journalctl shows the problem with the auid and session values being 0xFFFFFFFF (-1) when calling a sudo command:
Aug 02 01:18:20 hephaestion.lan.iam.tj audit[5094]: USER_AUTH pid=5094 uid=1000 auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct="tj" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
and trying to tail syslog:
tj ~ tail -f /var/log/syslog tail: cannot open '/var/log/syslog' for reading: Permission denied tail: no files remaining
tj ~ ls -ld /var /var/log /var/log/syslog drwxr-xr-x 16 root root 4096 Apr 2 13:02 /var drwxrwxr-x 25 root syslog 4096 Aug 2 01:16 /var/log -rw-r----- 1 syslog adm 235432 Aug 2 01:31 /var/log/syslog
tj ~ groups $USER tj : tj root adm disk lp dialout cdrom floppy sudo audio video plugdev users netdev lpadmin kvm libvirtd wireshark lxd libvirtd
tj ~ groups tj
journalctl shows the problem with the auid and session values being 0xFFFFFFFF (-1) when calling a sudo command:
Aug 02 01:18:20 hephaestion. lan.iam. tj audit[5094]: USER_AUTH pid=5094 uid=1000 auid=4294967295 ses=4294967295 msg='op= PAM:authenticat ion acct="tj" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
and trying to tail syslog:
tj ~ tail -f /var/log/syslog
tail: cannot open '/var/log/syslog' for reading: Permission denied
tail: no files remaining
tj ~ ls -ld /var /var/log /var/log/syslog
drwxr-xr-x 16 root root 4096 Apr 2 13:02 /var
drwxrwxr-x 25 root syslog 4096 Aug 2 01:16 /var/log
-rw-r----- 1 syslog adm 235432 Aug 2 01:31 /var/log/syslog
tj ~ groups $USER
tj : tj root adm disk lp dialout cdrom floppy sudo audio video plugdev users netdev lpadmin kvm libvirtd wireshark lxd libvirtd
tj ~ groups
tj