You are not logged in.

#1 2019-02-11 14:19:59

bugsmanagement
Member
Registered: 2017-04-21
Posts: 174

[solved] sudo permission denied on NFS

Hello everyone,

I am at odds, I can't figure why sudo is failing?

This is diskless  I setup GRUB to boot with NFSROOT.

[root@alvmsrv grub]# ls -ld /
drwxr-xr-x 16 root root 4096 Feb 10 03:57 /
[root@alvmsrv grub]# ls -ld /etc
drwxr-xr-x 51 root root 4096 Feb 11 06:16 /etc
[root@alvmsrv grub]# sudo
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
[root@alvmsrv grub]# 

If anyone have any ideas I should test?

The problem is I'm stuck how to diagnosis this?

sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
 4.20.7-arch1-1-ARCH

Last edited by bugsmanagement (2019-02-13 13:54:03)

Offline

#2 2019-02-11 14:47:37

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 21,079
Website

Re: [solved] sudo permission denied on NFS

What about `ls -l /etc/` (without the -d)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#3 2019-02-11 14:56:28

bugsmanagement
Member
Registered: 2017-04-21
Posts: 174

Re: [solved] sudo permission denied on NFS

total 804
-rw-r--r-- 1 root root      0 Dec  6 09:19 arch-release
drwxr-xr-x 3 root root   3488 Feb 10 03:40 audisp
drwxr-xr-x 2 root root   3488 Feb 10 03:40 audit
-rw-r--r-- 1 root root     28 Jan  7 11:11 bash.bash_logout
-rw-r--r-- 1 root root    618 Jan  7 11:11 bash.bashrc
-rw-r----- 1 root root   2887 Jan 13 16:06 bind.keys
-rw-r--r-- 1 root root    429 Aug 29 09:46 bindresvport.blacklist
drwxr-xr-x 2 root root   3488 Jan 13 15:29 binfmt.d
drwxr-xr-x 4 root root   3488 Feb 10 03:40 ca-certificates
drwxr-xr-x 2 root root   3488 Feb 10 11:09 conf.d
-rw------- 1 root root    722 Dec  6 09:19 crypttab
drwxr-xr-x 3 root root   3488 Feb 10 13:08 dbus-1
drwxr-xr-x 2 root root   3488 Feb 10 11:05 default
drwxr-xr-x 2 root root   3488 May 20  2018 depmod.d
-rw-r--r-- 1 root root   1268 Aug 23 09:02 dhcpcd.conf
-rw-r--r-- 1 root root     97 Jun 22  2018 environment
-rw-r--r-- 1 root root   1362 Nov 13 10:11 ethertypes
-rw-r----- 1 root root    439 Sep  7 14:02 exports
drwxr-xr-x 2 root root   3488 Sep  7 14:02 exports.d
-rw-r--r-- 1 root root    557 Feb 11 05:57 fstab
-rw-r--r-- 1 root root   2584 Oct 11 04:18 gai.conf
-rw-r--r-- 1 root root    670 Feb 10 13:08 group
-rw-r--r-- 1 root root    648 Feb 10 11:11 group-
drwxr-xr-x 2 root root   3488 Feb 10 06:04 grub.d
-rw------- 1 root root    597 Feb 10 13:08 gshadow
-rw------- 1 root root    577 Feb 10 11:11 gshadow-
drwxr-xr-x 3 root root   3488 Feb 10 05:07 gss
drwxr-xr-x 2 root root   3488 Feb 10 05:07 gssproxy
-rw-r----- 1 root root    450 Nov 28 03:37 healthd.conf
-rw-r--r-- 1 root root     73 Dec  6 09:19 host.conf
-rw-rw---- 1 root root     23 Feb 10 04:53 hostname
-rw-r--r-- 1 root root    100 Feb 10 04:54 hosts
-rw-r----- 1 root root   4849 Sep  7 14:02 idmapd.conf
drwxr-xr-x 2 root root   3488 Feb 10 03:40 ifplugd
drwxr-xr-x 4 root root   3488 Feb 10 03:40 initcpio
-rw-r--r-- 1 root root    714 Jan  7 11:00 inputrc
drwxr-xr-x 2 root root   3488 Feb 10 03:40 iproute2
drwxr-xr-x 2 root root   3488 Feb 10 03:40 iptables
-rw-r--r-- 1 root root     20 Dec  6 09:19 issue
drwxr-xr-x 3 root root   3488 Feb 10 03:40 kernel
-rw-r--r-- 1 root root    369 May  3  2018 krb5.conf
-rw-r--r-- 1 root root  37484 Feb 11 06:16 ld.so.cache
-rw-r--r-- 1 root root    117 Dec  6 09:19 ld.so.conf
drwxr-xr-x 2 root root   3488 Feb 11 01:18 ld.so.conf.d
drwxr-xr-x 2 root root   3488 Feb  8 04:39 letsencrypt
-rw-r----- 1 root root    191 Feb  2 12:26 libaudit.conf
drwxr-xr-x 2 root root   3488 Feb 10 03:40 libnl
-rw-rw---- 1 root root     17 Feb 10 04:52 locale.conf
-rw-r--r-- 1 root root   9951 Feb 10 04:52 locale.gen
lrwxrwxrwx 1 root root     36 Feb 10 04:04 localtime -> /usr/share/zoneinfo/America/New_York
-rw-r--r-- 1 root root   5645 Dec 31 08:11 login.defs
-rw-r--r-- 1 root root    686 Dec  8 04:56 logrotate.conf
drwxr-xr-x 2 root root   3488 Feb 10 11:05 logrotate.d
drwxr-xr-x 5 root root   3488 Feb 10 03:40 lvm
-r--r--r-- 1 root root     33 Feb 10 03:40 machine-id
-r--r--r-- 1 root root   8565 Jan 13 16:12 mail.rc
-rw-r----- 1 root root   5732 Jan  5 11:59 makepkg.conf
-rw-r--r-- 1 root root   5141 Jan  6 11:43 man_db.conf
-rw-r--r-- 1 root root   2349 Nov  9 16:16 mdadm.conf
drwxr-xr-x 2 root root   3488 Feb 10 11:08 mercurial
-rw-r--r-- 1 root root    812 Dec 17 04:55 mke2fs.conf
-rw-r--r-- 1 root root   2577 Feb 10 10:06 mkinitcpio.conf
drwxr-xr-x 2 root root   3488 Feb 11 06:14 mkinitcpio.d
drwxr-xr-x 2 root root   3488 May 20  2018 modprobe.d
drwxr-xr-x 2 root root   3488 Jan 13 15:29 modules-load.d
-rw-r--r-- 1 root root      0 Dec  6 09:19 motd
lrwxrwxrwx 1 root root     19 Dec  6 09:19 mtab -> ../proc/self/mounts
-rw-r--r-- 1 root root  10443 Nov 13 15:46 nanorc
-rw-r--r-- 1 root root    767 Aug 29 09:46 netconfig
drwxr-xr-x 5 root root   3488 Feb 10 03:40 netctl
-rw-r----- 1 root root    993 Sep  7 14:02 nfs.conf
-rw-r----- 1 root root   3606 Sep  7 14:02 nfsmount.conf
-rw-r--r-- 1 root root   2387 Oct 11 04:18 nscd.conf
-rw-r--r-- 1 root root    334 Dec  6 09:19 nsswitch.conf
drwxr-xr-x 2 root root   3488 Feb 10 03:40 openldap
lrwxrwxrwx 1 root root     21 Feb 10 03:41 os-release -> ../usr/lib/os-release
-rw-r----- 1 root root   2902 Jan  5 11:59 pacman.conf
drwxr-xr-x 6 root root   3488 Feb 10 03:41 pacman.d
drwxr-xr-x 2 root root   3488 Feb 11 05:55 pam.d
-rw-r--r-- 1 root root    912 Feb 10 13:08 passwd
-rw-r--r-- 1 root root    861 Feb 10 11:11 passwd-
drwxr-xr-x 2 root root   3488 Feb 10 03:40 pkcs11
drwxr-xr-x 3 root root   3488 Feb 10 13:08 polkit-1
-rw-r--r-- 1 root root    759 Dec  6 09:19 profile
drwxr-xr-x 2 root root   3488 Feb 11 01:17 profile.d
-rw-r--r-- 1 root root   3145 Jan 27 11:07 protocols
-rw-r--r-- 1 root root   1814 Nov 14 15:00 request-key.conf
drwxr-xr-x 2 root root   3488 Feb 10 05:07 request-key.d
-rw-r--r-- 1 root root    107 Feb 10 07:55 resolv.conf
-rw-r--r-- 1 root root    254 Nov  9 18:40 resolvconf.conf
-rw-r--r-- 1 root root   1634 Oct 11 04:18 rpc
-rw-r----- 1 root root    172 Jan 29  2018 rsyncd.conf
-rw-r--r-- 1 root root    139 Dec  6 09:19 securetty
drwxr-xr-x 2 root root   3488 Feb 10 03:40 security
-rw-r----- 1 root root  10593 Nov 28 03:37 sensors3.conf
drwxr-xr-x 2 root root   3488 Nov 28 03:37 sensors.d
-rw-r--r-- 1 root root 296664 Jan 27 11:07 services
-rw------- 1 root root    542 Feb 10 13:08 shadow
-rw------- 1 root root    519 Feb 10 11:11 shadow-
-rw-r--r-- 1 root root    124 Feb 10 11:10 shells
drwxr-xr-x 2 root root   3488 Feb 10 03:40 skel
drwxr-xr-x 2 root root   3488 Feb 10 10:58 ssh
drwxr-xr-x 5 root root   3488 Feb 10 03:40 ssl
-rwxr-xr-x 1 root root 140600 Feb 11 05:50 sudo
-r--r----- 1 root root   3174 Jan 13 07:40 sudoers
-r--r----- 1 root root   3174 Feb 10 12:36 sudoers.b
drwxr-x--- 2 root root   3488 Feb 10 11:11 sudoers.d
-r--r----- 1 root root   3174 Feb 10 12:13 sudoers.test
drwxr-xr-x 2 root root   3488 Jan 13 15:29 sysctl.d
drwxr-xr-x 3 root root   3488 Feb 10 11:05 syslog-ng
drwxr-xr-x 5 root root   3488 Feb 11 01:20 systemd
drwxr-xr-x 2 root root   3488 Jan 13 15:29 tmpfiles.d
-rw-r----- 1 root root   1476 Oct  3 18:45 trusted-key.key
drwxr-xr-x 4 root root   3488 Feb 11 01:20 udev
-rw-r----- 1 root root    912 Feb  7 14:47 vimrc
-rw-r----- 1 root root   5026 Jan 13 16:13 wgetrc
drwxr-xr-x 3 root root   3488 Feb 10 03:40 X11
-rw-r--r-- 1 root root    642 Jun 19  2018 xattr.conf
drwxr-xr-x 3 root root   3488 Feb 10 03:40 xdg
drwxr-xr-x 2 root root   3488 Feb 10 11:06 xinetd.d
drwxr-xr-x 2 root root   3488 Feb 10 11:09 zsh
[root@alvmsrv grub]# mount
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sys on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
dev on /dev type devtmpfs (rw,nosuid,relatime,size=2775648k,nr_inodes=693912,mode=755)
run on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
172.16.1.2:/alvmsrvfs on / type nfs4 (rw,relatime,vers=4.2,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.4.4,local_lock=none,addr=172.16.1.2)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=33,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=10987)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev)
/dev/sda2 on /etc type f2fs (rw,relatime,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=reuse,fsync_mode=posix)
/dev/sda1 on /boot type ext4 (rw,relatime)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=556588k,mode=700)

Offline

#4 2019-02-11 14:58:38

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 21,079
Website

Re: [solved] sudo permission denied on NFS

What's sudoers.b?  Did you manually copy and/or make edits to sudoers without using visudo?


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#5 2019-02-11 15:12:56

bugsmanagement
Member
Registered: 2017-04-21
Posts: 174

Re: [solved] sudo permission denied on NFS

I've actually did visudo -c, every command passes, I did strace on sudo, when it stat the file (kernel EACCES (Permission denied)). I've installed LTS kernel but haven't tested that yet

[root@alvmsrv grub]# ls /etc/sudoers.d/
sysadmin
[root@alvmsrv grub]# ls /etc/sudoers.d/
sysadmin
[root@alvmsrv grub]# cat /etc/sudoers.d/sysadmin 
sysadmin ALL=(ALL) NOPASSWD: ALL[root@alvmsrv grub]#

Last edited by bugsmanagement (2019-02-11 15:19:07)

Offline

#6 2019-02-11 16:07:59

seth
Member
Registered: 2012-09-03
Posts: 10,298

Re: [solved] sudo permission denied on NFS

Can you run "chsh" as non-root? (Quick test on whether SUID works…)

Offline

#7 2019-02-13 05:05:48

bugsmanagement
Member
Registered: 2017-04-21
Posts: 174

Re: [solved] sudo permission denied on NFS

Hello,

I'm thinking there is something funky with the NAS server I'm using for this diskless setup, so I'm going to build a NFS Server with ArchLinux and reinstalled. This after I've just discovered that 'zsh' files had mismatched permissions.

Offline

#8 2019-02-13 11:08:47

mich41
Member
Registered: 2012-06-22
Posts: 796

Re: [solved] sudo permission denied on NFS

I suppose it has absolutely nothing to do with sudo.

Just because you are root on the client machine, doesn't imply that the server will allow any random client connecting to it read/write file exclusive to root.
I suspect that you are completely unable to write/read any file on the NFS server which is writable/readable only by root.

You need to do some special server configuration for that. I don't remember the details. Goolag it or try on the "networking" subforum.

Offline

#9 2019-02-13 12:31:53

bugsmanagement
Member
Registered: 2017-04-21
Posts: 174

Re: [solved] sudo permission denied on NFS

Thanks @mich41.

I've actually already evaluated that prior to creating the share and added `no_root_squash`, so what the clients sees is what is laid out on the server.

mich41 wrote:

I suppose it has absolutely nothing to do with sudo.

Perhaps, though, at the time, it seemed only sudo was affected. I could mv, make changes with visudo, stat, etc. 

I surmise that this NAS Server OS that am I'm using is not equipped to use it in this scenario.

I've already deployed a ArchLinux NFS Server and configuring it as I'm typing and I'll report back my findings.

Offline

#10 2019-02-13 12:42:59

mich41
Member
Registered: 2012-06-22
Posts: 796

Re: [solved] sudo permission denied on NFS

bugsmanagement wrote:

Perhaps, though, at the time, it seemed only sudo was affected. I could mv, make changes with visudo, stat, etc.

Sorry, I missed that post.
If you can read and write that file as root on the client machine but somehow sudo fails to read it, that's unlikely to be a problem with NFS.
Try what seth suggested.

Offline

#11 2019-02-13 13:53:28

bugsmanagement
Member
Registered: 2017-04-21
Posts: 174

Re: [solved] sudo permission denied on NFS

Thanks for everyone's help. I'm going to mark this thread as solved, the fresh ArchLinux install is no longer exhibiting the behavior anymore using a fresh ArchLinux NFS server. I'll chalk this unusual behavior to the NAS Server running Openmediavault. Cheers.

Offline

Board footer

Powered by FluxBB