pretty sure a re-install won't help here. > > - Jamie Still no luck, I'm afraid: miniserv.pl starting .. Reading crons from /etc/webmin/webmincron/crons adding cron id=133215899832608 module=system-status func=scheduled_collect_system_info adding cron id=133215899832422 module=cron func=cleanup_temp_files Running cron id=133215899832422 module=cron func=cleanup_temp_files main: Starting handle_request loop pid=16829 handle_request: from 192.168.1.205 to 192.168.1.8 ipv6=0 handle_request: passed IP checks handle_request: passed timeout check handle_request reqline=POST /session_login.cgi HTTP/1.1 handle_request: got headline Host: mailserver1:10000 handle_request: got headline User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20100101 Firefox/11.0 handle_request: got headline Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 handle_request: got headline Accept-Language: en-gb,en;q=0.5 handle_request: got headline Accept-Encoding: gzip, deflate handle_request: got headline Connection: keep-alive handle_request: got headline Referer: https://mailserver1:10000/ handle_request: got headline Cookie: testing=1 handle_request: got headline Content-Type: application/x-www-form-urlencoded handle_request: got headline Content-Length: 29 clen_read=29 clen=29 posted_data=29 handle_request: posted_data=page=%2F&user=joe&pass=*** handle_request: Need authentication validate_user: user=joe pass=*** host=mailserver1 can_user_login: Validate with PAM validate_user: canuser=joe canmode=2 notexist=0 webminuser=root sudo=1 validate_user: unix val=1 check_sudo_permissions: querying cache for joe main: inline readsudo joe check_sudo_permissions: cache said 2 check_sudo_permissions: ptyfh=IO::Pty=GLOB(0x281df28) check_sudo_permissions: ttyfh=IO::Tty=GLOB(0x3326030) check_sudo_permissions: tty=/dev/pts/1 check_sudo_permissions: about to fork.. check_sudo_permissions: fork=0 pid=16831 check_sudo_permissions: fork=16831 pid=16829 check_sudo_permissions: pid=16831 check_sudo_permissions: about to send pass check_sudo_permissions: sent pass=*** validate_user: sudo failed handle_login: requesting delay vu=joe acptip=192.168.1.205 ok=0 main: inline writesudo joe 0 main: inline delay joe 192.168.1.205 0 handle_login: delay=0 blocked=0 handle_request: page=/session_login.cgi simple=/session_login.cgi handle_request: initial full= handle_request: full=/usr/share/webmin/session_login.cgi handle_request: executing CGI REMOTE_USER = BASE_REMOTE_USER = main: Done handle_request loop pid=16829 Running cron id=133215899832608 module=system-status func=scheduled_collect_system_info main: inline EOF Running cron id=133215899832422 module=cron func=cleanup_temp_files Thank you for you continued support. Joe |