Solve sudo sending useless emails “problem with defaults entries”

sudo problem with defaults entries

I ran into a problem on my Ubuntu 16.04 Server LTS instance.

Whenever a user (whether sssd-ad authenticated user, or local user, or root) uses sudo, it works. But it also sends the administrator a useless email:

host1.example.com : Jun  6 14:40:44 : root : problem with defaults entries ; TTY=pts/2 ; PWD=/root ;

I started removing the defaults entries in /etc/sudoers (using the visudo) command one by one, but after removing them all it still sent the annoying emails. Here are the defaults I was working from:

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

How do I make sudo stop sending me useless emails?

This problem is caused by sudo looking for directives in a place it cannot find them: sss.
Check the /etc/nsswitch.conf file and modify the sudoers entry.

sudoers:        files sss

The sss should not be there. The sssd-ad package adds itself there, but very few environments store sudoers directives in sss. It’s far more likely your directives are local, so you should have a /etc/nsswitch file entry like the following:

sudoers:        files

References

A user of RHEL6 had the same issue. https://bugzilla.redhat.com/show_bug.cgi?id=879633
The issue is solvable, including on Ubuntu 16.04 https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777

Advertisements

3 thoughts on “Solve sudo sending useless emails “problem with defaults entries”

  1. Perfect! Thank you – I’ve been trying everything to stop my system doing the same. Your post has fixed it 🙂

  2. TL;DR: if aws, make sure your aws host name is in /etc/host as 127.0.0.1. Might apply to others, I can’t tell.

    This post still comes up as the first search result for this problem. I had a variation of this problem that manifested exactly the same except that there was one more problem.

    Instance:
    ubuntu 18.04 running on aws (important, I think.)

    Problem:
    As listed, stupid extra email.

    Further Determination:
    Looking in /var/log/auth.log, found these three lines for every sudo request

    Nov 24 14:38:29 ip-172-31-xxx-yyy sudo: ubuntu : unable to resolve host ip-172-31-xxx-yyy
    Nov 24 14:38:29 ip-172-31-xxx-yyy sudo: ubuntu : problem with defaults entries ; TTY=pts/0 ; PWD=/var/log ; USER=root ;
    Nov 24 14:38:29 ip-172-31-xxx-yyy sudo: ubuntu : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/bin/nano /etc/nsswitch.conf

    Solution:
    The first line ended up being the problem. I added 127.0.0.1 ip-172-31-xxx-yyy to the /etc/hosts file, rebooted.

    Result:
    All the stupid emails and extra lines in auth.log (ubuntu: unable… and ubuntu: problem with…) stopped.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.