Sudo fails with 'nosuid' error after hard reset - fsck did not fix

niso · 2025-07-02 13:51:56

Hello everyone,

I'm hoping to get some help diagnosing a persistent `sudo` issue on my Arch Linux system running on a RedmiBook 14 II, which started after a hard reset. (I have been using arch for an year had some issues with pam.d login with i3lock sometimes failed)

The Problem:
I can log in to my user account without any problem, but when I try to use sudo, it prompts for my password and immediately fails with:

Sorry, try again.

What I've Tried So Far:

Checked User Groups:
My user is part of the wheel group, so permissions should be fine:
```
$ groups niso
niso wheel ...
```

strace Diagnosis:
Running strace sudo reveals the core issue relates to the nosuid mount option:

write(2, "sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set...", 128)

Filesystem Repair:
Suspecting filesystem corruption due to the hard reset, I booted into an Arch Linux live USB and ran:
```
fsck -y /dev/sda2
```
The check finished without errors, but the problem remains after reboot.

Has anyone encountered a similar issue or can suggest how to verify or fix the nosuid flag problem? Any advice would be greatly appreciated!

Thanks in advance!

Last edited by niso (2025-07-02 13:53:02)

V1del · 2025-07-02 14:13:48

The nosuid flag is something you'd see very clearly in the output of mount. Maybe check wether the hard reset corrupted anything, can you still use su/log into a root shell?

su -c 'LC_ALL=C pacman -Qkk 2>&1 | grep -v ', 0 altered files' | grep -v backup > /tmp/howbadisit.txt'

niso · 2025-07-02 15:15:57

Thanks for the advice!

I can't run

sudo

or

su

as both fail authentication.

However, I managed to run

pacman -Qkk sudo

as my regular user and got this warning:

warning: sudo: /etc/sudoers (failed to calculate SHA256 checksum)
sudo: 244 total files, 1 altered file

It looks like

/etc/sudoers

is altered or corrupted, which may be causing

sudo

to fail.

I’m currently unable to fix this without root access. I plan to use a live USB to chroot into my system
If you have any advice, I’d appreciate it!

Thanks again.

niso · 2025-07-02 15:22:12

I ran the following commands to check the mount options:

mount | grep " / "
mount | grep " /usr "
mount | grep " /home "

Here is the output I got:

/dev/sda2 on / type btrfs (rw,relatime,compress=zstd:3,ssd,discard=async,space_cache=v2,subvolid=256,subvol=/@)
/dev/sda2 on /home type btrfs (rw,relatime,compress=zstd:3,ssd,discard=async,space_cache=v2,subvolid=258,subvol=/@home)

As you can see, neither `/` nor `/home` is mounted with the `nosuid` option.

V1del · 2025-07-02 15:41:30

that sudoers is altered is normally normal if you ever configured it, unless it's completely broken. The rest of potentially adjusted files might be more interesting but they are ideally ran from some form of root level access, e..g you could run that from a chroot as well and then upload the resulting text file somewhere: https://wiki.archlinux.org/title/List_o … n_services

niso · 2025-07-02 17:37:04

Hey hope this provides some new insights : https://pastebin.com/g5xx0Biw

seth · 2025-07-02 18:03:26

warning: database file for 'core' does not exist (use '-Sy' to download)
warning: database file for 'extra' does not exist (use '-Sy' to download)

Fix this, then run the command from #2 as written there and upload that file.

niso · 2025-07-02 19:12:51

Update:

Seems that running the following fixed my issue with sudo and su -:

pacman -S --noconfirm pam pambase sudo shadow util-linux

I still have the same issue I had before: i3lock (and even betterlockscreen) sometimes freezes and won't unlock. I have to switch to a TTY and

pkill

it manually. Not sure why that happens. Any advice would be appreciated.

Thanks a ton for the help!
I'll definitely avoid hard-resetting the laptop again...

PS: Is there a recommended way to properly set up sleep/hibernate on laptops with Btrfs? I tried following the wiki but couldn't get it to work, so I gave up at some point. Would love any tips!

seth · 2025-07-02 19:15:35

Not sure why that happens.

Neither do can or will we.
You can check your system journal or actually start to share the relevant data to give us a distant chance to make a somewhat informed comment on the situation.

niso · 2025-07-02 19:30:27

Okay, my bad.

Regarding the original sudo issue — here are the logs you asked for from earlier:
https://pastebin.com/F25NzjQq

As for the betterlockscreen/i3lock freezing issue, I collected some logs from the previous boot and related PAM/X11 session info:
https://raw.githubusercontent.com/NisoD … errors.txt

Let me know if I missed anything or if you’d like me to run other checks.
Appreciate the guidance!

seth · 2025-07-02 20:01:24

liwarning: linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad103 (No such file or directory)
warning: linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad104 (No such file or directory)
warning: linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad106 (No such file or directory)
warning: linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad107 (No such file or directory)
warning: linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad102/gsp/booter_load-535.113.01.bin.zst (No such file or directory)
warning: linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad102/gsp/booter_unload-535.113.01.bin.zst (No such file or directory)
warning: linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad102/gsp/bootloader-535.113.01.bin.zst (No such file or directory)
warning: linux-firmware-nvidia: /usr/lib/firmware/nvidia/ad102/gsp/gsp-535.113.01.bin.zst (No such file or directory)

Do yo NoExtract those? The rest is harmless and yo also restored the database.

Jul 02 20:58:56 danielinux i3bar[1918]: pango_layout_set_markup_with_accel: Value of 'foreground' attribute on <span> tag on line 1 could not be parsed; should be a color specification, not ''

This is gonna spam your journal into oblivion, you might wanna fix that.

Jul 02 20:56:44 danielinux sudo[19862]: pam_unix(sudo:auth): auth could not identify password for [niso]
Jul 02 20:56:49 danielinux sudo[19940]: pam_unix(sudo:auth): conversation failed

this is super suspicious - is this fixed w/ your recent intervention?

The don't post random journal fragments, post the entire journal if you can't make sense out of it, BUT:
Before that live-inspect the "frozen" locker:
From the other TTY check "faillock" - though you could not log in if that would have hit there certinaly is

Jul 02 21:19:20 danielinux i3lock[32893]: pam_unix(i3lock:auth): authentication failure; logname=niso uid=1000 euid=1000 tty=:0 ruser= rhost=  user=niso
Jul 02 20:39:08 danielinux su[7312]: pam_unix(su:auth): authentication failure; logname=niso uid=1000 euid=0 tty=/dev/pts/1 ruser=niso rhost=  user=root
Jul 02 21:19:20 danielinux i3lock[32893]: pam_unix(i3lock:auth): authentication failure; logname=niso uid=1000 euid=1000 tty=:0 ruser= rhost=  user=niso
Jul 02 21:19:38 danielinux login[34037]: FAILED LOGIN 1 FROM tty3 FOR niso, Authentication failure

and also the process status

ps aux -p $(pidof i3lock)

will do - though you could not SIGTERM a dormant or stopped process either.

Then elaborate on the "frozen" status - does i3lock respond to input at all? Does the clock progress?
Or are those auth failures indicative of "freezes and won't unlock"? (You can check the tail of your journal after failing to unlock)

Finally there's "gdm-x-session" in your snippets - do you https://wiki.archlinux.org/title/GDM#Use_Xorg_backend ?
Is your users password qwerty save? Or do you actually use "pc105+inet"/"us" (ie a US qwerty keyboard)

Edit: for the unrelated btrfs hibernation.
BTRFS is only significant if you're using a swap image, https://wiki.archlinux.org/title/Power_ … ile_offset - "For Btrfs, do not try to use the filefrag tool … Instead, use the btrfs-inspect-internal"

Last edited by seth (2025-07-02 20:03:22)

niso · 2025-07-02 21:00:07

Thanks again for the detailed input.

1. I’ve now added the NVIDIA firmware files to `NoExtract` in `pacman.conf`, since I don't use the NVIDIA drivers and they caused problems in the past. That should clean up the related warnings.

2. The i3bar config issue with the empty `foreground=''` value is now fixed—thanks for pointing that out.

3. I can now use `su`, and `sudo`, I hope it's permanent.
4. Regarding the lock screen: It doesn’t exactly freeze, but entering the correct password doesn't work. This happens with both `i3lock` and `betterlockscreen`. I can't seem to trigger it i tried changing the language and locking the screen but it doesnt seem to trigger it.
My password uses standard US QWERTY characters, so I don’t expect layout issues.

Here’s my keyboard config (maybe this is the issue?):

setxkbmap -query
rules:      evdev
model:      pc105+inet
layout:     us,il
options:    grp\:win\_space\_toggle,terminate\:ctrl\_alt\_bksp

Regarding GDM and display server:
I checked with

echo $XDG_SESSION_TYPE

and got x11.

About for

systemctl status gdm.service

i pasted here: https://pastebin.com/4KUYg7CC

5. I’ve uploaded the full journal from last hour
https://pastebin.com/K9P3wALv

Appreciate the guidance!
ps: about the hibernate ill deep dive on my own and ask concrete informative questions

seth · 2025-07-03 08:36:10

1. Just don't install linux-firmware-nvidia ?
4.

entering the correct password doesn't work
…
layout: us,il

Try to cause this w/ a qwerty-safe password, eg.

Regarding GDM and display server:
I checked with

that doesn't reflect GDM at all, but your currently running session (i3)

https://pastebin.com/4KUYg7CC is copy-pasta from the pager, truncating lines and https://pastebin.com/K9P3wALv doesn't cover the pre-session situation either.
=> check teh actual GDM configuration…

The random snippet however has a lot of "ERROR: ERROR: No such screen", https://github.com/i3/i3/issues/615 and most notably

Jul 02 22:27:30 danielinux sudo[27537]: pam_unix(sudo:auth): conversation failed
Jul 02 22:27:30 danielinux sudo[27537]: pam_unix(sudo:auth): auth could not identify password for [niso]

Make sure your user/password (hash) actually shows up in /etc/{passwd,shadow}

Arch Linux

#1 2025-07-02 13:51:56

Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#2 2025-07-02 14:13:48

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#3 2025-07-02 15:15:57

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#4 2025-07-02 15:22:12

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#5 2025-07-02 15:41:30

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#6 2025-07-02 17:37:04

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#7 2025-07-02 18:03:26

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#8 2025-07-02 19:12:51

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#9 2025-07-02 19:15:35

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#10 2025-07-02 19:30:27

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#11 2025-07-02 20:01:24

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#12 2025-07-02 21:00:07

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

#13 2025-07-03 08:36:10

Re: Sudo fails with 'nosuid' error after hard reset - fsck did not fix

Board footer