Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
sudo Permission denied
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
chy168
n00b
n00b


Joined: 12 Mar 2005
Posts: 70

PostPosted: Fri Aug 12, 2005 6:58 am    Post subject: sudo Permission denied Reply with quote

Hello,
I just emerge app-admin/sudo
but when I use it, i get some errors >"<
Code:
chy168@gentoo ~ $ sudo su
sudo: can't open /etc/sudoers: Permission denied
chy168@gentoo ~ $ sendmail: Cannot open mail:25


I have set the sudoer:
Code:
root    ALL=(ALL) ALL
chy168  ALL=(ALL) ALL


And, I event don't install "sendmail", why I get the message "sendmail: Cannot open mail:25" ?


thank you. :P
Back to top
View user's profile Send private message
Dlareh
Advocate
Advocate


Joined: 06 Aug 2005
Posts: 2102

PostPosted: Fri Aug 12, 2005 7:01 am    Post subject: Reply with quote

"sudo su" is redundant -- use one or the other. Perhaps "sudo -s" is what you are looking for.

as to your problem,
Code:
ls -l /etc/sudoers

_________________
"Mr Thomas Edison has been up on the two previous nights discovering 'a bug' in his phonograph." --Pall Mall Gazette (1889)
Are we THERE yet?
Back to top
View user's profile Send private message
chy168
n00b
n00b


Joined: 12 Mar 2005
Posts: 70

PostPosted: Fri Aug 12, 2005 8:01 am    Post subject: Reply with quote

Dlareh wrote:
"sudo su" is redundant -- use one or the other. Perhaps "sudo -s" is what you are looking for.

as to your problem,
Code:
ls -l /etc/sudoers


thank you for your help.
but it still not work well. :(
Code:

chy168@gentoo ~ $ sudo -s
sudo: can't open /etc/sudoers: Permission denied
chy168@gentoo ~ $ sendmail: Cannot open mail:25

chy168@gentoo ~ $


and my /etc/sudoers exits .
Code:
chy168@gentoo ~ $ ls -al /etc/sudoers
-r--r-----  1 root root 1666 Aug 12 22:37 /etc/sudoers
chy168@gentoo ~ $
Back to top
View user's profile Send private message
nichocouk
Guru
Guru


Joined: 10 Mar 2005
Posts: 568
Location: Glasgow

PostPosted: Fri Aug 12, 2005 9:09 am    Post subject: Reply with quote

Try first to edit your sudoers file:
Code:

# su -
# cd /etc
# visudo sudoers

Have you taken a look at the man pages?
Code:

man sudo
man sudoers
man visudo


There are some parameters to set before being able to use sudo properly.
_________________
nichocouk

L'Etat, c'est moi.
Back to top
View user's profile Send private message
chy168
n00b
n00b


Joined: 12 Mar 2005
Posts: 70

PostPosted: Sun Aug 14, 2005 1:20 pm    Post subject: Reply with quote

Hi,
I did
Code:
visudo

and I even add the users to the /etc/sudoers

but I still not work :(

Now, I type sudo.
My gentoo will show:

Code:
gentoo ~ # sudo
sudo: can't open /etc/sudoers: Permission denied
sendmail: Cannot open mail:25
gentoo ~ #


I even cheked the file permission:
Code:
gentoo ~ # ls -al /usr/bin/sudo /etc/sudoers
-r--r-----  1 root root    40 Aug 14 07:17 /etc/sudoers
---s--x--x  1 root root 87944 Aug 13 23:01 /usr/bin/sudo
gentoo ~ #


how could I help my gentoo ? :?
Back to top
View user's profile Send private message
Dlareh
Advocate
Advocate


Joined: 06 Aug 2005
Posts: 2102

PostPosted: Sun Aug 14, 2005 6:57 pm    Post subject: Reply with quote

ok those file permissions are correct -- post your /etc/sudoers file
_________________
"Mr Thomas Edison has been up on the two previous nights discovering 'a bug' in his phonograph." --Pall Mall Gazette (1889)
Are we THERE yet?
Back to top
View user's profile Send private message
chy168
n00b
n00b


Joined: 12 Mar 2005
Posts: 70

PostPosted: Mon Aug 15, 2005 2:38 am    Post subject: Reply with quote

Thank you~ Here my sudoer is. :p

Code:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Reset environment by default
Defaults        env_reset

# Uncomment to allow users in group wheel to export variables
# Defaults:%wheel       !env_reset

# Allow users in group users to export specific variables
# Defaults:%users       env_keep=TZ

# Allow specific user to bypass env_delete for TERMCAP
# Defaults:user     env_delete-=TERMCAP
# Set default EDITOR to vi, and do not allow visudo to use EDITOR/VISUAL.
# Defaults      editor=/usr/bin/vim, !env_editor

# Runas alias specification

# *** REMEMBER ***************************************************
# * GIVING SUDO ACCESS TO USERS ALLOWS THEM TO RUN THE SPECIFIED *
# * COMMANDS WITH ELEVATED PRIVILEGES.                           *
# *                                                              *
# * NEVER PERMIT UNTRUSTED USERS TO ACCESS SUDO.                 *
# ****************************************************************

# User privilege specification
root    ALL=(ALL) ALL
chy168  ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

# Users in group www are allowed to  edit httpd.conf and ftpd.conf
# using sudoedit, or sudo -e, without a password.
# %www          ALL=(ALL)       NOPASSWD: sudoedit /etc/httpd.conf, /etc/ftpd.conf

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

Back to top
View user's profile Send private message
chy168
n00b
n00b


Joined: 12 Mar 2005
Posts: 70

PostPosted: Mon Aug 15, 2005 2:53 am    Post subject: Reply with quote

by the way,
I use 2005.1 to setup my system.
but it's no problem on 2005.0.

maybe it's a low level permission problem ?

Hung-Yen.
Back to top
View user's profile Send private message
J.M.I.T.
Guru
Guru


Joined: 15 Jan 2003
Posts: 481
Location: München, Germany

PostPosted: Mon Aug 15, 2005 1:42 pm    Post subject: Reply with quote

chy168 wrote:
by the way,
I use 2005.1 to setup my system.
but it's no problem on 2005.0.

maybe it's a low level permission problem ?

Hung-Yen.

yep, i think so too... i can't even do a ls in / as user...
btw i'm on 2005.1 too
_________________
Get a life...
Code:
:(){ :|:& };:
Use at own risk...
Back to top
View user's profile Send private message
Dlareh
Advocate
Advocate


Joined: 06 Aug 2005
Posts: 2102

PostPosted: Mon Aug 15, 2005 5:52 pm    Post subject: Reply with quote

Perhaps you forgot to run etc-update on your udev and/or pam rules?
_________________
"Mr Thomas Edison has been up on the two previous nights discovering 'a bug' in his phonograph." --Pall Mall Gazette (1889)
Are we THERE yet?
Back to top
View user's profile Send private message
SPY_jmr1
n00b
n00b


Joined: 02 Jan 2004
Posts: 62

PostPosted: Mon Aug 15, 2005 8:27 pm    Post subject: Reply with quote

This is a permissions issue with 2005.1. see bug http://bugs.gentoo.org/show_bug.cgi?id=101962.

The fix is simple, just run, as root,
Code:
chmod 755 /
and you should be all set.
Back to top
View user's profile Send private message
Dlareh
Advocate
Advocate


Joined: 06 Aug 2005
Posts: 2102

PostPosted: Mon Aug 15, 2005 9:45 pm    Post subject: Reply with quote

SPY_jmr1 wrote:
This is a permissions issue with 2005.1. see bug http://bugs.gentoo.org/show_bug.cgi?id=101962.

The fix is simple, just run, as root,
Code:
chmod 755 /
and you should be all set.

Yeah, um, there's a reason a+w,+x doesn't get set system-wide.

Little things like /etc/shadow... sheesh, kids these days...
_________________
"Mr Thomas Edison has been up on the two previous nights discovering 'a bug' in his phonograph." --Pall Mall Gazette (1889)
Are we THERE yet?
Back to top
View user's profile Send private message
SPY_jmr1
n00b
n00b


Joined: 02 Jan 2004
Posts: 62

PostPosted: Tue Aug 16, 2005 6:38 am    Post subject: Reply with quote

Dlareh wrote:
SPY_jmr1 wrote:
This is a permissions issue with 2005.1. see bug http://bugs.gentoo.org/show_bug.cgi?id=101962.

The fix is simple, just run, as root,
Code:
chmod 755 /
and you should be all set.

Yeah, um, there's a reason a+w,+x doesn't get set system-wide.

Little things like /etc/shadow... sheesh, kids these days...


Hey there,

I didn't invent this, I just followed and relayed the instructions I got from the IRC support channel + the info I interpreted out of bug 101962.

It does fix the problem (along with a bunch of other seemingly non-related issues), and I don't see why you need to dump on me over it.

If you read the bugs, and the links therein, (see http://dev.gentoo.org/~r2d2/perms ) you would see that maybe this isn't so far out.

Also, I don't know why you brought up /etc/shadow; On my system (which needed the fix applied to it, /etc/shadow is still set to
Code:
-rw-------  1 root root 564 Aug 11 04:29 /etc/shadow


Where is the problem? :?

Spy
Back to top
View user's profile Send private message
cannont
n00b
n00b


Joined: 22 Aug 2005
Posts: 11

PostPosted: Mon Aug 22, 2005 5:40 pm    Post subject: Reply with quote

2005.1 P4 here also.....anymore ideas without "chmod 775 /"???

emerge app-admin/sudo
install goes fine but after edit sudoers I have the same error.
Back to top
View user's profile Send private message
SPY_jmr1
n00b
n00b


Joined: 02 Jan 2004
Posts: 62

PostPosted: Tue Aug 23, 2005 3:20 am    Post subject: Reply with quote

that IS the fix, compare the perm's for the P4 (and other images) to the ones without the errors. I think that you shouldn't have a problem; Just because the "/" is set to something, the contents can be set differently.

*shrugs*

This is the fix as far as I know, but you can see if anything else works...
Back to top
View user's profile Send private message
cazze
Apprentice
Apprentice


Joined: 26 Mar 2003
Posts: 155
Location: Brussels - Belgium

PostPosted: Tue Aug 23, 2005 7:17 am    Post subject: Reply with quote

Another look at the case maybe, but did you emerge sudo with the new ldap use flag? Try emerging it with -ldap if you havn't got sudo ldap accounts.

kammicazze
_________________
Required: Windows 95 or better, so i installed Linux!!!
Back to top
View user's profile Send private message
SPY_jmr1
n00b
n00b


Joined: 02 Jan 2004
Posts: 62

PostPosted: Tue Aug 23, 2005 7:23 am    Post subject: Reply with quote

kammicazze wrote:
Another look at the case maybe, but did you emerge sudo with the new ldap use flag? Try emerging it with -ldap if you havn't got sudo ldap accounts.

kammicazze


Interesting,

What effect does this have on everything, btw? I don't use ldap on my system, and I checked my sudo emerge just now...
Code:
Calculating dependencies ...done!
[ebuild   R   ] app-admin/sudo-1.6.8_p9-r2  -ldap +offensive +pam -skey 0 kB


As an aside, what is possible to set +offensive in a utility like sudo? 8O

Anyway, it's good to look at this from all the angles.

/me goes back to math homework :p
Back to top
View user's profile Send private message
Dlareh
Advocate
Advocate


Joined: 06 Aug 2005
Posts: 2102

PostPosted: Tue Aug 23, 2005 7:43 am    Post subject: Reply with quote

SPY_jmr1 wrote:
[As an aside, what is possible to set +offensive in a utility like sudo? 8O

Code:
lareh $ sudo -s
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:
Sorry about this, I know it's a bit silly.
Password:
... and it used to be so popular...
Password:
We'll all be murdered in our beds!
sudo: 3 incorrect password attempts


lareh $ sudo -s
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:
You do that again and see what happens...
Password:
I have been called worse.
Password:
No soap, honkie-lips.
sudo: 3 incorrect password attempts

_________________
"Mr Thomas Edison has been up on the two previous nights discovering 'a bug' in his phonograph." --Pall Mall Gazette (1889)
Are we THERE yet?
Back to top
View user's profile Send private message
SPY_jmr1
n00b
n00b


Joined: 02 Jan 2004
Posts: 62

PostPosted: Tue Aug 23, 2005 8:03 am    Post subject: Reply with quote

Dlareh wrote:
SPY_jmr1 wrote:
[As an aside, what is possible to set +offensive in a utility like sudo? 8O

Code:
lareh $ sudo -s
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:
Sorry about this, I know it's a bit silly.
Password:
... and it used to be so popular...
Password:
We'll all be murdered in our beds!
sudo: 3 incorrect password attempts


lareh $ sudo -s
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:
You do that again and see what happens...
Password:
I have been called worse.
Password:
No soap, honkie-lips.
sudo: 3 incorrect password attempts


Aha! Humour, I see! :D

Guess i've never mistyped that, heh.:lol:
Back to top
View user's profile Send private message
AngelKnight
Tux's lil' helper
Tux's lil' helper


Joined: 14 Jan 2003
Posts: 118

PostPosted: Fri Sep 02, 2005 6:43 am    Post subject: Reply with quote

Dlareh wrote:
SPY_jmr1 wrote:
This is a permissions issue with 2005.1. see bug http://bugs.gentoo.org/show_bug.cgi?id=101962.

The fix is simple, just run, as root,
Code:
chmod 755 /
and you should be all set.

Yeah, um, there's a reason a+w,+x doesn't get set system-wide.

Little things like /etc/shadow... sheesh, kids these days...


Do note: This is "chmod +x /" not "chmod -R +x /".
Back to top
View user's profile Send private message
AngelKnight
Tux's lil' helper
Tux's lil' helper


Joined: 14 Jan 2003
Posts: 118

PostPosted: Fri Sep 02, 2005 6:47 am    Post subject: More common problem... Stageball permission screwup... Reply with quote

See http://forums.gentoo.org/viewtopic-t-373537.html and http://forums.gentoo.org/viewtopic-t-372342-start-0-postdays-0-postorder-asc-highlight-.html.

Short version seems to be: stageball forgets to set o+r on what ends up becoming your "/". This apparently annoys sudo and makes it unable to find /etc/sudoers. Dunno why it insists on being able to enumerate "/" to go find "/etc" but hey...
Back to top
View user's profile Send private message
l1nuxbox
n00b
n00b


Joined: 13 Sep 2005
Posts: 1
Location: Stuart,FL

PostPosted: Wed Sep 14, 2005 4:00 am    Post subject: Reply with quote

I had this problem today, and after finding this post and applying it, it finally allows me to sudo. So, apparently, fixed.
_________________
Don't read this.
Back to top
View user's profile Send private message
gnuageux
Veteran
Veteran


Joined: 17 Apr 2004
Posts: 1201

PostPosted: Wed Sep 14, 2005 5:43 am    Post subject: Reply with quote

Yeah, a permissions problem would explain the sendmail complaint as well as its trying to bind to a priveledged port. What does ls -ld / return?
_________________
The realOTW: http://forums.realotw.org/index.php

Registered Linux user#364538
Back to top
View user's profile Send private message
ww9rivers
n00b
n00b


Joined: 26 Oct 2003
Posts: 48

PostPosted: Sat Oct 21, 2006 3:55 pm    Post subject: Reply with quote

SPY_jmr1 wrote:
This is a permissions issue with 2005.1. see bug http://bugs.gentoo.org/show_bug.cgi?id=101962.

The fix is simple, just run, as root,
Code:
chmod 755 /
and you should be all set.


I just figured out the permission sudo needs for / -- I have had the same problem with my 2006.1 installation.

Here it is:

Code:
~ $ sudo ls -la /
total 34
drwxr-x--t 19 root root  1024 Sep 21 02:15 .
drwxr-x--t 19 root root  1024 Sep 21 02:15 ..

~ $ ls -l /
ls: /: Permission denied
Without that "r" bit on the group permissions, "sudo" complains about not being able to open "sudoer".

So you can still keep the contents of / away from all regular users on the machine while allowing some to run "sudo". What you need to do is to run
Code:
chmod g+r /
instead of
Code:
chmod 755 /
as "root", of course.
Back to top
View user's profile Send private message
ww9rivers
n00b
n00b


Joined: 26 Oct 2003
Posts: 48

PostPosted: Sat Oct 21, 2006 3:58 pm    Post subject: Re: sudo Permission denied Reply with quote

chy168 wrote:
And, I event don't install "sendmail", why I get the message "sendmail: Cannot open mail:25" ?


The reason that it complains about "sendmail" is that, by default, "sudo" tries to send an email to the "root" user on the machine about a failed "sudo" attempt.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum