Bug 401201 - sudo complains: audit_log_user_command(): Connection refused
Summary: sudo complains: audit_log_user_command(): Connection refused
Alias: None
Product: Fedora
Classification: Fedora
Component: sudo
Version: 8
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2007-11-27 16:02 UTC by Pete Wyckoff
Modified: 2010-06-22 05:18 UTC (History)
10 users (show)

Fixed In Version: 1.6.9p4-3.fc8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-09-03 09:41:13 UTC
Type: ---

Attachments (Terms of Use)
new sudo-1.6.9p13-audit.patch (12.77 KB, patch)
2008-06-13 13:49 UTC, Daniel Drake
no flags Details | Diff
interdiff (558 bytes, text/plain)
2008-06-13 13:50 UTC, Daniel Drake
no flags Details

Description Pete Wyckoff 2007-11-27 16:02:30 UTC
Description of problem:
sudo complains if auditd is not running, but still works.  It says
audit_log_user_command(): Connection refused

Version-Release number of selected component (if applicable):

How reproducible:
every time

Steps to Reproduce:
run sudo successfully

Suggest removing the perror("audit_log_user_command()") in audit_logger()
in the patch sudo-1.6.9p4-audit.patch.  Sites that do not run auditd will
thus not be bothered with the error message every time.

Comment 1 Peter Vrabec 2008-01-08 10:44:07 UTC
This problem should be fixed in sudo-1.6.9p4-3.fc8.

Comment 2 Fedora Update System 2008-01-11 22:29:26 UTC
sudo-1.6.9p4-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 3 Albert Sidelnik 2008-01-13 07:15:11 UTC
Just updated to sudo-1.6.9p4-3.fc8  and I am still seeing 
"audit_log_user_command(): Connection refused"

Comment 4 Pete Wyckoff 2008-01-16 14:55:32 UTC
Yup, still complains in 1.6.9p4-3.fc8 on x86_64.  Even though the
netlink socket create works, a write may fail if no daemon is
listening.  Just ignore ECONNREFUSED too, or all errors for that

Comment 5 Askar Ali Khan 2008-01-24 14:24:47 UTC
today i have upgraded one of f7 to f8 running as virtual machine (UML) and i am
getting the same error 'audit_log_user_command(): Connection refused' any fix
for that ?

sudo-1.6.9p4-3.fc8 is installed.


Comment 6 Askar Ali Khan 2008-02-18 17:11:42 UTC
I don't know its relevant or not we have fixed the sudo error
'audit_log_user_command(): Connection refused' by compiling kernel 2.6.23 and
enabled AUDITD support by 'CONFIG_AUDIT=y' 

sudo not any more complaining even if auitd is not running. However we where
using the old kernel (for all our UML hosts) on fedora 6 , Fedora 7 and sudo was
fine it start complaining after upgrading the hosts to fedora 8.


Comment 7 Jameel Gbajabiamila 2008-04-13 21:49:42 UTC
I am still getting this error on 1.6.9p4-4.fc8 

Comment 8 Trevor Rowe 2008-05-07 15:52:51 UTC
I upgraded from fedora6 to fedora8.  I am using version 1.6.9p4-4.fc8 (32 bit)
and I am still getting the complaint.  

Comment 9 Tarhon-Onu Victor 2008-05-31 07:21:50 UTC
The annoying connection error to auditd is still there in the latest updates too:

blackblue 10:20:12 (Mituc):~>cat /etc/redhat-release 
Fedora release 8 (Werewolf)
blackblue 10:20:15 (Mituc):~>sudo /bin/true
audit_log_user_command(): Connection refused
blackblue 10:20:19 (Mituc):~>rpm -q sudo

Comment 10 Andrew Burgess 2008-06-12 17:07:33 UTC
(In reply to comment #1)
> This problem should be fixed in sudo-1.6.9p4-3.fc8.

I am unable to change the "Fixed In" field so I'm wondering if the assignee Peter 
Vrabec knows that it is still a problem.

I'll try reassigning to the same guy...

Comment 11 Daniel Drake 2008-06-13 13:49:15 UTC
Created attachment 309211 [details]
new sudo-1.6.9p13-audit.patch

This was supposedly fixed in version 1.6.9p4-5 but I can't find any changes
that were actually made in that version except a changelog entry and a version
number change. (but then again I'm not very good with CVS)

Here's an updated version of sudo-1.6.9p13-audit.patch which adds in a check
for ECONNREFUSED. I've tested it and it does solve the issue (which indeed only
appears when you disable CONFIG_AUDIT, it's enabled by default in fedora
kernels but not in OLPC kernels).

Comment 12 Daniel Drake 2008-06-13 13:50:27 UTC
Created attachment 309212 [details]

interdiff output showing the changes that I made to the patch

Comment 13 Ed Swierk 2008-07-23 22:05:08 UTC
sudo-1.6.9p13-4.fc9 and sudo-1.6.9p17-1.fc10 still have this problem, and the
attached patch (interdiff) fixes it.

Comment 14 Peter Vrabec 2008-09-02 13:47:06 UTC
Daniel, I would suggest to change the patch.

- if( err <= 0 && !(errno == EPERM && getuid() != 0) )
+ if( err <= 0 && !((errno == EPERM && getuid() > 0) || errno == ECONNREFUSED )

Comment 15 Daniel Drake 2008-09-02 15:29:12 UTC
Sounds fine to me. OLPC no longer use this sudo package so it's not an issue for us any more...

Comment 16 Peter Vrabec 2008-09-03 09:41:13 UTC
fixed in sudo-1_6_9p17-2_fc10

Comment 17 Dmitry Goryainov 2009-12-28 09:43:16 UTC
sudo-1.6.9p17-5.el5 have this problem

Comment 18 sharp 2010-02-11 14:09:16 UTC
confirming problem with sudo-1.6.9p17-5.el5

Comment 19 Serg 2010-06-22 05:18:50 UTC
same problem solved by yum update sudo

Note You need to log in before you can comment on or make changes to this bug.