sudo: Error dropping capabilities, aborting in Linux Centos 5.3

For some reason I keep getting this error when trying to run a sudo command eg:

sudo -u someuser somecommand

sudo: Error dropping capabilities, aborting

My version of sudo is: sudo-1.6.9p17-3.el5_3.1 and I've heard that version 1.7 fixes everything.  The only thing is yum does not think sudo has any update.  I guess the new version has not been committed to the RPM repository yet.

This is really a huge and annoying bug, imagine if you have a backup script or something else that depends on sudo.   I should add that this is an OpenVZ container it's happening on, I am not sure if that is part of the issue.

This is obviously a bug with sudo and hopefully the error will be fixed soon with a new version/update of sudo by the Centos team.

Solution

(it seems that some have said this is because the OpenVZ host does not have auditing in the kernel, it still seems that the sudo maintainers should be able to avoid this bug if it detects no audit capabilities though).

 

 wget http://mirror.centos.org/centos/5.3/os/SRPMS/sudo-1.6.9p17-3.el5.src.rpm

 rpm -ivh sudo-1.6.9p17-3.el5.src.rpm


error: cannot create %sourcedir /usr/src/redhat/SOURCES

mkdir -p /usr/src/redhat/SOURCES
rpm -ivh sudo-1.6.9p17-3.el5.src.rpm


vi /usr/src/redhat/SPECS/sudo.spec

Replace:


BuildRequires: audit-libs-devel libcap-devel

with

BuildRequires: libcap-devel

Change "--with-ldap" to "--with-ldap \" and add below it:
--without-audit


For these steps you need the "rpm-build" package.  Install it if you don't have the binary "rpmbuild" already.


rpmbuild -bb /usr/src/redhat/SPECS/sudo.spec

You'll get these errors unless you have the other required packages:

error: Failed build dependencies:
        pam-devel is needed by sudo-1.6.9p17-3.i386
        openldap-devel is needed by sudo-1.6.9p17-3.i386
        flex is needed by sudo-1.6.9p17-3.i386
        bison is needed by sudo-1.6.9p17-3.i386
        automake is needed by sudo-1.6.9p17-3.i386
        autoconf is needed by sudo-1.6.9p17-3.i386
        libtool is needed by sudo-1.6.9p17-3.i386
        libcap-devel is needed by sudo-1.6.9p17-3.i386


yum install pam-devel openldap-devel flex bison automake autoconf libtool libcap-devel


Try again:

rpmbuild -bb /usr/src/redhat/SPECS/sudo.spec

Install new/updated sudo package:

rpm -Uvh --force /usr/src/redhat/RPMS/i386/sudo-1.6.9p17-3.i386.rpm


Now sudo away :)

 


Tags:

sudo, capabilities, aborting, linux, centos, eg, someuser, somecommand, _, ve, fixes, yum, update, rpm, repository, openvz, container, auditing, kernel, maintainers, detects, audit, wget, http, org, os, srpms, src, ivh, sourcedir, usr, redhat, sources, mkdir, vi, specs, spec, buildrequires, libs, devel, libcap, quot, ldap, install, binary, rpmbuild, bb, ll, errors, packages, dependencies, pam, openldap, flex, bison, automake, autoconf, libtool, updated, uvh, rpms,

Latest Articles

  • Cisco Unified Communications Manager / CUCM IP 8.6,10,12 Install Error Solution
  • Ubuntu Debian Mint Linux SSHD OpenSSH Server Not Starting After Reboot Solution
  • nmap how to scan for all ports and not just the 1000 most common ports
  • Windows 7,8,10 and Server 2008, 2012, 2016, 2019 Read Only Attribute Won't Go Away
  • bind / named how to make a wildcard record and retain defined A records
  • Cisco Unified Communications Manager 12 Install Errors on Proxmox/KVM
  • Local Vs Universally Administered MAC Address NIC Refuses to come up
  • Cisco Unified Communications Manager 12 CUCM 12 - How To Enable Video Calling
  • Windows 7, 8, 10, Windows Server 2008, 2012, 2016, 2019 How To AC97 Audio Drivers and Other Unsigned Drivers
  • Cisco Unified Communications Manager / CUCM IP Telephony Definitions
  • tftp Linux xinetd verbose logging
  • Linux delete unused tap devices automatically
  • Linux qemu-kvm How To Enable Soundcard in Guestl
  • QEMU-KVM Windows and Server Guest Installs Mouse Tracking Pointer Location Solution
  • SSH Keep Alive To stop Disconnections
  • Linux How To Disable SATA NCQ For Better Performance
  • the sign-in method you're trying to use isn't allowed. For more info, contact your network administrator - solution for active directory
  • gsmartcontrol for Windows to Check the SMART S.M.A.R.T status
  • WebRTC Vulnerability Shows Local IP Address Even When Using a Proxy or VPN Firefox Fix And Disable Solution
  • chroot in Linux Howto Simple and Easy Guide