sudo: Error dropping capabilities, aborting in Linux Centos 5.3

For some reason I keep getting this error when trying to run a sudo command eg:

sudo -u someuser somecommand

sudo: Error dropping capabilities, aborting

My version of sudo is: sudo-1.6.9p17-3.el5_3.1 and I've heard that version 1.7 fixes everything.  The only thing is yum does not think sudo has any update.  I guess the new version has not been committed to the RPM repository yet.

This is really a huge and annoying bug, imagine if you have a backup script or something else that depends on sudo.   I should add that this is an OpenVZ container it's happening on, I am not sure if that is part of the issue.

This is obviously a bug with sudo and hopefully the error will be fixed soon with a new version/update of sudo by the Centos team.

Solution

(it seems that some have said this is because the OpenVZ host does not have auditing in the kernel, it still seems that the sudo maintainers should be able to avoid this bug if it detects no audit capabilities though).

 

 wget http://mirror.centos.org/centos/5.3/os/SRPMS/sudo-1.6.9p17-3.el5.src.rpm

 rpm -ivh sudo-1.6.9p17-3.el5.src.rpm


error: cannot create %sourcedir /usr/src/redhat/SOURCES

mkdir -p /usr/src/redhat/SOURCES
rpm -ivh sudo-1.6.9p17-3.el5.src.rpm


vi /usr/src/redhat/SPECS/sudo.spec

Replace:


BuildRequires: audit-libs-devel libcap-devel

with

BuildRequires: libcap-devel

Change "--with-ldap" to "--with-ldap \" and add below it:
--without-audit


For these steps you need the "rpm-build" package.  Install it if you don't have the binary "rpmbuild" already.


rpmbuild -bb /usr/src/redhat/SPECS/sudo.spec

You'll get these errors unless you have the other required packages:

error: Failed build dependencies:
        pam-devel is needed by sudo-1.6.9p17-3.i386
        openldap-devel is needed by sudo-1.6.9p17-3.i386
        flex is needed by sudo-1.6.9p17-3.i386
        bison is needed by sudo-1.6.9p17-3.i386
        automake is needed by sudo-1.6.9p17-3.i386
        autoconf is needed by sudo-1.6.9p17-3.i386
        libtool is needed by sudo-1.6.9p17-3.i386
        libcap-devel is needed by sudo-1.6.9p17-3.i386


yum install pam-devel openldap-devel flex bison automake autoconf libtool libcap-devel


Try again:

rpmbuild -bb /usr/src/redhat/SPECS/sudo.spec

Install new/updated sudo package:

rpm -Uvh --force /usr/src/redhat/RPMS/i386/sudo-1.6.9p17-3.i386.rpm


Now sudo away :)

 


Tags:

sudo, capabilities, aborting, linux, centos, eg, someuser, somecommand, _, ve, fixes, yum, update, rpm, repository, openvz, container, auditing, kernel, maintainers, detects, audit, wget, http, org, os, srpms, src, ivh, sourcedir, usr, redhat, sources, mkdir, vi, specs, spec, buildrequires, libs, devel, libcap, quot, ldap, install, binary, rpmbuild, bb, ll, errors, packages, dependencies, pam, openldap, flex, bison, automake, autoconf, libtool, updated, uvh, rpms,

Latest Articles

  • How to install Windows or other OS and then bring to another computer by using a physical drive and Virtual Machine with QEMU
  • PXE-E23 Error BOOTx64.EFI GRUB booting is 0 bytes tftp pxe dhcp solution NBP filesize is 0 Bytes
  • vagrant install on Debian Mint Ubuntu Linux RHEL Quick Setup Guide Tutorial
  • RHEL 8 CentOS 8, Alma Linux 8, Rocky Linux 8 System Not Booting with RAID or on other servers/computers Solution for dracut and initramfs missing kernel modules
  • How to Upgrade to Debian 11 from Version 8,9,10
  • Ubuntu Linux Mint Debian Redhat Cannot View Files on Android iPhone USB File Transfer Not Working Solution
  • Virtualbox Best Networking Mode In Lab/Work Environment without using NAT Network or Bridged
  • debootstrap how to install Ubuntu, Mint, Debian install
  • Linux grub not using UUID for the root device instead it uses /dev/sda1 or other device name solution
  • How To Restore Partition Table on Running Linux Mint Ubuntu Debian Machine
  • Debian Ubuntu apt install stop daemon questions/accept the default action without prompting
  • iptables NAT how to enable PPTP in newer Debian/Ubuntu/Mint Kernels Linux
  • Grandstream Phone Vulnerability Security Issue Remote Backdoor Connection to 207.246.119.209:3478
  • Linux How to Check Which NIC is Onboard eth0 or eth1 Ubuntu Centos Debian Mint
  • VboxManage VirtualBox NAT Network Issues Managment Troubleshooting
  • Dell PowerEdge Server iDRAC Remote KVM/IP Default Username, Password Reset and Login Information Solution
  • Nvidia Tesla GPUs K40/K80/M40/P40/P100/V100 at home/desktop hacking, cooling, powering, cable solutions Tutorial AIO Solutions
  • Stop ls in Linux Debian Mint CentOS Ubuntu from applying quotes around filenames and directory names
  • Thunderbird Attachment Download Error Corrupt Wrong filesize of 29 or 27 bytes Solution
  • Generic IP Camera LAN Default IP Settings DVR