Password for sudo not working once in a while

I am seeing a very strange behavior on my manjaro system

once in a while (every couple of weeks) the password of my main user does not work any longer spontaneously.

This happens in the cli when trying to execute any command via sudo. First u think of a misspelling naturally, but it isn’t. I can not login with that password neither after this has occurred. The dirty fix is to reset the users password via sudo su && passwd [username]

This is pretty weird and probably should be worrying.

Did anybody encounter such behavior? I can not think of any logical explanation other then a buggy password expiration setting (which I have not set up consciously) which might not prompt you for a new password. If such exists I’d be interested on how to adjust such a preference

I have been using Manjaro for 5 years - never had the issue you describe.

It’s impossible to guess - but I am quite sure it is not a generic system issue - more likely a local issue.

Adding to the above - if it was the case - don’t you think the forum would be flooded with issues about it?

1 Like

Look into faillock and check if it’s been triggered somehow:

$ faillock

There have been sporadic reports in the past

  • sometimes users triggered it themselves but failed to notice until faillock was mentioned
    • failed ssh logins (using password) count
  • sometimes fingerprint sensors interfere
  • I remember a case where a specific program triggered the locking, but cannot find the thread atm

edit: adjusted title as there is no “sudo user” and sudo requires current users password (unless explicitly configured another way)

1 Like

i have faced the same issue but i restart my laptop when it happens and then the password works. It also happens to me once every couple of weeks

1 Like

As a consequence of the issue at hand here faillock kicks in, but it is not the issue itself.

The issue itself is that the password of a particular user stops working sporadically. Never on system start though, always while a session is going.

Yes.

faillock gets triggered and causes the password (rather authentication) not to work.
One can use

$ faillock --reset

to reset and get the password to work again.

The underlying issue can vary - I mentioned several (known) causes in the very post you quoted from.

2 Likes

nothing in logs ? here we not have good info…

 journalctl -t sudo --no-hostname --no-pager -p3 --since "-30days"

example:

oct. 31 18:44:58 sudo[48536]: pam_unix(sudo:auth): conversation failed
oct. 31 18:44:58 sudo[48536]: pam_unix(sudo:auth): auth could not identify password for [patrick]
oct. 31 18:45:00 sudo[48536]:  patrick : 2 incorrect password attempts ; TTY=pts/0 ; PWD=/home/Data/Patrick/workspace/go/logs/makelogs ; USER=root ; COMMAND=ls /root

only for info,
since last update we have log_subcmds in sudoers for more sudo infos in logs

man:

log_subcmds

If set, sudoers will log when a command spawns a child process and executes a program using the execl(), execle(), execlp(), execv(), execve(), execvp(), or execvpe() library functions. For example, if a shell is run by sudo, the individual commands run via the shell will be logged. This flag is off by default.

I had a similar “sudo does not work” problem which I could solve following way:

  1. login as Super User per CLI

su

  1. type

visudo -c

in my case this resulted in a message that user rights are set incorrect for file

/etc/sudoers.d/ctdb

rights should be set to 0440 per command:

chmod 0440 /etc/sudoers.d/ctdb

then exit the SU shell per

exit

this solved the issue for me
you can test it now without reboot in your normal terminal shell