linux sudoers

linux安装完有些系统会默认禁用root登录, 所以我习惯创建一个普通用户然后配置sudoers登录。

%garlic ALL=(ALL:ALL) NOPASSWD: ALL

安装虚拟机由于网卡的一个错误配置发现 ,使用garlic su 执行 命令很慢使用strace跟踪了一下发现, 出现dns相关操作。

13:19:22.212222 connect(6, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
13:19:22.212654 close(6)                = 0
13:19:22.212838 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 6
13:19:22.213041 connect(6, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
13:19:22.213454 close(6)                = 0
13:19:22.213698 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=510, ...}, 0) = 0
13:19:22.214040 newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=930, ...}, 0) = 0
13:19:22.214630 openat(AT_FDCWD, "/etc/host.conf", O_RDONLY|O_CLOEXEC) = 6
13:19:22.214796 newfstatat(6, "", {st_mode=S_IFREG|0644, st_size=92, ...}, AT_EMPTY_PATH) = 0
13:19:22.215223 read(6, "# The \"order\" line is only used "..., 4096) = 92
13:19:22.215438 read(6, "", 4096)       = 0
13:19:22.215787 close(6)                = 0
13:19:22.215939 futex(0x7fdd6262232c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
13:19:22.216160 openat(AT_FDCWD, "/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 6
13:19:22.216340 newfstatat(6, "", {st_mode=S_IFREG|0644, st_size=930, ...}, AT_EMPTY_PATH) = 0
13:19:22.216621 read(6, "# This is /run/systemd/resolve/s"..., 4096) = 930
13:19:22.216916 read(6, "", 4096)       = 0
13:19:22.217355 newfstatat(6, "", {st_mode=S_IFREG|0644, st_size=930, ...}, AT_EMPTY_PATH) = 0
13:19:22.217887 close(6)                = 0
13:19:22.218025 openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 6
13:19:22.218411 newfstatat(6, "", {st_mode=S_IFREG|0644, st_size=240, ...}, AT_EMPTY_PATH) = 0
13:19:22.218707 lseek(6, 0, SEEK_SET)   = 0
13:19:22.218967 read(6, "127.0.0.1 localhost\n127.0.1.1 ga"..., 4096) = 240
13:19:22.219197 read(6, "", 4096)       = 0
13:19:22.219337 close(6)                = 0
13:19:22.219607 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 6
13:19:22.219903 setsockopt(6, SOL_IP, IP_RECVERR, [1], 4) = 0
13:19:22.220180 connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, 16) = 0
13:19:22.220518 poll([{fd=6, events=POLLOUT}], 1, 0) = 1 ([{fd=6, revents=POLLOUT}])
13:19:22.220985 sendmmsg(6, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="!H\1 \0\1\0\0\0\0\0\1\6node-1\vlocaldomain\0"..., iov_len=47}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=47}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="eT\1 \0\1\0\0\0\0\0\1\6node-1\vlocaldomain\0"..., iov_len=47}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=47}], 2, MSG_NOSIGNAL) = 2
13:19:22.224149 poll([{fd=6, events=POLLIN}], 1, 5000) = 0 (Timeout)
13:19:27.227039 poll([{fd=6, events=POLLOUT}], 1, 0) = 1 ([{fd=6, revents=POLLOUT}])
13:19:27.227693 sendmmsg(6, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="!H\1 \0\1\0\0\0\0\0\1\6node-1\vlocaldomain\0"..., iov_len=47}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=47}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="eT\1 \0\1\0\0\0\0\0\1\6node-1\vlocaldomain\0"..., iov_len=47}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=47}], 2, MSG_NOSIGNAL) = 2
13:19:27.233376 poll([{fd=6, events=POLLIN}], 1, 5000

 

配置的hostname 无法ping通, 可以在/etc/hostname 配置或者在

/etc/sudoers 增加 Defaults !fqdn。

 

主要是由于sudoer设计时考虑多个主机情况,规则中可以指定主机名, sudo必须解析本地接口主机名, 以便找到对应规则。 通过指定主机名

或者  Defaults !fqdn 关闭就可以解决

 

参考及引用

 

https://serverfault.com/questions/65370/every-single-time-i-use-sudo-it-hangs-before-completing

https://www.linuxquestions.org/questions/linux-newbie-8/fedora-11-sudo-has-a-20-second-start-delay-732291/#post3575840

https://superuser.com/questions/429790/sudo-command-trying-to-search-for-hostname

https://www.sudo.ws/docs/man/1.8.15/sudoers.man/

图片from coolshell – 陈皓,左耳朵耗子一路走好

 

Comments are closed.