使用 sudo 切換使用者很慢（需要幾分鐘）

我有一個執行 Debian 9 (Stretch) 的虛擬機。

我可以很好地登錄到我自己的使用者帳戶。

但是，每次我嘗試使用 切換使用者sudo su時，在輸入密碼後（即時），都需要幾分鐘才能成功。其他使用者是 root 還是其他使用者帳戶都沒有關係。

使用 的其他命令sudo，例如sudo echo，工作得很好（我已經嘗試了調試慢速 sudo 命令的步驟，包括與解析主機名有關的問題，一切都應該沒問題。）

我檢查了其他涉及的過程sudo，但一無所獲。

我試過執行sudo strace sudo su，並得到了以下輸出（只顯示最後幾行；這個過程又花了幾分鐘才成功）：

fcntl(8, F_SETLKW, {l_type=F_RDLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0
read(8, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(8, "\6\0\0\0\213\2\0\0ttyS0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(8, "\6\0\0\0\214\2\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(8, "\1\0\0\0005\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(8, "\7\0\0\0e\32\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(8, "\7\0\0\0TL\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl(8, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0
alarm(0)                                = 10
rt_sigaction(SIGALRM, {sa_handler=0x55dacfaa8200, sa_mask=~[KILL STOP RTMIN RT_1], sa_flags=SA_RESTORER|SA_INTERRUPT|SA_SIGINFO, sa_restorer=0x7f8ab6d33060}, NULL, 8) = 0
close(8)                                = 0
getuid()                                = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 8
connect(8, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = 0
sendto(8, "<86>Mar  4 00:20:35 sudo: pam_un"..., 95, MSG_NOSIGNAL, NULL, 0) = 95
socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 9
fcntl(9, F_SETFD, FD_CLOEXEC)           = 0
sendto(9, {{len=120, type=0x451 /* NLMSG_??? */, flags=NLM_F_REQUEST|NLM_F_ACK, seq=3, pid=0}, "op=PAM:session_open acct=\"root\" "...}, 120, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 120
poll([{fd=9, events=POLLIN}], 1, 500)   = 1 ([{fd=9, revents=POLLIN}])
recvfrom(9, {{len=36, type=NLMSG_ERROR, flags=0, seq=3, pid=2859367897}, "\0\0\0\0x\0\0\0Q\4\5\0\3\0\0\0\0\0\0\0"}, 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, [12]) = 36
recvfrom(9, {{len=36, type=NLMSG_ERROR, flags=0, seq=3, pid=2859367897}, "\0\0\0\0x\0\0\0Q\4\5\0\3\0\0\0\0\0\0\0"}, 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, [12]) = 36
close(9)                                = 0
getpgrp()                               = 23062
rt_sigaction(SIGCHLD, {sa_handler=0x55dacfaa8200, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_INTERRUPT|SA_SIGINFO, sa_restorer=0x7f8ab6d33060}, NULL, 8) = 0
rt_sigaction(SIGCONT, {sa_handler=0x55dacfaa8200, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_INTERRUPT|SA_SIGINFO, sa_restorer=0x7f8ab6d33060}, NULL, 8) = 0
rt_sigaction(SIGTSTP, {sa_handler=0x55dacfaa8140, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_INTERRUPT|SA_SIGINFO, sa_restorer=0x7f8ab6d33060}, NULL, 8) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f8ab7d1ff50) = 23072
close(7)                                = 0
poll([{fd=3, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1) = 1 ([{fd=6, revents=POLLIN|POLLHUP}])
recvfrom(6, "", 8, MSG_WAITALL, NULL, NULL) = 0
poll([{fd=3, events=POLLIN}], 1, -1)    = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
restart_syscall(<... resuming interrupted poll ...>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
restart_syscall(<... resuming interrupted restart_syscall ...>

很難準確地說程序在哪一行停止，因為它似乎沒有刷新緩衝區（它會在不完整的行上暫停），但是日誌末尾的行以poll並且restart_syscall似乎是程序延遲。

我不知道如何解釋這個strace輸出，所以任何指針或提示都值得讚賞。

我的問題：根據這個strace輸出，為什麼切換使用者使用sudo需要這麼長時間？

---

編輯：感謝@Ferenc Wágner 在評論中的提示，我添加-f並strace發現它sudo su正在分叉許多似乎一遍又一遍地循環的程序。我仍然不確定到底是什麼問題。（我在以下日誌中匿名了域名。我認為 IP 地址是標準的 Google Cloud IP。）

以下是 的輸出範例sudo strace -f -t sudo su。輸出非常大而且速度很快，但似乎在不同的分叉中一遍又一遍地重複相同的過程。

pid 17113] 17:29:51 poll(NULL, 0, 4strace: Process 20730 attached
<unfinished ...>
[pid 20730] 17:29:51 set_robust_list(0x7fa609e0a9e0, 24) = 0
[pid 20730] 17:29:51 getpid()           = 17113
[pid 20730] 17:29:51 open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 3
[pid 20730] 17:29:51 fstat(3, {st_mode=S_IFREG|0644, st_size=154, ...}) = 0
[pid 20730] 17:29:51 read(3, "domain us-central1-a.c.my-domai"..., 4096) = 154
[pid 20730] 17:29:51 read(3, "", 4096)  = 0
[pid 20730] 17:29:51 close(3)           = 0
[pid 20730] 17:29:51 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
[pid 20730] 17:29:51 fstat(3, {st_mode=S_IFREG|0644, st_size=453, ...}) = 0
[pid 20730] 17:29:51 read(3, "127.0.0.1\tlocalhost my-domain i"..., 4096) = 453
[pid 20730] 17:29:51 read(3, "", 4096)  = 0
[pid 20730] 17:29:51 close(3)           = 0
[pid 20730] 17:29:51 madvise(0x7fa60960a000, 8368128, MADV_DONTNEED) = 0
[pid 20730] 17:29:51 exit(0)            = ?
[pid 20730] 17:29:51 +++ exited with 0 +++
[pid 17113] 17:29:51 <... poll resumed> ) = 0 (Timeout)
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
[pid 17113] 17:29:51 setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
[pid 17113] 17:29:51 fcntl(3, F_GETFL)  = 0x2 (flags O_RDWR)
[pid 17113] 17:29:51 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 17113] 17:29:51 connect(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("169.254.169.254")}, 16) = -1 EINPROGRESS (Operation now in progress)
[pid 17113] 17:29:51 poll([{fd=3, events=POLLOUT|POLLWRNORM}], 1, 0) = 0 (Timeout)
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 poll([{fd=3, events=POLLOUT}], 1, 199) = 1 ([{fd=3, revents=POLLOUT}])
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 poll([{fd=3, events=POLLOUT|POLLWRNORM}], 1, 0) = 1 ([{fd=3, revents=POLLOUT|POLLWRNORM}])
[pid 17113] 17:29:51 getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
[pid 17113] 17:29:51 getpeername(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("169.254.169.254")}, [128->16]) = 0
[pid 17113] 17:29:51 getsockname(3, {sa_family=AF_INET, sin_port=htons(37960), sin_addr=inet_addr("10.128.0.2")}, [128->16]) = 0
[pid 17113] 17:29:51 sendto(3, "GET /computeMetadata/v1/oslogin/"..., 134, MSG_NOSIGNAL, NULL, 0) = 134
[pid 17113] 17:29:51 poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 0 (Timeout)
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 poll([{fd=3, events=POLLIN}], 1, 198) = 1 ([{fd=3, revents=POLLIN}])
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 0) = 1 ([{fd=3, revents=POLLIN|POLLRDNORM}])
[pid 17113] 17:29:51 recvfrom(3, "HTTP/1.1 404 Not Found\r\nMetadata"..., 16384, 0, NULL, NULL) = 496
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 close(3)           = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 stat("/var/google-users.d/root", 0x7fff47fdaf50) = -1 ENOENT (No such file or directory)
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 clone(child_stack=0x7fa609e09fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7fa609e0a9d0, tls=0x7fa609e0a700, child_tidptr=0x7fa609e0a9d0) = 20732
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7fa611ec0060}, NULL, 8) = 0
[pid 17113] 17:29:51 poll(NULL, 0, 4strace: Process 20732 attached
<unfinished ...>

所以這無疑是一個網路問題，但我不確定我是否理解問題出在哪裡。

該/etc/hosts文件如下所示：

127.0.0.1       localhost my-domain my-domain.site.com
127.0.1.1       localhost my-domain my-domain.site.com # trying to resolve this issue, probably not needed
::1             localhost ip6-localhost ip6-loopback my-domain my-domain.site.com
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

10.128.0.2 my-domain.us-central1-a.c.my-domain.internal my-domain  # Added by Google
169.254.169.254 metadata.google.internal  # Added by Google

/etc/resolv.conf文件內容如下：

domain us-central1-a.c.my-domain.internal
search us-central1-a.c.my-domain.internal. c.my-domain.internal. google.internal.
nameserver 169.254.169.254

該命令hostname給出：

my-domain

我已經讀過，sudo不知何故取決於hostname，但我不確定sudo su在這裡（例如）sudo echo不感興趣的內容是什麼。

雖然沒有直接回答你的問題，但這迴避了延遲

sudo su可以簡化為sudo -s。如果您想更改為其他使用者，您可以直接這樣做，例如sudo -s -u otheruser

引用自：https://unix.stackexchange.com/questions/637474