I've been picking up Linux (Fedora 10, then 11) over the past few months (and enjoying it immensely-- it's like discovering computers all over again, so many things to learn).
I've added my user to the last line of the /etc/sudoers file as shown below, so that I don't get asked for my password when I execute the sudo command:
MyUserName ALL=(ALL) NOPASSWD:ALL
Now every time I execute a command using sudo, it pauses a noticeable amount of time before actually performing the task (~10 seconds). Why might this be and how might I fix this? I'm running Sudo version 1.7.1 on Fedora 11 x86 64.
I asked this question over on SO and it got moved here. That said I no longer have the ability to edit the question as if I owned it, or even accept the correct answer, but this turned out to be the true reason why and how to solve it:
Found here User "rohandhruva" on there gives the right answer:
Check that your syslog daemon is working correctly; this caused the issue for me.
Run the following command
Does the command return within a reasonable amount of time?
Does 'Hello world' show up in
/var/log/syslog?If this is not the case, the syslog daemon has crashed. Restarting it should fix your problem.
Is one of the files/directories it needs to read on a networked mount, or is it somehow triggering reading from a slow usb device? Try strace and see where it's slow; if it goes by too fast, do
Each line will start with the time taken since entering the previous syscall.
(The initial sudo seems to be necessary; I don't know how much that will perturb the results.)
I recently found that I had the same problem. There had been no sudo delay and then all of a sudden, about a 10-20 second delay. I determined the specific issue using:
As yourself:
And then find where the system calls are hanging.
In MY case, I found that it was hanging on a DNS translation, apparently one of the DNSen in my list on
/etc/resolv.confwas very buzy or gone bad. So I changed the resolution order and poof things worked quickly again.I hade the same problem, I checked /var/log/auth.log and syslog for errors. Turns out that my LDAP server could not be reached and it slowed down everything.
I did not use LDAP based auth anymore, so I removed all "ldap" references from /etc/nsswitch.conf
Since then everything works like a charm again.
I'm not sure about Fedora, but I've used other systems where sudo would check where you're logged in from, which if your DNS isn't set up well can take ages to timeout. This can also be seen when SSH'ing in to the machine - it takes ages to come up with a prompt.
In my case, the hostname (that was configured in
/etc/sysconfig/network) didn't exist in/etc/hostsfile; so upon adding it to the aforementioned file, the file opens promptly.I had a similar problem, I fixed it by placing both the hostname (e.g. mybox) and the full output of the hostname command (mybox.mydomain.com). This cleared it right up. Went from 2 minutes to open /etc/hosts to instantaneous access.
SELinux case
If the same sudo command is slow only in a daemon and fast on the command line, then it is caused by SELinux the most probably. (SELinux = NSA Security-Enhanced Linux kernel module, enabled in Fedora by default.)
A typical case is a http server and a special script for server management, restricted in
sudoers:It is typical in this case that nothing about SELinux is reported in the audit log
ausearch -m avc -ts today, but the script is going fast if we temporarily disable enforcing bysetenforce 0. (and then back enable bysetenforce 1)The only relevant messages in the system log (journalcrl) are these after the delay 25 seconds:
Logging of all silented "dont-audit" SElinux messages can be enabled by
semodule -DBand disabled again bysemodule -B.(I hope that I write soon a SELinux policy module soon for this case here or a method from this answer can be used.)
Check your /etc/hosts file and make sure you have an entry for 127.0.0.1
(source)