<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello James, <br>
</p>
<p>thank you for your help, that file was existing and containes the
lines you mentioned.</p>
<p>I found the problem earlier today. <br>
</p>
<p>In the postinst script of plinth i found: <br>
</p>
<p># Due to a change in sudo, now it runs PAM modules even on
password-less<br>
# invocations. This leads to plinth not being able to run root
privileges. This<br>
# is because of our own restrictions in /etc/security/access.conf.
Since Plinth<br>
# is locked out after upgrade, we need to do this in postinst.<br>
sed -i 's+-:ALL EXCEPT root fbx (admin) (sudo):ALL+-:ALL EXCEPT
root fbx plinth (admin) (sudo):ALL+' /etc/security/access.conf<br>
<br>
</p>
<p>however, the sed line was not correctly executed it seems, as the
lines it probably should remove from access.conf were still there
in my configuration.</p>
<p>I've removed these lines, now everything is working as expected.</p>
<p>Oh and, the sed line is supposed to remove the text, right? ;)</p>
<p><br>
</p>
<p>Thanks!</p>
<p>Dieter<br>
</p>
<div class="moz-cite-prefix">On 11/08/2019 17:40, James Valleroy
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:f6f97eab-c53a-0155-5ecf-3572850ad823@mailbox.org">
<pre class="moz-quote-pre" wrap="">On 8/10/19 12:07 PM, Dieter wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">in/plinth[2419]: Executing command - ['sudo', '-n',
'/usr/share/plinth/actions/service', 'reload', 'avahi-daemon']
223]: pam_access(sudo:account): access denied for user `plinth' from `'
223]: pam_access(sudo:account): access denied for user `plinth' from `'
223]: plinth : PAM account management error: Permission denied ;
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Could you please check that this file exists?
$ sudo cat /etc/sudoers.d/plinth
#
# Allow plinth user to run plinth action scripts with superuser privileges
# without needing a password.
#
plinth ALL=(ALL:ALL) NOPASSWD:/usr/share/plinth/actions/*
#
# On FreedomBox, allow all users in the 'admin' LDAP group to execute
# commands as root.
#
%admin ALL=(root) ALL
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Freedombox-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freedombox-discuss@alioth-lists.debian.net">Freedombox-discuss@alioth-lists.debian.net</a>
<a class="moz-txt-link-freetext" href="https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss">https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss</a></pre>
</blockquote>
</body>
</html>