sudo spams 'Sorry, try again.' despites no keyboard input #475
Description
2025-10-06.03-21-01.mp4
Here are some logs, but I think they are not relevant:
Oct 06 03:27:04 AprilGrimoire-Mechrevo systemd[5968]: app-flatpak-org.videolan.VLC-13223.scope: Consumed 2min 28.026s CPU time.
Oct 06 03:27:08 AprilGrimoire-Mechrevo localsearch-3[13143]: tracker_resource_set_relation: NULL is not a valid value.
Oct 06 03:27:10 AprilGrimoire-Mechrevo systemd[5968]: app-niri-alacritty-12324.scope: Consumed 2.305s CPU time.
Oct 06 03:27:17 AprilGrimoire-Mechrevo systemd[5968]: app-niri-fuzzel-13073.scope: Consumed 6.965s CPU time.
Oct 06 03:27:18 AprilGrimoire-Mechrevo clash-verge[6132]: [IPC] LogsMonitor: Starting stream for /logs?level=debug
Oct 06 03:27:21 AprilGrimoire-Mechrevo sudo[14113]: april : 3 incorrect password attempts ; TTY=pts/2 ; PWD=/home/april ; USER=root ; COMMAND=/usr/sbin/ls
(base) ➜ ~ dmesg | tail
[ 145.142796] hid-generic 0003:24AE:4005.000A: input,hidraw2: USB HID v1.10 Keyboard [Rapoo Rapoo Gaming Keyboard] on usb-0000:09:00.4-1.1/input0
[ 145.150320] input: Rapoo Rapoo Gaming Keyboard Mouse as /devices/pci0000:00/0000:00:08.3/0000:09:00.4/usb7/7-1/7-1.1/7-1.1:1.1/0003:24AE:4005.000B/input/input27
[ 145.150687] input: Rapoo Rapoo Gaming Keyboard System Control as /devices/pci0000:00/0000:00:08.3/0000:09:00.4/usb7/7-1/7-1.1/7-1.1:1.1/0003:24AE:4005.000B/input/input28
[ 145.202418] input: Rapoo Rapoo Gaming Keyboard Consumer Control as /devices/pci0000:00/0000:00:08.3/0000:09:00.4/usb7/7-1/7-1.1/7-1.1:1.1/0003:24AE:4005.000B/input/input29
[ 145.202885] hid-generic 0003:24AE:4005.000B: input,hiddev98,hidraw3: USB HID v1.10 Mouse [Rapoo Rapoo Gaming Keyboard] on usb-0000:09:00.4-1.1/input1
[ 145.207186] hid-generic 0003:24AE:4005.000C: hiddev99,hidraw4: USB HID v1.10 Device [Rapoo Rapoo Gaming Keyboard] on usb-0000:09:00.4-1.1/input2
[ 156.763542] nvme nvme0: using unchecked data buffer
[ 156.776702] block nvme1n1: No UUID available providing old NGUID
[ 286.888893] nvidia_uvm: module uses symbols nvUvmInterfaceDisableAccessCntr from proprietary module nvidia, inheriting taint.
[ 432.286329] nvidia-modeset: Loading NVIDIA Kernel Mode Setting Driver for UNIX platforms 570.190 Fri Aug 29 16:18:24 UTC 2025
EDIT: Somehow it just worked after a while. Is it related to the sudo privilege cache I use that works across terminals? I use an account-wise sudo state cache.
Here are the config files I have:
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias WEBSERVERS = www1, www2, www3
##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef
##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top
#
# Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
#
# Cmnd_Alias DEBUGGERS = /usr/bin/gdb, /usr/bin/lldb, /usr/bin/strace, \
# /usr/bin/truss, /usr/bin/bpftrace, \
# /usr/bin/dtrace, /usr/bin/dtruss
#
# Cmnd_Alias PKGMAN = /usr/bin/apt, /usr/bin/dpkg, /usr/bin/rpm, \
# /usr/bin/yum, /usr/bin/dnf, /usr/bin/zypper, \
# /usr/bin/pacman
##
## Defaults specification
##
## Preserve editor environment variables for visudo.
## To preserve these for all commands, remove the "!visudo" qualifier.
Defaults!/usr/sbin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL"
##
## Use a hard-coded PATH instead of the user's to find commands.
## This also helps prevent poorly written scripts from running
## arbitrary commands under sudo.
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/lib/llvm/20/bin:/usr/lib/llvm/19/bin:/usr/lib/llvm/18/bin:/etc/eselect/wine/bin:/opt/cuda/bin"
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file. Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods. Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to disable "use_pty" when running commands as root.
## Commands run as non-root users will run in a pseudo-terminal,
## not the user's own terminal, to prevent command injection.
# Defaults>root !use_pty
##
## Uncomment to run commands in the background by default.
## This can be used to prevent sudo from consuming user input while
## a non-interactive command runs if "use_pty" or I/O logging are
## enabled. Some commands may not run properly in the background.
# Defaults exec_background
##
## Uncomment to send mail if the user does not enter the correct password.
# Defaults mail_badpass
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
## Sudo will create up to 2,176,782,336 I/O logs before recycling them.
## Set maxseq to a smaller number if you don't have unlimited disk space.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!REBOOT !log_output
# Defaults maxseq = 1000
##
## Uncomment to disable intercept and log_subcmds for debuggers and
## tracers. Otherwise, anything that uses ptrace(2) will be unable
## to run under sudo if intercept_type is set to "trace".
# Defaults!DEBUGGERS !intercept, !log_subcmds
##
## Uncomment to disable intercept and log_subcmds for package managers.
## Some package scripts run a huge number of commands, which is made
## slower by these options and also can clutter up the logs.
# Defaults!PKGMAN !intercept, !log_subcmds
##
## Uncomment to disable PAM silent mode. Otherwise messages by PAM
## modules such as pam_faillock will not be printed.
# Defaults !pam_silent
##
## Runas alias specification
##
##
## User privilege specification
##
root ALL=(ALL:ALL) ALL
## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL:ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL:ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL:ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
Defaults !tty_tickets
## Read drop-in files from /etc/sudoers.d
@includedir /etc/sudoers.d
#
# Default /etc/sudo.conf file
#
# Sudo plugins:
# Plugin plugin_name plugin_path plugin_options ...
#
# The plugin_path is relative to /usr/lib64/sudo unless
# fully qualified.
# The plugin_name corresponds to a global symbol in the plugin
# that contains the plugin interface structure.
# The plugin_options are optional.
#
# The sudoers plugin is used by default if no Plugin lines are present.
#Plugin sudoers_policy sudoers.so
#Plugin sudoers_io sudoers.so
#Plugin sudoers_audit sudoers.so
#
# Sudo askpass:
# Path askpass /path/to/askpass
#
# An askpass helper program may be specified to provide a graphical
# password prompt for "sudo -A" support. Sudo does not ship with its
# own askpass program but can use the OpenSSH askpass.
#
# Use the OpenSSH askpass
#Path askpass /usr/X11R6/bin/ssh-askpass
#
# Use the Gnome OpenSSH askpass
#Path askpass /usr/libexec/openssh/gnome-ssh-askpass
#
# Sudo device search path:
# Path devsearch /dev/path1:/dev/path2:/dev
#
# A colon-separated list of paths to check when searching for a user's
# terminal device.
#
#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev
#
# Sudo command interception:
# Path intercept /path/to/sudo_intercept.so
#
# Path to a shared library containing replacements for the execv(),
# execve() and fexecve() library functions, which perform a policy
# check to verify whether the command is allowed and simply return
# an error if it is not. This is used to implement the "intercept"
# functionality on systems that support LD_PRELOAD or its equivalent.
#
# The compiled-in value is usually sufficient and should only be changed
# if you rename or move the sudo_intercept.so file.
#
#Path intercept /usr/libexec/sudo/sudo_intercept.so
#
# Sudo noexec:
# Path noexec /path/to/sudo_noexec.so
#
# Path to a shared library containing replacements for the execv(),
# execve() and fexecve() library functions that just return an error.
# This is used to implement the "noexec" functionality on systems that
# support LD_PRELOAD or its equivalent.
#
# The compiled-in value is usually sufficient and should only be changed
# if you rename or move the sudo_noexec.so file.
#
#Path noexec /usr/libexec/sudo/sudo_noexec.so
#
# Sudo plugin directory:
# Path plugin_dir /path/to/plugins
#
# The default directory to use when searching for plugins that are
# specified without a fully-qualified path name.
#
#Path plugin_dir /usr/lib64/sudo
#
# Core dumps:
# Set disable_coredump true|false
#
# By default, sudo disables core dumps while it is executing (they
# are re-enabled for the command that is run).
# To aid in debugging sudo problems, you may wish to enable core
# dumps by setting "disable_coredump" to false.
#
#Set disable_coredump false
#
# User groups:
# Set group_source static|dynamic|adaptive
#
# Sudo passes the user's group list to the policy plugin.
# If the user is a member of the maximum number of groups (usually 16),
# sudo will query the group database directly to be sure to include
# the full list of groups.
#
# On some systems, this can be expensive so the behavior is configurable.
# The "group_source" setting has three possible values:
# static - use the user's list of groups returned by the kernel.
# dynamic - query the group database to find the list of groups.
# adaptive - if user is in less than the maximum number of groups.
# use the kernel list, else query the group database.
#
#Set group_source static
#
# Sudo interface probing:
# Set probe_interfaces true|false
#
# By default, sudo will probe the system's network interfaces and
# pass the IP address of each enabled interface to the policy plugin.
# On systems with a large number of virtual interfaces this may take
# a noticeable amount of time.
#
#Set probe_interfaces false
#
# Sudo debug files:
# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority]
#
# Sudo and related programs support logging debug information to a file.
# The program is typically sudo, sudoers.so, sudoreplay, or visudo.
#
# Subsystems vary based on the program; "all" matches all subsystems.
# Priority may be crit, err, warn, notice, diag, info, trace, or debug.
# Multiple subsystem@priority may be specified, separated by a comma.
#
#Debug sudo /var/log/sudo_debug all@debug
#Debug sudoers.so /var/log/sudoers_debug all@debug