[SOLVED] Permission problem with sudo

DogMatix · 2013-07-08 15:34:18

I am having problems getting sudo to work. This is on a brand new install from a recently downloaded ISO image and I confirmed the MD5 checksum was correct. Base system is installed and I have added a user using

# useradd -m -g users -s /bin/bash myusername
# passwd myusername

This went fine and I can log into my new account.

Logged in as root I installed sudo using

# pacman -S sudo

sudo seems to install fine and I had no errors.

I then added myusername to /etc/sudoers using vi (the default editor)

# visudo

I added myusername beneath ## User priviledge specification as follows

##
##  User priviledge specification
##
root ALL=(ALL) ALL
myusername myhostname=(ALL) ALL

Running

# visudo -c

returned

/etc/sudoers: parsed OK

I reopened /etc/sudoers with visudo to check the entry and everything seems OK

This is where my problems start. As root issuing

# sudo -ll

returns

sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers found, quitting
sudo: unable to initialize policy plugin

If I login as myusername and use (for example)

# sudo pacman -Syu

returns identical sudo errors.

What I have tried.

As it appeared to be a permissions problem I ran (as root)

# chown -c root:root /etc/sudoers
# chmod -c 0440 /etc/sudoers

I have also removed sudo using

# pacman -Rs sudo

then re-installed it.

However, the problem persists.

As it is a brand new install I have also reinstalled Arch with a freshly downloaded and MD5 checksum confirmed ISO. The problem is replicated.

I searched the forum and found these two posts which seem to address similar problems but could not find a fix to my problem:
https://bbs.archlinux.org/viewtopic.php?id=153319
https://bbs.archlinux.org/viewtopic.php?id=131764

I have also read: https://wiki.archlinux.org/index.php/Sudo

I don’t really know where to go next. I have installed Arch before and installed sudo successfully. If I have missing something simple I am at a loss as to what it is. Any help greatly appreciated.

Last edited by DogMatix (2013-07-09 13:08:44)

falconindy · 2013-07-08 15:48:45

Sounds like sudo itself isn't setuid. What filesystem is this? What are the mount options listed in /proc/self/mountinfo?

Last edited by falconindy (2013-07-08 15:48:58)

DogMatix · 2013-07-08 16:09:25

falconindy wrote:

Sounds like sudo itself isn't setuid. What filesystem is this? What are the mount options listed in /proc/self/mountinfo?

The file system is ext4

There are 25 entries in proc/self/mountinfo

What should I be looking out for.

I am using a 2nd machine at the moment so typing the output would take a while.
The Arch install does not even have X installed but if it would help I will go ahead and install a basic openbox DE and install a web browser so I can easily post the content of mountinfo.

falconindy · 2013-07-08 17:54:32

Obviously I'm interested in the mount flags for the root device....

$ awk '$5 == "/"'  /proc/self/mountinfo

The first question is a lot more relevant, though. Really, is sudo setuid or not? My request for the mount options is a hopeful guess at where to look for a root cause, assuming my first question is spot on.

DogMatix wrote:

The Arch install does not even have X installed but if it would help I will go ahead and install a basic openbox DE and install a web browser so I can easily post the content of mountinfo.

You don't need X or a web browser to post things to a pastebin...

$ curl -F 'sprunge=@-' http://sprunge.us </proc/self/mountinfo

Last edited by falconindy (2013-07-08 17:54:47)

DogMatix · 2013-07-08 21:22:50

$ awk '$5 == "/"'  /proc/self/mountinfo

returned

19 1 8:2 / / rw,relatime shared:1 - ext4 /dev/sda2 rw,data=ordered

sudo setuid or not?

I have read a bit about setuid but I don't know how to tell is sudo is setuid or not? Have I missed a step setting up sudo?

I have read https://bbs.archlinux.org/edit.php?id=32020

Is this related?

Thanks for your help

Last edited by DogMatix (2013-07-08 21:28:32)

opensrcrox · 2013-07-08 21:37:08

You can tell by :

 ls -la /usr/bin/sudo

... The output should be similar to:

-rwsr-xr-x 1 root root 127560 Jun 14 04:58 /usr/bin/sudo

Notice the "s" in permissions? that means sudo is setuid

DogMatix · 2013-07-08 21:41:40

output of ls -la /usr/bin/sudo (run as root)

-rwsr-xr-x 1 root root 129384 Jun 14 09:58 /usr/bin/sudo

So I take that to mean sudo is setuid?

Strike0 · 2013-07-08 21:46:40

Yes.
Try replacing your "hostname=" like this

root ALL=(ALL) ALL
myusername ALL=(ALL) ALL

DogMatix · 2013-07-08 22:03:30

Strike0 wrote:

Yes.
Try replacing your "hostname=" like this
root ALL=(ALL) ALL
myusername ALL=(ALL) ALL

Yes, I have tried that, but using sudo still returns

sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers found, quitting
sudo: unable to initialize policy plugin

but thanks for the idea.

falconindy · 2013-07-08 22:46:53

What happens if you invoke it as /usr/bin/sudo? The point being to avoid any possible aliases, functions, wrappers, etc...

DogMatix · 2013-07-08 22:54:47

falconindy wrote:

What happens if you invoke it as /usr/bin/sudo? The point being to avoid any possible aliases, functions, wrappers, etc...

running

 /usr/bin/sudo -ll

returns the same error messages I have posted above.

dag · 2013-07-08 23:19:01

have you tried to do anything out of the norm in your installation/configuration?

Last edited by dag (2013-07-08 23:19:45)

DogMatix · 2013-07-08 23:35:17

dag wrote:

have you tried to do anything out of the norm in your installation/configuration?

This is a fresh install. The problem arose after just the base system was installed, a non root user added and sudo installed. I have now added Openbox, Xterm, Pcmanfm and Firefox. Besides the sudo issue it works fine.

The system has a Swap partition, a partition for Arch and a Home partition. I followed the Beginner's Installation Guide from the Wiki. It replaced a previous Arch system that I installed maybe a year ago that had sudo working OK.

Last edited by DogMatix (2013-07-08 23:35:59)

oliver · 2013-07-08 23:49:05

what are your permissions on / and /etc ?

DogMatix · 2013-07-08 23:53:04

oliver wrote:

what are your permissions on / and /etc ?

I'll check but its 1:00am here. So I'll pick this thread up in the morning. Thanks everyone for your help so far.

DogMatix · 2013-07-09 09:20:06

Here are my permissions

[root@myhostname]# ls -la /

drwx------  18 myusername 1000  4096 Jul  8 23:08 .
drwx------  18 myusername 1000  4096 Jul  8 23:08 ..
lrwxrwxrwx   1 root   root     7 May 31 19:40 bin -> usr/bin
drwxr-xr-x   3 root   root  4096 Jul  8 22:36 boot
drwxr-xr-x  17 root   root  3120 Jul  9 10:55 dev
drwxr-xr-x  55 root   root  4096 Jul  9 00:00 etc
drwx------   4 myusername 1000  4096 Jul  8 22:39 home
lrwxrwxrwx   1 root   root     7 May 31 19:40 lib -> usr/lib
lrwxrwxrwx   1 root   root     7 May 31 19:40 lib64 -> usr/lib
drwx------   2 root   root 16384 Jul  8 21:19 lost+found
drwxr-xr-x   2 root   root  4096 May 17 11:32 media
drwxr-xr-x   2 root   root  4096 May 31 19:40 mnt
drwxr-xr-x   2 root   root  4096 May 31 19:40 opt
dr-xr-xr-x 102 root   root     0 Jul  9 10:54 proc
drwxr-x---   6 root   root  4096 Jul  9 10:55 root
drwxr-xr-x  15 root   root   400 Jul  9 10:54 run
lrwxrwxrwx   1 root   root     7 May 31 19:40 sbin -> usr/bin
drwxr-xr-x   4 root   root  4096 May 31 19:40 srv
dr-xr-xr-x  13 root   root     0 Jul  9 10:54 sys
drwxrwxrwt   7 root   root   220 Jul  9 11:03 tmp
drwxr-xr-x   8 root   root  4096 Jul  8 22:28 usr
drwxr-xr-x  12 root   root  4096 Jul  8 22:28 var

Also the permissions of etc/sudoers, as that was mentioned in the error messages

[root@myhostname ~]# ls -la /etc/sudoers
-r--r----- 1 root root 2870 Jul  9 00:00 /etc/sudoers

EDIT: Isn't the mode of /etc/sudoers supposed to be 0440. I thought I had changed this (as mentioned in post 1).

I have just re-run

[root@myhostname ~]# chmod 0440 /etc/sudoers
[root@myhostname ~]# ls -la /etc/sudoers
-r--r----- 1 root root 2870 Jul  9 00:00 /etc/sudoers

Why hasn't the mode changed? Could this be the main issue I'm having?

Last edited by DogMatix (2013-07-09 10:00:01)

qinohe · 2013-07-09 10:12:56

Shouldn't '/' be owned by root and not by your 'user', same counts for the home dir. shouldn't this be owned by the root user?
Only the user dir. in '/home' should be owned with your user permissions,
Maybe I'm wrong, but this is the way I have my system setup.

Permissions on the sudoers file look fine.

DogMatix · 2013-07-09 12:54:46

qinohe wrote:

Shouldn't '/' be owned by root and not by your 'user', same counts for the home dir. shouldn't this be owned by the root user?
Only the user dir. in '/home' should be owned with your user permissions,
Maybe I'm wrong, but this is the way I have my system setup.
Permissions on the sudoers file look fine.

You may well have something there. I checked a *buntu and a debian install I have and both have / owned by root.
So, I have nuked my Arch HDD and re-partitioned it using Gparted on a USB key and re-installed Arch. I have just run ls -la / again and now / is owned by root. Give me a little time to add a user and install sudo and I'll get back to you.

Fingers crossed.

EDIT

It's fixed. Thanks everyone for the advice.

Now, as to why this happened. The only thing I did different on this install was to use a fresh copy of Gparted on a USB to partition the hard-drive. Last time I used Disk Utility on a Ubuntu installation that is on a separate hard-drive. I thought I had unmounted the Arch hard-drive before I partitioned it, but, I have a feeling the strange root permissions may have emulated from there. So, I'll be keeping my Gparted USB key for future disk partitioning from now on.

Blimey that was confusing!

Last edited by DogMatix (2013-07-09 13:10:23)

qinohe · 2013-07-09 13:47:23

Glad you fixed it.
Maybe your umount scenario could be, but I guess it won't partition at all, if sill mounted.
Could it be you ran 'Disk-Utility' from Ubuntu, with user -, and not root permissions?

oliver · 2013-07-09 14:21:19

DogMatix wrote:

Now, as to why this happened. The only thing I did different on this install was to use a fresh copy of Gparted on a USB to partition the hard-drive. Last time I used Disk Utility on a Ubuntu installation that is on a separate hard-drive. I thought I had unmounted the Arch hard-drive before I partitioned it, but, I have a feeling the strange root permissions may have emulated from there. So, I'll be keeping my Gparted USB key for future disk partitioning from now on.

Did you happen to untar something? I remember my perms got really messed up once when my tarfile included both . and .. (but this was on Solaris so maybe GNU tar has something built in to stop that)

DogMatix · 2013-07-09 15:16:54

qinohe wrote:

Glad you fixed it.
Maybe your umount scenario could be, but I guess it won't partition at all, if sill mounted.
Could it be you ran 'Disk-Utility' from Ubuntu, with user -, and not root permissions?

I think you got it in one. Ubuntu doesn't have a root log-in as default and I can't remember opening disk utility with gksudo or anything. A lesson learned there.

Arch Linux

#1 2013-07-08 15:34:18

[SOLVED] Permission problem with sudo

#2 2013-07-08 15:48:45

Re: [SOLVED] Permission problem with sudo

#3 2013-07-08 16:09:25

Re: [SOLVED] Permission problem with sudo

#4 2013-07-08 17:54:32

Re: [SOLVED] Permission problem with sudo

#5 2013-07-08 21:22:50

Re: [SOLVED] Permission problem with sudo

#6 2013-07-08 21:37:08

Re: [SOLVED] Permission problem with sudo

#7 2013-07-08 21:41:40

Re: [SOLVED] Permission problem with sudo

#8 2013-07-08 21:46:40

Re: [SOLVED] Permission problem with sudo

#9 2013-07-08 22:03:30

Re: [SOLVED] Permission problem with sudo

#10 2013-07-08 22:46:53

Re: [SOLVED] Permission problem with sudo

#11 2013-07-08 22:54:47

Re: [SOLVED] Permission problem with sudo

#12 2013-07-08 23:19:01

Re: [SOLVED] Permission problem with sudo

#13 2013-07-08 23:35:17

Re: [SOLVED] Permission problem with sudo

#14 2013-07-08 23:49:05

Re: [SOLVED] Permission problem with sudo

#15 2013-07-08 23:53:04

Re: [SOLVED] Permission problem with sudo

#16 2013-07-09 09:20:06

Re: [SOLVED] Permission problem with sudo

#17 2013-07-09 10:12:56

Re: [SOLVED] Permission problem with sudo

#18 2013-07-09 12:54:46

Re: [SOLVED] Permission problem with sudo

#19 2013-07-09 13:47:23

Re: [SOLVED] Permission problem with sudo

#20 2013-07-09 14:21:19

Re: [SOLVED] Permission problem with sudo

#21 2013-07-09 15:16:54

Re: [SOLVED] Permission problem with sudo

Board footer