Skip to main content

Identifying Sudo Operation Failures Caused by External Applications (KBA1320)




In Sudo 1.8, Sudo introduced a plugin architecture for policy and logging operations. Policy plugins, in particular, have the potential to cause sudo to fail in new and unique ways. These failures can present primary failures in Delphix operations with starting/stopping VDBs, etc. or can result in secondary failures like successfully unmounting but leaving behind directories that should have been removed. 

Privilege Manager

Privilege Manager is a product that was created by Quest and is currently owned by Dell. The core of the product, as it applies to sudo, is that there is a centralized policy and administration server that sudo communicates with.

In the event that the server is down or something is wrong with the Privilege Manager infrastructure, you may receive an error of the sort:

ERROR : Details : Trying "umount" using sudo - pmplugin6.0.0 (027): 432(ACT_SENDINFO_1) - upmSocSend10 -- Unsuccessful;pmplugin6.0.0 (027): 3004.01 Lost connection with server;Trying "umount" using pfexec - nfs umount: insufficient privileges;Trying "umount" directly - nfs umount: insufficient privileges;Request rejected by Privilege Manager;

*Note the pmplugin6.0.0 portion of the umount error message. Sudo has been configured and working properly on this system but inability to communicate with the policy server can result in persistent or intermitent failures in sudo commands.

Errors may also manifest as directories not being empty if rmdir had failed, stop failures if umount fails, etc.