You are not logged in.
Pages: 1
Hello everyone,
I am at odds, I can't figure why sudo is failing?
This is diskless I setup GRUB to boot with NFSROOT.
[root@alvmsrv grub]# ls -ld /
drwxr-xr-x 16 root root 4096 Feb 10 03:57 /
[root@alvmsrv grub]# ls -ld /etc
drwxr-xr-x 51 root root 4096 Feb 11 06:16 /etc
[root@alvmsrv grub]# sudo
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
[root@alvmsrv grub]#
If anyone have any ideas I should test?
The problem is I'm stuck how to diagnosis this?
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
4.20.7-arch1-1-ARCH
Last edited by bugsmanagement (2019-02-13 13:54:03)
Offline
What about `ls -l /etc/` (without the -d)
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
total 804
-rw-r--r-- 1 root root 0 Dec 6 09:19 arch-release
drwxr-xr-x 3 root root 3488 Feb 10 03:40 audisp
drwxr-xr-x 2 root root 3488 Feb 10 03:40 audit
-rw-r--r-- 1 root root 28 Jan 7 11:11 bash.bash_logout
-rw-r--r-- 1 root root 618 Jan 7 11:11 bash.bashrc
-rw-r----- 1 root root 2887 Jan 13 16:06 bind.keys
-rw-r--r-- 1 root root 429 Aug 29 09:46 bindresvport.blacklist
drwxr-xr-x 2 root root 3488 Jan 13 15:29 binfmt.d
drwxr-xr-x 4 root root 3488 Feb 10 03:40 ca-certificates
drwxr-xr-x 2 root root 3488 Feb 10 11:09 conf.d
-rw------- 1 root root 722 Dec 6 09:19 crypttab
drwxr-xr-x 3 root root 3488 Feb 10 13:08 dbus-1
drwxr-xr-x 2 root root 3488 Feb 10 11:05 default
drwxr-xr-x 2 root root 3488 May 20 2018 depmod.d
-rw-r--r-- 1 root root 1268 Aug 23 09:02 dhcpcd.conf
-rw-r--r-- 1 root root 97 Jun 22 2018 environment
-rw-r--r-- 1 root root 1362 Nov 13 10:11 ethertypes
-rw-r----- 1 root root 439 Sep 7 14:02 exports
drwxr-xr-x 2 root root 3488 Sep 7 14:02 exports.d
-rw-r--r-- 1 root root 557 Feb 11 05:57 fstab
-rw-r--r-- 1 root root 2584 Oct 11 04:18 gai.conf
-rw-r--r-- 1 root root 670 Feb 10 13:08 group
-rw-r--r-- 1 root root 648 Feb 10 11:11 group-
drwxr-xr-x 2 root root 3488 Feb 10 06:04 grub.d
-rw------- 1 root root 597 Feb 10 13:08 gshadow
-rw------- 1 root root 577 Feb 10 11:11 gshadow-
drwxr-xr-x 3 root root 3488 Feb 10 05:07 gss
drwxr-xr-x 2 root root 3488 Feb 10 05:07 gssproxy
-rw-r----- 1 root root 450 Nov 28 03:37 healthd.conf
-rw-r--r-- 1 root root 73 Dec 6 09:19 host.conf
-rw-rw---- 1 root root 23 Feb 10 04:53 hostname
-rw-r--r-- 1 root root 100 Feb 10 04:54 hosts
-rw-r----- 1 root root 4849 Sep 7 14:02 idmapd.conf
drwxr-xr-x 2 root root 3488 Feb 10 03:40 ifplugd
drwxr-xr-x 4 root root 3488 Feb 10 03:40 initcpio
-rw-r--r-- 1 root root 714 Jan 7 11:00 inputrc
drwxr-xr-x 2 root root 3488 Feb 10 03:40 iproute2
drwxr-xr-x 2 root root 3488 Feb 10 03:40 iptables
-rw-r--r-- 1 root root 20 Dec 6 09:19 issue
drwxr-xr-x 3 root root 3488 Feb 10 03:40 kernel
-rw-r--r-- 1 root root 369 May 3 2018 krb5.conf
-rw-r--r-- 1 root root 37484 Feb 11 06:16 ld.so.cache
-rw-r--r-- 1 root root 117 Dec 6 09:19 ld.so.conf
drwxr-xr-x 2 root root 3488 Feb 11 01:18 ld.so.conf.d
drwxr-xr-x 2 root root 3488 Feb 8 04:39 letsencrypt
-rw-r----- 1 root root 191 Feb 2 12:26 libaudit.conf
drwxr-xr-x 2 root root 3488 Feb 10 03:40 libnl
-rw-rw---- 1 root root 17 Feb 10 04:52 locale.conf
-rw-r--r-- 1 root root 9951 Feb 10 04:52 locale.gen
lrwxrwxrwx 1 root root 36 Feb 10 04:04 localtime -> /usr/share/zoneinfo/America/New_York
-rw-r--r-- 1 root root 5645 Dec 31 08:11 login.defs
-rw-r--r-- 1 root root 686 Dec 8 04:56 logrotate.conf
drwxr-xr-x 2 root root 3488 Feb 10 11:05 logrotate.d
drwxr-xr-x 5 root root 3488 Feb 10 03:40 lvm
-r--r--r-- 1 root root 33 Feb 10 03:40 machine-id
-r--r--r-- 1 root root 8565 Jan 13 16:12 mail.rc
-rw-r----- 1 root root 5732 Jan 5 11:59 makepkg.conf
-rw-r--r-- 1 root root 5141 Jan 6 11:43 man_db.conf
-rw-r--r-- 1 root root 2349 Nov 9 16:16 mdadm.conf
drwxr-xr-x 2 root root 3488 Feb 10 11:08 mercurial
-rw-r--r-- 1 root root 812 Dec 17 04:55 mke2fs.conf
-rw-r--r-- 1 root root 2577 Feb 10 10:06 mkinitcpio.conf
drwxr-xr-x 2 root root 3488 Feb 11 06:14 mkinitcpio.d
drwxr-xr-x 2 root root 3488 May 20 2018 modprobe.d
drwxr-xr-x 2 root root 3488 Jan 13 15:29 modules-load.d
-rw-r--r-- 1 root root 0 Dec 6 09:19 motd
lrwxrwxrwx 1 root root 19 Dec 6 09:19 mtab -> ../proc/self/mounts
-rw-r--r-- 1 root root 10443 Nov 13 15:46 nanorc
-rw-r--r-- 1 root root 767 Aug 29 09:46 netconfig
drwxr-xr-x 5 root root 3488 Feb 10 03:40 netctl
-rw-r----- 1 root root 993 Sep 7 14:02 nfs.conf
-rw-r----- 1 root root 3606 Sep 7 14:02 nfsmount.conf
-rw-r--r-- 1 root root 2387 Oct 11 04:18 nscd.conf
-rw-r--r-- 1 root root 334 Dec 6 09:19 nsswitch.conf
drwxr-xr-x 2 root root 3488 Feb 10 03:40 openldap
lrwxrwxrwx 1 root root 21 Feb 10 03:41 os-release -> ../usr/lib/os-release
-rw-r----- 1 root root 2902 Jan 5 11:59 pacman.conf
drwxr-xr-x 6 root root 3488 Feb 10 03:41 pacman.d
drwxr-xr-x 2 root root 3488 Feb 11 05:55 pam.d
-rw-r--r-- 1 root root 912 Feb 10 13:08 passwd
-rw-r--r-- 1 root root 861 Feb 10 11:11 passwd-
drwxr-xr-x 2 root root 3488 Feb 10 03:40 pkcs11
drwxr-xr-x 3 root root 3488 Feb 10 13:08 polkit-1
-rw-r--r-- 1 root root 759 Dec 6 09:19 profile
drwxr-xr-x 2 root root 3488 Feb 11 01:17 profile.d
-rw-r--r-- 1 root root 3145 Jan 27 11:07 protocols
-rw-r--r-- 1 root root 1814 Nov 14 15:00 request-key.conf
drwxr-xr-x 2 root root 3488 Feb 10 05:07 request-key.d
-rw-r--r-- 1 root root 107 Feb 10 07:55 resolv.conf
-rw-r--r-- 1 root root 254 Nov 9 18:40 resolvconf.conf
-rw-r--r-- 1 root root 1634 Oct 11 04:18 rpc
-rw-r----- 1 root root 172 Jan 29 2018 rsyncd.conf
-rw-r--r-- 1 root root 139 Dec 6 09:19 securetty
drwxr-xr-x 2 root root 3488 Feb 10 03:40 security
-rw-r----- 1 root root 10593 Nov 28 03:37 sensors3.conf
drwxr-xr-x 2 root root 3488 Nov 28 03:37 sensors.d
-rw-r--r-- 1 root root 296664 Jan 27 11:07 services
-rw------- 1 root root 542 Feb 10 13:08 shadow
-rw------- 1 root root 519 Feb 10 11:11 shadow-
-rw-r--r-- 1 root root 124 Feb 10 11:10 shells
drwxr-xr-x 2 root root 3488 Feb 10 03:40 skel
drwxr-xr-x 2 root root 3488 Feb 10 10:58 ssh
drwxr-xr-x 5 root root 3488 Feb 10 03:40 ssl
-rwxr-xr-x 1 root root 140600 Feb 11 05:50 sudo
-r--r----- 1 root root 3174 Jan 13 07:40 sudoers
-r--r----- 1 root root 3174 Feb 10 12:36 sudoers.b
drwxr-x--- 2 root root 3488 Feb 10 11:11 sudoers.d
-r--r----- 1 root root 3174 Feb 10 12:13 sudoers.test
drwxr-xr-x 2 root root 3488 Jan 13 15:29 sysctl.d
drwxr-xr-x 3 root root 3488 Feb 10 11:05 syslog-ng
drwxr-xr-x 5 root root 3488 Feb 11 01:20 systemd
drwxr-xr-x 2 root root 3488 Jan 13 15:29 tmpfiles.d
-rw-r----- 1 root root 1476 Oct 3 18:45 trusted-key.key
drwxr-xr-x 4 root root 3488 Feb 11 01:20 udev
-rw-r----- 1 root root 912 Feb 7 14:47 vimrc
-rw-r----- 1 root root 5026 Jan 13 16:13 wgetrc
drwxr-xr-x 3 root root 3488 Feb 10 03:40 X11
-rw-r--r-- 1 root root 642 Jun 19 2018 xattr.conf
drwxr-xr-x 3 root root 3488 Feb 10 03:40 xdg
drwxr-xr-x 2 root root 3488 Feb 10 11:06 xinetd.d
drwxr-xr-x 2 root root 3488 Feb 10 11:09 zsh
[root@alvmsrv grub]# mount
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sys on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
dev on /dev type devtmpfs (rw,nosuid,relatime,size=2775648k,nr_inodes=693912,mode=755)
run on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
172.16.1.2:/alvmsrvfs on / type nfs4 (rw,relatime,vers=4.2,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.4.4,local_lock=none,addr=172.16.1.2)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=33,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=10987)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev)
/dev/sda2 on /etc type f2fs (rw,relatime,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=reuse,fsync_mode=posix)
/dev/sda1 on /boot type ext4 (rw,relatime)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=556588k,mode=700)
Offline
What's sudoers.b? Did you manually copy and/or make edits to sudoers without using visudo?
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
I've actually did visudo -c, every command passes, I did strace on sudo, when it stat the file (kernel EACCES (Permission denied)). I've installed LTS kernel but haven't tested that yet
[root@alvmsrv grub]# ls /etc/sudoers.d/
sysadmin
[root@alvmsrv grub]# ls /etc/sudoers.d/
sysadmin
[root@alvmsrv grub]# cat /etc/sudoers.d/sysadmin
sysadmin ALL=(ALL) NOPASSWD: ALL[root@alvmsrv grub]#
Last edited by bugsmanagement (2019-02-11 15:19:07)
Offline
Can you run "chsh" as non-root? (Quick test on whether SUID works…)
Online
Hello,
I'm thinking there is something funky with the NAS server I'm using for this diskless setup, so I'm going to build a NFS Server with ArchLinux and reinstalled. This after I've just discovered that 'zsh' files had mismatched permissions.
Offline
I suppose it has absolutely nothing to do with sudo.
Just because you are root on the client machine, doesn't imply that the server will allow any random client connecting to it read/write file exclusive to root.
I suspect that you are completely unable to write/read any file on the NFS server which is writable/readable only by root.
You need to do some special server configuration for that. I don't remember the details. Goolag it or try on the "networking" subforum.
Offline
Thanks @mich41.
I've actually already evaluated that prior to creating the share and added `no_root_squash`, so what the clients sees is what is laid out on the server.
I suppose it has absolutely nothing to do with sudo.
Perhaps, though, at the time, it seemed only sudo was affected. I could mv, make changes with visudo, stat, etc.
I surmise that this NAS Server OS that am I'm using is not equipped to use it in this scenario.
I've already deployed a ArchLinux NFS Server and configuring it as I'm typing and I'll report back my findings.
Offline
Perhaps, though, at the time, it seemed only sudo was affected. I could mv, make changes with visudo, stat, etc.
Sorry, I missed that post.
If you can read and write that file as root on the client machine but somehow sudo fails to read it, that's unlikely to be a problem with NFS.
Try what seth suggested.
Offline
Thanks for everyone's help. I'm going to mark this thread as solved, the fresh ArchLinux install is no longer exhibiting the behavior anymore using a fresh ArchLinux NFS server. I'll chalk this unusual behavior to the NAS Server running Openmediavault. Cheers.
Offline
Pages: 1