the sudo command works correctly. But when I want ‘sudo su - postgres’ as user xyz, I get
sudo: PERM_SUDOERS: setresuid(-1, 1, -1): Operation not permitted
sudo: no valid sudoers sources found, quitting
sudo: setresuid() [0, 0, 0] → [1001, -1, -1]: Operation not permitted
sudo: error initializing audit plugin sudoers_audit
When I delete and recreate xyz, the same issue occurs. There must be some misconfiguration for the user xyz. /etc/sudoers is 440 and has correct content. Also reinstalling sudo doesn’t help.
First, do not edit the /etc/sudoers. Rather drop your custom rules into a file in /etc/sudoers.d/
That makes it easier later remember what was done by you and what is from package.
Second, sudo su - postgres feels too much.
You try to run command su -l postgres as user root.
The root could as well run runuser -l postgres.
But why run as root at all? Why not the more direct:
sudo -u postgres -i
If you want to allow the xyz to do pretty much anything, then you don’t have to modify the sudoers at all.
Simply add xyz to group wheel:
usermod -a -G wheel xyz
The default rules in sudoers do already allow members of wheel to do everything.
Thank you for the rapid answer. When I try sudo -u postgres -i, it has exactly the same effect; and xyz is already member of wheel group. There must be another issue, by switching to another user abc the sudo command behaves as expected.