Ubuntu
sudo package

sudo: unable to cache group

Asked by Greg Michael

I am seeking some help with a legacy Ubuntu 10.04.4 LTS Lucid installation.

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04.4 LTS"

2.6.32-24-server #43-Ubuntu SMP Thu Sep 16 16:05:42 UTC 2010 x86_64 GNU/Linux

We are getting the "sudo: unable to cache group" error when using our sudo utility. User does not matter - this happens with the root user too.

Our currently installed version of sudo is:
Package: sudo
State: installed
Automatically installed: no
Version: 1.7.2p1-1ubuntu5.8

It would appear that sudo-ldap is not installed on this system - unsure if it needs to be or should be?
Package: sudo-ldap
New: yes
State: not installed
Version: 1.7.2p1-1ubuntu5.8

As far as I can tell, this is the most current version for these packages for the 10.04.4 release. I will be right up front and say that I have little to no experience with Ubuntu - this was an inherited system. My goal is to resolve the issue with the sudo privileges on the machine.

Is there a fix for this problem? Are there other, newer versions of sudo and sudo-ldap that I should install? Please keep in mind that this is a legacy production system, so making changes has to be coordinated and approved through the normal change management process.

Thanks in advance for any help that you can provide!

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu sudo Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
arochester (arochester) said : 		#1

Ubuntu 10.04.4 LTS has reached the end of its life

May 9, 2013 (Desktop) April 30, 2015 (Server)

You need a new install.

Revision history for this message
Greg Michael (greg-michael) said : 		#2

Thanks, but maybe I wasn't clear enough in my initial post - upgrading is not an option. This server is being left to run out its life, hence the "legacy" tag. All I need is to "fix" the sudo problem I'm experiencing. If this means backing down to a prior released version of the sudo package that is perfectly acceptable.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#3

Lucid is EOL and not supported in any way by Canonical or the Ubuntu community. Please upgrade to a supported version for continuing support. Thanks

Revision history for this message
Manfred Hampl (m-hampl) said : 		#4

You cannot expect any further support for Ubuntu 10.04

This version is in end of live status and will not receive any bug fixes or error corrections any more, not even for critical vulnerabilities like heartbleed, shellshock and similar problems that were in the news in the past months.

If you decide to continue using this version, you have to be aware of the risks.

Why can't you upgrade to a supported version?

Googling for "sudo: unable to cache group" brings up some hits were the cause was duplicate user id or group id numbers. Does "sudo pwck" or "sudo grpck" show any error?

Revision history for this message
Greg Michael (greg-michael) said : 		#5

I fully understand that this version of the OS is end of life - believe me, if I could get rid of it, I'd be on it. I'm not the one that gets to make the decision about upgrading or replacing.

That said...

I did Google the error, and none of the hits that I got applied to my situation. This server is using CentrifyDC to allow us to link directly to our Active Directory infrastructure for authentication. The error is being generated for an AD group that is referenced in the sudoers file using the "%" prefix. There are no duplicated entries for the group in /etc/sudoers, and the GID of the group is a randomly generated 10-digit number as created by Centrify. The AD group does not exist in the local /etc/group file. There are no duplicated users or groups in the local /etc/passwd and /etc/group files. There are numerous entries in the /etc/sudoers file for other AD groups that have multiple individual entries, and they do not generate this error.

The AD group name for this problem in the sudoers file is "Role-Translations_XTM_Contractors." As long as there is only one entry in the file for this group, the sudo utility has no problem with it. As soon as there are 2 or more entries, that's when the "unable to cache group" error gets reported.

I need to be clear: I am not expecting a patch or bug fix to be created. I'm looking for any existing (obviously old) patches or package versions that might be related to the issue. This is a legacy server, and as such, best effort is all that can be expected.

Revision history for this message
Greg Michael (greg-michael) said : 		#6

Forgot add, the sudp pwck and sudo grpck both report the "unable to cache group" error, but nothing else.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#7

We cannot support your release any more

Can you help with this problem?

Provide an answer of your own, or ask Greg Michael for more information if necessary.

To post a message you must log in.