psutils icon indicating copy to clipboard operation
psutils copied to clipboard

The "sudo" command just hangs on one of my machines

Open AnthonyMastrean opened this issue 10 years ago • 5 comments

I don't know what it is, but sudo hangs on one of my machines. I don't get any info and don't know what else to tell you. Sorry :(

Details

  • Windows 7 Pro 64-bit
  • UAC is on "default"

AnthonyMastrean avatar Feb 20 '14 23:02 AnthonyMastrean

Sorry it's not working for you.

Would you be kind enough to try downloading this sudo_debug.ps1 gist and running it to see if you can work out where it's hanging?

E.g.

(new-object net.webclient).downloadfile('https://gist.githubusercontent.com/lukesampson/9130445/raw/sudo_debug.ps1', "$pwd/sudo_debug.ps1")
./sudo_debug.ps1 echo hi

lukesampson avatar Feb 21 '14 08:02 lukesampson

Alright, here's what I get

PS> .\sudo_debug.ps1 Write-Host "hello, world!"
DEBUG: is_admin
DEBUG: is_admin: identity: NAMCK\eacwpku
DEBUG: is_admin: admin group: Administrators

I ran it in the PowerShell debugger, too

PS> set-psdebug -trace 2; .\sudo_debug.ps1 Write-Host "hello, world!"
DEBUG:    1+ set-psdebug -trace 2;  >>>> .\sudo_debug.ps1 Write-Host "hello, world!"
DEBUG:    6+ if( >>>> !$args) { "usage: sudo <cmd...>"; exit 1 }
DEBUG:     ! CALL function '<ScriptBlock>'  (defined in file 'C:\Users\eacwpku\sudo_debug.ps1')
DEBUG:   66+ if( >>>> $args[0] -eq '-do') {
DEBUG:   74+ if( >>>> !(is_admin)) {
DEBUG:    8+ function is_admin  >>>> {
DEBUG:     ! CALL function 'is_admin'  (defined in file 'C:\Users\eacwpku\sudo_debug.ps1')
DEBUG:    9+    >>>> write-host "DEBUG: is_admin"
DEBUG: is_admin
DEBUG:   10+   >>>> $id = [security.principal.windowsidentity]::getcurrent()
DEBUG:     ! SET $id = 'System.Security.Principal.WindowsIdentity'.
DEBUG:   11+   >>>> write-host "DEBUG: is_admin: identity: $($id.name)"
DEBUG:   11+  write-host "DEBUG: is_admin: identity: $( >>>> $id.name)"
DEBUG: is_admin: identity: NAMCK\eacwpku
DEBUG:   12+   >>>> $name = $id.name -replace '^[^\\]*\\', ''
DEBUG:     ! SET $name = 'eacwpku'.
DEBUG:   13+   >>>> $admin_group = (gwmi win32_group -filter "LocalAccount=True AND SID='S-1-5-32-544'").name # be
 language-agnostic
DEBUG:     ! SET $admin_group = 'Administrators'.
DEBUG:   14+   >>>> write-host "DEBUG: is_admin: admin group: $admin_group"
DEBUG: is_admin: admin group: Administrators
DEBUG:   15+   >>>> $res = gwmi win32_groupuser | ? { $_.groupcomponent -match "name=`"$admin_group`"" -and
$_.partcomponent -match "name=`"$name`"" }

I tried just running gwmi win32_groupuser and it hangs, too. Maybe it's not a hang, but an incredibly long query? I'm on a domain with 10K+ users.

I'm looking through Google and it's really difficult to get search results for "is the current user in the local administrator's group" there are an awful lot of checks for "is the current session administrative". But, I think I narrowed it down to this command

net localgroup administrators | ?{ $_ -match $env:username }

And if I replace the contents of the is_admin function in sudo.ps1, it works! Is the function above a useful substitute? Does it do what you need it to do?


*You can wrap that net function up with fancy custom objects if you want to pipe it better.

AnthonyMastrean avatar Feb 24 '14 16:02 AnthonyMastrean

Cool, your replacement looks so much better (and simpler). I'll use that now. Thanks for looking into it!

lukesampson avatar Feb 24 '14 22:02 lukesampson

I'm afraid that won't work on systems where the locale isn't English.

$ net localgroup administrators
System error 1376 has occurred.

The specified local group does not exist.

whereas...

$ net localgroup administratoren
Alias name     administratoren
Comment        Administratoren haben uneingeschränkten Vollzugriff auf den Computer bzw. die Domäne.

Members

-------------------------------------------------------------------------------
Super
Administrator
Somebody
The command completed successfully.

guillermooo avatar Feb 25 '14 07:02 guillermooo

Nice catch—thanks. Does it work now?

lukesampson avatar Feb 25 '14 08:02 lukesampson