You are not logged in.
Pages: 1
I am having problems getting sudo to work. This is on a brand new install from a recently downloaded ISO image and I confirmed the MD5 checksum was correct. Base system is installed and I have added a user using
# useradd -m -g users -s /bin/bash myusername
# passwd myusername
This went fine and I can log into my new account.
Logged in as root I installed sudo using
# pacman -S sudo
sudo seems to install fine and I had no errors.
I then added myusername to /etc/sudoers using vi (the default editor)
# visudo
I added myusername beneath ## User priviledge specification as follows
##
## User priviledge specification
##
root ALL=(ALL) ALL
myusername myhostname=(ALL) ALL
Running
# visudo -c
returned
/etc/sudoers: parsed OK
I reopened /etc/sudoers with visudo to check the entry and everything seems OK
This is where my problems start. As root issuing
# sudo -ll
returns
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers found, quitting
sudo: unable to initialize policy plugin
If I login as myusername and use (for example)
# sudo pacman -Syu
returns identical sudo errors.
What I have tried.
As it appeared to be a permissions problem I ran (as root)
# chown -c root:root /etc/sudoers
# chmod -c 0440 /etc/sudoers
I have also removed sudo using
# pacman -Rs sudo
then re-installed it.
However, the problem persists.
As it is a brand new install I have also reinstalled Arch with a freshly downloaded and MD5 checksum confirmed ISO. The problem is replicated.
I searched the forum and found these two posts which seem to address similar problems but could not find a fix to my problem:
https://bbs.archlinux.org/viewtopic.php?id=153319
https://bbs.archlinux.org/viewtopic.php?id=131764
I have also read: https://wiki.archlinux.org/index.php/Sudo
I don’t really know where to go next. I have installed Arch before and installed sudo successfully. If I have missing something simple I am at a loss as to what it is. Any help greatly appreciated.
Last edited by DogMatix (2013-07-09 13:08:44)
Offline
Offline
Sounds like sudo itself isn't setuid. What filesystem is this? What are the mount options listed in /proc/self/mountinfo?
The file system is ext4
There are 25 entries in proc/self/mountinfo
What should I be looking out for.
I am using a 2nd machine at the moment so typing the output would take a while.
The Arch install does not even have X installed but if it would help I will go ahead and install a basic openbox DE and install a web browser so I can easily post the content of mountinfo.
Offline
Obviously I'm interested in the mount flags for the root device....
$ awk '$5 == "/"' /proc/self/mountinfo
The first question is a lot more relevant, though. Really, is sudo setuid or not? My request for the mount options is a hopeful guess at where to look for a root cause, assuming my first question is spot on.
The Arch install does not even have X installed but if it would help I will go ahead and install a basic openbox DE and install a web browser so I can easily post the content of mountinfo.
You don't need X or a web browser to post things to a pastebin...
$ curl -F 'sprunge=@-' http://sprunge.us </proc/self/mountinfo
Last edited by falconindy (2013-07-08 17:54:47)
Offline
$ awk '$5 == "/"' /proc/self/mountinfo
returned
19 1 8:2 / / rw,relatime shared:1 - ext4 /dev/sda2 rw,data=ordered
sudo setuid or not?
I have read a bit about setuid but I don't know how to tell is sudo is setuid or not? Have I missed a step setting up sudo?
I have read https://bbs.archlinux.org/edit.php?id=32020
Is this related?
Thanks for your help
Last edited by DogMatix (2013-07-08 21:28:32)
Offline
You can tell by :
ls -la /usr/bin/sudo
... The output should be similar to:
-rwsr-xr-x 1 root root 127560 Jun 14 04:58 /usr/bin/sudo
Notice the "s" in permissions? that means sudo is setuid
Offline
output of ls -la /usr/bin/sudo (run as root)
-rwsr-xr-x 1 root root 129384 Jun 14 09:58 /usr/bin/sudo
So I take that to mean sudo is setuid?
Offline
Yes.
Try replacing your "hostname=" like this
root ALL=(ALL) ALL
myusername ALL=(ALL) ALL
Offline
Yes.
Try replacing your "hostname=" like thisroot ALL=(ALL) ALL myusername ALL=(ALL) ALL
Yes, I have tried that, but using sudo still returns
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers found, quitting
sudo: unable to initialize policy plugin
but thanks for the idea.
Offline
What happens if you invoke it as /usr/bin/sudo? The point being to avoid any possible aliases, functions, wrappers, etc...
running
/usr/bin/sudo -ll
returns the same error messages I have posted above.
Offline
have you tried to do anything out of the norm in your installation/configuration?
Last edited by dag (2013-07-08 23:19:45)
--------------------------------------
alcoves wonder creates the wonder unto the ages; never lose that.
Offline
have you tried to do anything out of the norm in your installation/configuration?
This is a fresh install. The problem arose after just the base system was installed, a non root user added and sudo installed. I have now added Openbox, Xterm, Pcmanfm and Firefox. Besides the sudo issue it works fine.
The system has a Swap partition, a partition for Arch and a Home partition. I followed the Beginner's Installation Guide from the Wiki. It replaced a previous Arch system that I installed maybe a year ago that had sudo working OK.
Last edited by DogMatix (2013-07-08 23:35:59)
Offline
what are your permissions on / and /etc ?
Offline
what are your permissions on / and /etc ?
I'll check but its 1:00am here. So I'll pick this thread up in the morning. Thanks everyone for your help so far.
Offline
Here are my permissions
[root@myhostname]# ls -la /
drwx------ 18 myusername 1000 4096 Jul 8 23:08 .
drwx------ 18 myusername 1000 4096 Jul 8 23:08 ..
lrwxrwxrwx 1 root root 7 May 31 19:40 bin -> usr/bin
drwxr-xr-x 3 root root 4096 Jul 8 22:36 boot
drwxr-xr-x 17 root root 3120 Jul 9 10:55 dev
drwxr-xr-x 55 root root 4096 Jul 9 00:00 etc
drwx------ 4 myusername 1000 4096 Jul 8 22:39 home
lrwxrwxrwx 1 root root 7 May 31 19:40 lib -> usr/lib
lrwxrwxrwx 1 root root 7 May 31 19:40 lib64 -> usr/lib
drwx------ 2 root root 16384 Jul 8 21:19 lost+found
drwxr-xr-x 2 root root 4096 May 17 11:32 media
drwxr-xr-x 2 root root 4096 May 31 19:40 mnt
drwxr-xr-x 2 root root 4096 May 31 19:40 opt
dr-xr-xr-x 102 root root 0 Jul 9 10:54 proc
drwxr-x--- 6 root root 4096 Jul 9 10:55 root
drwxr-xr-x 15 root root 400 Jul 9 10:54 run
lrwxrwxrwx 1 root root 7 May 31 19:40 sbin -> usr/bin
drwxr-xr-x 4 root root 4096 May 31 19:40 srv
dr-xr-xr-x 13 root root 0 Jul 9 10:54 sys
drwxrwxrwt 7 root root 220 Jul 9 11:03 tmp
drwxr-xr-x 8 root root 4096 Jul 8 22:28 usr
drwxr-xr-x 12 root root 4096 Jul 8 22:28 var
Also the permissions of etc/sudoers, as that was mentioned in the error messages
[root@myhostname ~]# ls -la /etc/sudoers
-r--r----- 1 root root 2870 Jul 9 00:00 /etc/sudoers
EDIT: Isn't the mode of /etc/sudoers supposed to be 0440. I thought I had changed this (as mentioned in post 1).
I have just re-run
[root@myhostname ~]# chmod 0440 /etc/sudoers
[root@myhostname ~]# ls -la /etc/sudoers
-r--r----- 1 root root 2870 Jul 9 00:00 /etc/sudoers
Why hasn't the mode changed? Could this be the main issue I'm having?
Last edited by DogMatix (2013-07-09 10:00:01)
Offline
Shouldn't '/' be owned by root and not by your 'user', same counts for the home dir. shouldn't this be owned by the root user?
Only the user dir. in '/home' should be owned with your user permissions,
Maybe I'm wrong, but this is the way I have my system setup.
Permissions on the sudoers file look fine.
Offline
Shouldn't '/' be owned by root and not by your 'user', same counts for the home dir. shouldn't this be owned by the root user?
Only the user dir. in '/home' should be owned with your user permissions,
Maybe I'm wrong, but this is the way I have my system setup.Permissions on the sudoers file look fine.
You may well have something there. I checked a *buntu and a debian install I have and both have / owned by root.
So, I have nuked my Arch HDD and re-partitioned it using Gparted on a USB key and re-installed Arch. I have just run ls -la / again and now / is owned by root. Give me a little time to add a user and install sudo and I'll get back to you.
Fingers crossed.
EDIT
It's fixed. Thanks everyone for the advice.
Now, as to why this happened. The only thing I did different on this install was to use a fresh copy of Gparted on a USB to partition the hard-drive. Last time I used Disk Utility on a Ubuntu installation that is on a separate hard-drive. I thought I had unmounted the Arch hard-drive before I partitioned it, but, I have a feeling the strange root permissions may have emulated from there. So, I'll be keeping my Gparted USB key for future disk partitioning from now on.
Blimey that was confusing!
Last edited by DogMatix (2013-07-09 13:10:23)
Offline
Glad you fixed it.
Maybe your umount scenario could be, but I guess it won't partition at all, if sill mounted.
Could it be you ran 'Disk-Utility' from Ubuntu, with user -, and not root permissions?
Offline
Now, as to why this happened. The only thing I did different on this install was to use a fresh copy of Gparted on a USB to partition the hard-drive. Last time I used Disk Utility on a Ubuntu installation that is on a separate hard-drive. I thought I had unmounted the Arch hard-drive before I partitioned it, but, I have a feeling the strange root permissions may have emulated from there. So, I'll be keeping my Gparted USB key for future disk partitioning from now on.
Did you happen to untar something? I remember my perms got really messed up once when my tarfile included both . and .. (but this was on Solaris so maybe GNU tar has something built in to stop that)
Offline
Glad you fixed it.
Maybe your umount scenario could be, but I guess it won't partition at all, if sill mounted.
Could it be you ran 'Disk-Utility' from Ubuntu, with user -, and not root permissions?
I think you got it in one. Ubuntu doesn't have a root log-in as default and I can't remember opening disk utility with gksudo or anything. A lesson learned there.
Offline
Pages: 1