Running sudo in SSH asks me a password + new group "admins" in nextcloud

:uk:/:us: English

(french version below)

My YunoHost server

Hardware: Old laptop running Yunohost in Virtualbox
YunoHost version: 11.1.0.2 testing (following the bug of distribution of testing version in stable branche)
I have access to my server : Through SSH for the moment | direct access via keyboard / screen in 2 days, idem for webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes, modified mail configuration to use my ISP SMTP relay

Description of my issue

Hi all,
I run an update yesterday evening (around 22:50). This morning I saw I got a mail from my Nextcloud app (23:15) addressed to me as user (not root/admin) saying "An administrator added you to the group ‘admins’ " (the s at the end is not an error).
I found that weird and tried to connect to my server via SSH as ‘admin’, no problem to enter the passphrase, however when I run a “sudo” command, I’m asked to enter a password, and I have to give the password of the admin user (not the SSH passphrase).

I also connected myself to my nextcloud account and checked the admin parameters, I now have two groups : ‘admin’ and ‘admins’ (I am in both), and a (probably new) user called ‘admin’ who is only in ‘admins’ group.

So two problems :

  • I can’t use sudo in SSH cli without entering password : is it a normal new feature ? Is it linked to testing version?
  • I have a new group in nextcloud called ‘admins’ and a new user called ‘admin’ : do I have to worry of an intrusion or is it normal stuff following a nextcloud update? (I did not update nextcloud yesterday…)

I can share logs if necessary, but I dont know wich ones. I found this one, probably it means it is normal I got a new admins group:

root@lourdelet:/var/log/yunohost/categories/operation# cat 20221104-214232-user_group_update-admins.log
2022-11-04 22:42:32,331: DEBUG - The permission database has been resynchronized
2022-11-04 22:42:32,475: DEBUG - La configuration de SSOwat a été regénérée
2022-11-04 22:42:32,484: SUCCESS - Le groupe 'admins' a été mis à jour
2022-11-04 22:42:32,655: DEBUG - The permission database has been resynchronized
2022-11-04 22:42:32,807: DEBUG - La configuration de SSOwat a été regénérée
2022-11-04 22:42:32,816: SUCCESS - Le groupe 'admins' a été mis à jour

And auth.log if usefull, at hour of nextcloud modification:

Nov  4 23:10:01 lourdelet CRON[6737]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Nov  4 23:10:23 lourdelet CRON[6737]: pam_unix(cron:session): session closed for user root
Nov  4 23:15:01 lourdelet CRON[6753]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Nov  4 23:15:01 lourdelet CRON[6754]: pam_unix(cron:session): session opened for user nextcloud(uid=998) by (uid=0)
Nov  4 23:15:01 lourdelet CRON[6753]: pam_unix(cron:session): session closed for user root
Nov  4 23:15:03 lourdelet CRON[6754]: pam_unix(cron:session): session closed for user nextcloud
Nov  4 23:17:01 lourdelet CRON[6770]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Nov  4 23:17:01 lourdelet CRON[6770]: pam_unix(cron:session): session closed for user root

Thanks a lot for your answers,
Louis


:fr: Français

Description du problème

Bonjour à tous,
J’ai mis à jour mon système hier soir (pas les app donc pas nextcloud), et j’ai reçu 30 minutes après un mail de Nextcloud me disant : "un administrateur vous a ajouté au groupe ‘admins’ ". Un peu étonné par ce message, je me connecte en SSH ce matin, connexion OK mais je dois rentrer mon mot de passe admin pour pouvoir exécuter une commande sudo (ça ne m’arrivait jamais avant). Je checke sur nextcloud la liste des utilisateurs, je me retrouve avec ça, un nouvel utilisateur admin (en tous cas ça me disait rien), qui fait partie d’un groupe ‘admins’ :

  • Est-ce normal que je doive désormais mettre mon mdp en ssh pour exécuter sudo ? est-ce lié au passage par erreur en version ‘testing’ ?
  • Est-ce que je dois m’inquiéter de la création de ce nouveau groupe / user sur nextcloud ?

Merci d’avance pour vos réponses, et dites-moi s’il y a besoin de récupérer davantage d’infos des logs.

Louis

Yes this is related to the testing and yes this is expected

Yes this is also a side-effect of the testing

1 Like

thanks a lot !

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.