sudo sending annoying alerts: issue with defaults entries

Solution 1:

Solution

This problem is caused by sudo looking for directives in a place it cannot find them: sss. Check the /etc/nsswitch.conf file and modify the sudoers entry.

sudoers:        files sss

The sss should not be there. The sssd-ad package adds itself there, but very few environments store sudoers directives in sss. It’s far more likely your directives are local, so you should have a /etc/nsswitch file entry like the following:

sudoers:        files

References

A user of RHEL6 had the same issue. https://bugzilla.redhat.com/show_bug.cgi?id=879633
The issue is solvable, including on Ubuntu 16.04 https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777
https://bgstack15.wordpress.com/2016/06/06/solve-sudo-sending-useless-emails-problem-with-defaults-entries/

Solution 2:

Be aware, the accepted Solution will only take care of shutting up the emails when you're not actually using sudoers capabilities of sssd.

It's working around the problem until the next update of sssd-ad, and it will start sending again at the next update. I believe the packagers are looking into solving this clobbering of nsswitch directives.

When you DO want to use sudoers entries from AD/freeIPA, read on:

When you've got an actual upstream provider for sudo directives, you should set this:

$ grep -A 1 "[sssd]" /etc/sssd/sssd.conf
[sssd]
services = nss, sudo, pam, ssh

This will sadly not stop messages being send while freeipa-client installs. Still working on this. If i find something i'll add here

Solution 3:

This is a symptom that sssd is not reachable.

If you aren't using sssd, the accepted answer is good, and you should follow it and remove sssd from /etc/nsswitch.

But if you are using freeipa, or redhat ipa, or similar, then you need sssd, so don't touch /etc/nsswitch.

Instead, make sure that sssd is running and is happy.

Start with:

systemctl status sssd
systemctl restart sssd

If that doesn't fix it (did for me), then check for clues in /var/log/secure.