{{tag>Brouillon Pb sudo CA}} # Pb sudo - Lenteur sudo Voir * La machine doit pouvoir pinguer son hostname * ''ping $(hostname -s)'' * ''ping $(hostname -f)'' * ''UseDNS no'' dans ''/etc/ssh/sshd_config'' * ''GSSAPIAuthentication no'' dans ''/etc/ssh/sshd_config'' * Connexion LDAP / Service sssd - Si sssd stop est-ce OK ? * ''systemctl stop sssd'' * ''ps -ef | grep sssd'' * Les commandes suivantes fonctionnent-elles ? Si non voir Err timeout org.freedesktop.login1 * ''hostnamectl'' * ''timedatectl'' ## Lenteur sudo - Err timeout org.freedesktop.login1 ''Failed to activate service 'org.freedesktop.login1': timed out'' ~~~ # strace -f sudo su -c ls recvmsg(4, {msg_namelen=0}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable) ppoll([{fd=4, events=POLLIN}], 1, {tv_sec=24, tv_nsec=999821000}, NULL, 8) = 1 ([{fd=4, revents=POLLIN}], left {tv_sec=24, tv_nsec=999682934}) recvmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\2\1\1\n\0\0\0\1\0\0\0=\0\0\0\6\1s\0\5\0\0\0", iov_len=24}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24 recvmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=":1.10\0\0\0\5\1u\0\1\0\0\0\10\1g\0\1s\0\0\7\1s\0\24\0\0\0"..., iov_len=66}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 66 sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\1\0\1p\0\0\0\2\0\0\0\230\0\0\0\1\1o\0\27\0\0\0/org/fre"..., iov_len=168}, {iov_base="\0\0\0\0\2373\0\0\4\0\0\0sudo\0\0\0\0\3\0\0\0tty\0\4\0\0\0"..., iov_len=112}], msg_iovlen=2, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 280 recvmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\4\1\1\n\0\0\0\2\0\0\0\215\0\0\0\1\1o\0\25\0\0\0", iov_len=24}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24 recvmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="/org/freedesktop/DBus\0\0\0\2\1s\0\24\0\0\0"..., iov_len=146}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 146 recvmsg(4, {msg_namelen=0}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable) ppoll([{fd=4, events=POLLIN}], 1, {tv_sec=24, tv_nsec=999873000}, NULL, 8 ^Cstrace: Process 13215 detached ~~~ ~~~ # journalctl -f Jan 16 10:56:42 SRV_01 dbus[7464]: [system] Failed to activate service 'org.freedesktop.login1': timed out Jan 16 10:56:42 SRV_01 sudo[10716]: pam_systemd(sudo:session): Failed to create session: Failed to activate service 'org.freedesktop.login1': timed out Jan 16 10:56:42 SRV_01 sudo[10716]: pam_unix(sudo:session): session opened for user root by admin(uid=0) Jan 16 10:56:42 SRV_01 su[12341]: (to root) admin on none Jan 16 10:56:42 SRV_01 dbus[7464]: [system] Activating via systemd: service name='org.freedesktop.login1' unit='dbus-org.freedesktop.login1.service' Jan 16 10:57:07 SRV_01 dbus[7464]: [system] Failed to activate service 'org.freedesktop.login1': timed out Jan 16 10:57:07 SRV_01 su[12341]: pam_systemd(su:session): Failed to create session: Failed to activate service 'org.freedesktop.login1': timed out Jan 16 10:57:07 SRV_01 su[12341]: pam_unix(su:session): session opened for user root by admin(uid=0) Jan 16 10:57:07 SRV_01 su[12341]: pam_unix(su:session): session closed for user root Jan 16 10:57:07 SRV_01 sudo[10716]: pam_unix(sudo:session): session closed for user root ~~~ ### Solution ~~~bash # systemctl daemon-reexec systemctl restart systemd-logind ~~~ ## Cleanup abandoned sessions from systemd ** A tester ** Source https://github.com/systemd/systemd/issues/1961 Delete session files ~~~bash find /run/systemd/system -name "session-*.scope" -delete ~~~ Delete session directories ~~~bash rm -rf /run/systemd/system/session*scope* ~~~ Remove the abandoned sessions ~~~bash systemctl | grep "abandoned" | grep -e "-[[:digit:]]" | sed "s/\.scope.*/.scope/" | xargs systemctl stop ~~~ ## Autre ~~~bash systemctl list-units --state=abandoned -t scope --no-legend ~~~