On Ubuntu 9 64-bit systems, you might encounter a frustrating delay where simple sudo commands like sudo echo hi take 2-3 minutes to execute. This isn't normal behavior - sudo should respond almost instantly for such basic operations.
Running strace reveals the culprit:
poll("/etc/pam.d/system-auth", POLLIN) = 0 (Timeout)
The system call shows sudo repeatedly polling /etc/pam.d/system-auth with 5-second timeouts, accumulating to that 2-3 minute delay through multiple iterations.
This file is part of PAM (Pluggable Authentication Modules) configuration. Sudo uses PAM for authentication, and when it can't find the expected PAM configuration, it may enter this polling behavior. Several factors could cause this:
- The file might be missing or misconfigured
- Filesystem or NFS issues could make access slow
- DNS or LDAP timeouts in authentication backends
To reduce the impact while troubleshooting, you can modify the pam configuration to timeout faster. Edit /etc/pam.d/common-auth:
auth required pam_unix.so nullok_secure timeout=10
This changes the timeout from default 5 seconds to 1 second (value is in tenths of seconds).
The proper solution is to ensure your PAM configuration is complete. For Ubuntu 9, try:
sudo cp /etc/pam.d/common-auth /etc/pam.d/system-auth sudo cp /etc/pam.d/common-account /etc/pam.d/system-account sudo cp /etc/pam.d/common-password /etc/pam.d/system-password sudo cp /etc/pam.d/common-session /etc/pam.d/system-session
If you're using LDAP or other network authentication, add debugging to identify delays:
auth sufficient pam_ldap.so debug
Check /var/log/auth.log for detailed authentication attempts and timeouts.
As a last resort for testing, you can configure sudo to skip PAM (security implications!):
# In /etc/sudoers Defaults !use_pam
This should only be temporary while debugging the root cause.
Ubuntu 9 reached end-of-life in April 2014. Consider upgrading to a supported release where these issues may have been fixed. Modern Ubuntu versions handle PAM configuration more gracefully.
When running basic commands like sudo echo hi on Ubuntu 9 64-bit, you might encounter an inexplicable 2-3 minute delay. The strace output reveals the culprit:
poll("/etc/pam.d/system-auth", POLLIN) = 0 (Timeout)
[Repeated multiple times]
The Linux Pluggable Authentication Modules (PAM) system handles authentication requests. When sudo executes, it initiates a PAM conversation that:
- Checks /etc/pam.d/system-auth configuration
- Waits for authentication modules to respond
- Defaults to 5-second timeout per poll attempt
The extended delay occurs because:
1. Sudo makes multiple PAM initialization attempts 2. Each poll() call waits 5 seconds before timing out 3. Network-based authentication modules may hang (like LDAP) 4. System-auth symlink might point to unavailable resource
Option 1: Reduce PAM timeout values in /etc/pam.d/common-* files:
auth sufficient pam_unix.so try_first_pass nullok timeout=1
Option 2: Disable problematic PAM modules temporarily for testing:
# Comment out in /etc/pam.d/system-auth: # auth required pam_ldap.so
DNS Configuration: Ensure proper DNS resolution if using network authentication:
/etc/resolv.conf: nameserver 8.8.8.8 options timeout:1 attempts:1
PAM Stack Optimization: Modify /etc/pam.d/sudo:
auth required pam_env.so auth sufficient pam_unix.so try_first_pass auth required pam_deny.so # Fail fast if other modules don't respond
To identify specific delays:
# Trace PAM operations strace -f -o sudo_trace.log sudo -v # Check PAM module dependencies ldd /lib/security/pam_ldap.so # Verify system-auth target ls -l /etc/pam.d/system-auth
For critical systems, modify and rebuild sudo:
wget https://www.sudo.ws/dist/sudo-1.9.5p2.tar.gz tar xzf sudo-1.9.5p2.tar.gz cd sudo-1.9.5p2 ./configure --with-pam --with-timeout=1 make && make install