Versions 1.8.4 and higher of the sudoers
plugin support a flexible
debugging framework that can help track down what the plugin is
doing internally if there is a problem. This can be configured in
the sudo.conf(5) file.
The sudoers
plugin uses the same debug flag format as the sudo
front-end: subsystem@priority.
The priorities used by sudoers
, in order of decreasing severity,
are: crit, err, warn, notice, diag, info, trace and debug. Each
priority, when specified, also includes all priorities higher than
it. For example, a priority of notice would include debug messages
logged at notice and higher.
The following subsystems are used by the sudoers
plugin:
alias User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias
processing
all matches every subsystem
audit BSM and Linux audit code
auth user authentication
defaults sudoers file Defaults settings
env environment handling
ldap LDAP-based sudoers
logging logging support
match matching of users, groups, hosts and netgroups in the
sudoers file
netif network interface handling
nss network service switch handling in sudoers
parser sudoers file parsing
perms permission setting
plugin The equivalent of main for the plugin.
pty pseudo-terminal related code
rbtree redblack tree internals
sssd SSSD-based sudoers
util utility functions
For example:
Debug sudoers.so /var/log/sudoers_debug match@info,nss@info
For more information, see the sudo.conf(5) manual.