Actions requiring root privileges no longer possible

I’m with Tumbleweed for ages, but since an update in 2019 I can no longer perform sudo and any other actions requiring root privileges in my KDE desktop session.
Especially, my user password works only once when starting the KDE session, but on resume after suspending my notebook, it is no longer accepted.
Hence, I help my self with a root login on the text console, doing, loginctl and the like.

Trying sudo give me the error

sudo: Wechsel zur root-GID ist nicht möglich: Die Operation ist nicht erlaubt.
sudo: Audit-Plugin sudoers_audit konnte nicht initialisiert werden

My hypothesis is that some system configuration missed a certain update. But no Tumbleweed update since then did heal that.
Help would be appreciated.

What is the output from:

ls -l /usr/bin/sudo

In a terminal (“konsole” or “gnome-terminal” or “xterm” depending on what is installed), you should be able to use:

su -

to acquire root privileges.

I am not sure what you mean with this.

When starting a KDE session (login in the GUI) you do not need the root password.

It looks as if, you’ve missed the need to edit the following file:


Please note that, you need to «read: SHALL and/or MUST» use the command “visudo” executed by the user “root” to edit the ‘sudoers’ file …

Yeah, my user password is only accepted on initial login into a KDE session.

As said inside a KDE session getting root privileges is not possible. Int the text console it is.
If I do this ls command in the text console I get

-rwsr-xr-x 1 root root 273368 Jun 16 17:28 /usr/bin/sudo

Well, when that user logs in, you need that user’s password.

But why do you say “only”. Does it not work on a following login?

Are you sure you type the root password then correct?

That looks correct. So it isn’t a permissions problem.

It’s a bit hard to guess what is broken, without more information. Here, “sudo” is working well though I am more likely to just use “su”.

From my KDE Plasma session, a Konsole session logged in as the user “root” is called by:

  1. System default: the command “konsole” with the CLI argument “ –profile ‘Root Shell’
  2. My personal “Root Shell” profile for Konsole has the following command: “/usr/bin/su --login

I can also, if I want to, login to a KDE Plasma session from SDDM as the user “root” by clicking the “Other users” button.

Have you modified the /root/.bashrc and /root/.profile files?

In /etc/passwd does the entry for the user “root” look like the following example?


In /etc/group does the entry for the group “root” look like the following example?


Is the OP using the word “root” to attempt the login? Some folks think they still need to enter the word “su” for a root login on the GUI login screen.
Sidenote: if I need a root login upon a fresh boot, I always switch to console one and drop to runlevel 3 (networking, no GUI). Then I login as “root”, then do a startx … that’s usually because there’s some weird issue with KDE Plasma and I want to watch the GUI startup output.

You haven’t been able to do any administration in all this time, and you’re asking now? Interesting lol

I remember a few years back there was an issue caused by a change in how “sudo” worked? From what I remember everyone’s sudo stopped working because it changed from being group policy based, to being password based. I fixed it by manually adding my main user to the wheel group and fixed it that way, essentially returning it to the old behaviour. I don’t know if this is the same thing you’re experiencing.

Was this in openSUSE? openSUSE does not use the wheel group by default.

Provided that, you’ve executed a default installation, it’s present by default:

 > rpm --query --whatrecommends system-group-wheel
 > rpm --query --provides system-group-wheel
system-group-wheel = 20170617-150400.22.33
 > rpm -ql system-group-wheel
 > cat /usr/lib/sysusers.d/system-group-wheel.conf
# Type Name ID GECOS [HOME]
g wheel -

Not anymore, no. Tbh I prefer the old system. ngl when that change happened and I was locked out of using sudo at all I would have been lost had it not been for my prior experience in setting up FreeBSD

Or, on a default openSUSE installation (with systemd):

# systemctl isolate

1 Like

I did not deny it isn’t present (it is of course in all my openSUSE systems), I said that by default it is not used.

1 Like

You HAVE been able to do updates, in that time…?

Oops, accidentally I tried to reply to this from within GMail. So, regarding updating, the short answer is yes, all the time.

Please mind that the actual error regarding the Audit-plugin may hint to the cause of my problem.

Since Tumbleweed is a rolling release, I’m used to practicing pulling distribution updates (aka ‘zypper dup’) regularly (also, for quite a long time updated kernels did actually not boot to the graphical login, so I had to stick to a 6.2.19 kernel (also protecting it from being purged) and for many months, and I updated often, always hoping this situation will eventually heal, and actually it did with a kernel release a few months ago).

This is why I wrote my user password.

I recently used the Yast2 sudo module to recreate /etc/sudoers.
It changes nothing.
What do the terms “Audit-Plugin” and “sudoers-audit” from the error message mean?
What about the /etc/sudoers.d directory?
It contains a single line file named ‘username’.