View previous topic :: View next topic |
Author |
Message |
chy168 n00b
Joined: 12 Mar 2005 Posts: 70
|
Posted: Fri Aug 12, 2005 6:58 am Post subject: sudo Permission denied |
|
|
Hello,
I just emerge app-admin/sudo
but when I use it, i get some errors >"<
Code: | chy168@gentoo ~ $ sudo su
sudo: can't open /etc/sudoers: Permission denied
chy168@gentoo ~ $ sendmail: Cannot open mail:25 |
I have set the sudoer:
Code: | root ALL=(ALL) ALL
chy168 ALL=(ALL) ALL |
And, I event don't install "sendmail", why I get the message "sendmail: Cannot open mail:25" ?
thank you. |
|
Back to top |
|
|
Dlareh Advocate
Joined: 06 Aug 2005 Posts: 2102
|
Posted: Fri Aug 12, 2005 7:01 am Post subject: |
|
|
"sudo su" is redundant -- use one or the other. Perhaps "sudo -s" is what you are looking for.
as to your problem, _________________ "Mr Thomas Edison has been up on the two previous nights discovering 'a bug' in his phonograph." --Pall Mall Gazette (1889)
Are we THERE yet? |
|
Back to top |
|
|
chy168 n00b
Joined: 12 Mar 2005 Posts: 70
|
Posted: Fri Aug 12, 2005 8:01 am Post subject: |
|
|
Dlareh wrote: | "sudo su" is redundant -- use one or the other. Perhaps "sudo -s" is what you are looking for.
as to your problem, |
thank you for your help.
but it still not work well.
Code: |
chy168@gentoo ~ $ sudo -s
sudo: can't open /etc/sudoers: Permission denied
chy168@gentoo ~ $ sendmail: Cannot open mail:25
chy168@gentoo ~ $ |
and my /etc/sudoers exits .
Code: | chy168@gentoo ~ $ ls -al /etc/sudoers
-r--r----- 1 root root 1666 Aug 12 22:37 /etc/sudoers
chy168@gentoo ~ $ |
|
|
Back to top |
|
|
nichocouk Guru
Joined: 10 Mar 2005 Posts: 585 Location: Glasgow
|
Posted: Fri Aug 12, 2005 9:09 am Post subject: |
|
|
Try first to edit your sudoers file:
Code: |
# su -
# cd /etc
# visudo sudoers
|
Have you taken a look at the man pages?
Code: |
man sudo
man sudoers
man visudo
|
There are some parameters to set before being able to use sudo properly. _________________ nichocouk
L'Etat, c'est moi. |
|
Back to top |
|
|
chy168 n00b
Joined: 12 Mar 2005 Posts: 70
|
Posted: Sun Aug 14, 2005 1:20 pm Post subject: |
|
|
Hi,
I did
and I even add the users to the /etc/sudoers
but I still not work
Now, I type sudo.
My gentoo will show:
Code: | gentoo ~ # sudo
sudo: can't open /etc/sudoers: Permission denied
sendmail: Cannot open mail:25
gentoo ~ # |
I even cheked the file permission:
Code: | gentoo ~ # ls -al /usr/bin/sudo /etc/sudoers
-r--r----- 1 root root 40 Aug 14 07:17 /etc/sudoers
---s--x--x 1 root root 87944 Aug 13 23:01 /usr/bin/sudo
gentoo ~ # |
how could I help my gentoo ? |
|
Back to top |
|
|
Dlareh Advocate
Joined: 06 Aug 2005 Posts: 2102
|
Posted: Sun Aug 14, 2005 6:57 pm Post subject: |
|
|
ok those file permissions are correct -- post your /etc/sudoers file _________________ "Mr Thomas Edison has been up on the two previous nights discovering 'a bug' in his phonograph." --Pall Mall Gazette (1889)
Are we THERE yet? |
|
Back to top |
|
|
chy168 n00b
Joined: 12 Mar 2005 Posts: 70
|
Posted: Mon Aug 15, 2005 2:38 am Post subject: |
|
|
Thank you~ Here my sudoer is. :p
Code: | # sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
# Reset environment by default
Defaults env_reset
# Uncomment to allow users in group wheel to export variables
# Defaults:%wheel !env_reset
# Allow users in group users to export specific variables
# Defaults:%users env_keep=TZ
# Allow specific user to bypass env_delete for TERMCAP
# Defaults:user env_delete-=TERMCAP
# Set default EDITOR to vi, and do not allow visudo to use EDITOR/VISUAL.
# Defaults editor=/usr/bin/vim, !env_editor
# Runas alias specification
# *** REMEMBER ***************************************************
# * GIVING SUDO ACCESS TO USERS ALLOWS THEM TO RUN THE SPECIFIED *
# * COMMANDS WITH ELEVATED PRIVILEGES. *
# * *
# * NEVER PERMIT UNTRUSTED USERS TO ACCESS SUDO. *
# ****************************************************************
# User privilege specification
root ALL=(ALL) ALL
chy168 ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Users in group www are allowed to edit httpd.conf and ftpd.conf
# using sudoedit, or sudo -e, without a password.
# %www ALL=(ALL) NOPASSWD: sudoedit /etc/httpd.conf, /etc/ftpd.conf
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
|
|
|
Back to top |
|
|
chy168 n00b
Joined: 12 Mar 2005 Posts: 70
|
Posted: Mon Aug 15, 2005 2:53 am Post subject: |
|
|
by the way,
I use 2005.1 to setup my system.
but it's no problem on 2005.0.
maybe it's a low level permission problem ?
Hung-Yen. |
|
Back to top |
|
|
J.M.I.T. Guru
Joined: 15 Jan 2003 Posts: 481 Location: München, Germany
|
Posted: Mon Aug 15, 2005 1:42 pm Post subject: |
|
|
chy168 wrote: | by the way,
I use 2005.1 to setup my system.
but it's no problem on 2005.0.
maybe it's a low level permission problem ?
Hung-Yen. |
yep, i think so too... i can't even do a ls in / as user...
btw i'm on 2005.1 too _________________ Get a life...
Use at own risk... |
|
Back to top |
|
|
Dlareh Advocate
Joined: 06 Aug 2005 Posts: 2102
|
Posted: Mon Aug 15, 2005 5:52 pm Post subject: |
|
|
Perhaps you forgot to run etc-update on your udev and/or pam rules? _________________ "Mr Thomas Edison has been up on the two previous nights discovering 'a bug' in his phonograph." --Pall Mall Gazette (1889)
Are we THERE yet? |
|
Back to top |
|
|
SPY_jmr1 n00b
Joined: 02 Jan 2004 Posts: 62
|
|
Back to top |
|
|
Dlareh Advocate
Joined: 06 Aug 2005 Posts: 2102
|
Posted: Mon Aug 15, 2005 9:45 pm Post subject: |
|
|
Yeah, um, there's a reason a+w,+x doesn't get set system-wide.
Little things like /etc/shadow... sheesh, kids these days... _________________ "Mr Thomas Edison has been up on the two previous nights discovering 'a bug' in his phonograph." --Pall Mall Gazette (1889)
Are we THERE yet? |
|
Back to top |
|
|
SPY_jmr1 n00b
Joined: 02 Jan 2004 Posts: 62
|
Posted: Tue Aug 16, 2005 6:38 am Post subject: |
|
|
Dlareh wrote: |
Yeah, um, there's a reason a+w,+x doesn't get set system-wide.
Little things like /etc/shadow... sheesh, kids these days... |
Hey there,
I didn't invent this, I just followed and relayed the instructions I got from the IRC support channel + the info I interpreted out of bug 101962.
It does fix the problem (along with a bunch of other seemingly non-related issues), and I don't see why you need to dump on me over it.
If you read the bugs, and the links therein, (see http://dev.gentoo.org/~r2d2/perms ) you would see that maybe this isn't so far out.
Also, I don't know why you brought up /etc/shadow; On my system (which needed the fix applied to it, /etc/shadow is still set to Code: | -rw------- 1 root root 564 Aug 11 04:29 /etc/shadow |
Where is the problem?
Spy |
|
Back to top |
|
|
cannont n00b
Joined: 22 Aug 2005 Posts: 11
|
Posted: Mon Aug 22, 2005 5:40 pm Post subject: |
|
|
2005.1 P4 here also.....anymore ideas without "chmod 775 /"???
emerge app-admin/sudo
install goes fine but after edit sudoers I have the same error. |
|
Back to top |
|
|
SPY_jmr1 n00b
Joined: 02 Jan 2004 Posts: 62
|
Posted: Tue Aug 23, 2005 3:20 am Post subject: |
|
|
that IS the fix, compare the perm's for the P4 (and other images) to the ones without the errors. I think that you shouldn't have a problem; Just because the "/" is set to something, the contents can be set differently.
*shrugs*
This is the fix as far as I know, but you can see if anything else works... |
|
Back to top |
|
|
cazze Apprentice
Joined: 26 Mar 2003 Posts: 155 Location: Brussels - Belgium
|
Posted: Tue Aug 23, 2005 7:17 am Post subject: |
|
|
Another look at the case maybe, but did you emerge sudo with the new ldap use flag? Try emerging it with -ldap if you havn't got sudo ldap accounts.
kammicazze _________________ Required: Windows 95 or better, so i installed Linux!!! |
|
Back to top |
|
|
SPY_jmr1 n00b
Joined: 02 Jan 2004 Posts: 62
|
Posted: Tue Aug 23, 2005 7:23 am Post subject: |
|
|
kammicazze wrote: | Another look at the case maybe, but did you emerge sudo with the new ldap use flag? Try emerging it with -ldap if you havn't got sudo ldap accounts.
kammicazze |
Interesting,
What effect does this have on everything, btw? I don't use ldap on my system, and I checked my sudo emerge just now... Code: | Calculating dependencies ...done!
[ebuild R ] app-admin/sudo-1.6.8_p9-r2 -ldap +offensive +pam -skey 0 kB |
As an aside, what is possible to set +offensive in a utility like sudo?
Anyway, it's good to look at this from all the angles.
/me goes back to math homework :p |
|
Back to top |
|
|
Dlareh Advocate
Joined: 06 Aug 2005 Posts: 2102
|
Posted: Tue Aug 23, 2005 7:43 am Post subject: |
|
|
SPY_jmr1 wrote: | [As an aside, what is possible to set +offensive in a utility like sudo? |
Code: | lareh $ sudo -s
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
Sorry about this, I know it's a bit silly.
Password:
... and it used to be so popular...
Password:
We'll all be murdered in our beds!
sudo: 3 incorrect password attempts
lareh $ sudo -s
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
You do that again and see what happens...
Password:
I have been called worse.
Password:
No soap, honkie-lips.
sudo: 3 incorrect password attempts |
_________________ "Mr Thomas Edison has been up on the two previous nights discovering 'a bug' in his phonograph." --Pall Mall Gazette (1889)
Are we THERE yet? |
|
Back to top |
|
|
SPY_jmr1 n00b
Joined: 02 Jan 2004 Posts: 62
|
Posted: Tue Aug 23, 2005 8:03 am Post subject: |
|
|
Dlareh wrote: | SPY_jmr1 wrote: | [As an aside, what is possible to set +offensive in a utility like sudo? |
Code: | lareh $ sudo -s
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
Sorry about this, I know it's a bit silly.
Password:
... and it used to be so popular...
Password:
We'll all be murdered in our beds!
sudo: 3 incorrect password attempts
lareh $ sudo -s
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
You do that again and see what happens...
Password:
I have been called worse.
Password:
No soap, honkie-lips.
sudo: 3 incorrect password attempts |
|
Aha! Humour, I see!
Guess i've never mistyped that, heh. |
|
Back to top |
|
|
AngelKnight Tux's lil' helper
Joined: 14 Jan 2003 Posts: 127
|
Posted: Fri Sep 02, 2005 6:43 am Post subject: |
|
|
Dlareh wrote: |
Yeah, um, there's a reason a+w,+x doesn't get set system-wide.
Little things like /etc/shadow... sheesh, kids these days... |
Do note: This is "chmod +x /" not "chmod -R +x /". |
|
Back to top |
|
|
AngelKnight Tux's lil' helper
Joined: 14 Jan 2003 Posts: 127
|
|
Back to top |
|
|
l1nuxbox n00b
Joined: 13 Sep 2005 Posts: 1 Location: Stuart,FL
|
Posted: Wed Sep 14, 2005 4:00 am Post subject: |
|
|
I had this problem today, and after finding this post and applying it, it finally allows me to sudo. So, apparently, fixed. _________________ Don't read this. |
|
Back to top |
|
|
gnuageux Veteran
Joined: 17 Apr 2004 Posts: 1201
|
Posted: Wed Sep 14, 2005 5:43 am Post subject: |
|
|
Yeah, a permissions problem would explain the sendmail complaint as well as its trying to bind to a priveledged port. What does ls -ld / return? _________________ The realOTW: http://forums.realotw.org/index.php
Registered Linux user#364538 |
|
Back to top |
|
|
ww9rivers n00b
Joined: 26 Oct 2003 Posts: 48
|
Posted: Sat Oct 21, 2006 3:55 pm Post subject: |
|
|
I just figured out the permission sudo needs for / -- I have had the same problem with my 2006.1 installation.
Here it is:
Code: | ~ $ sudo ls -la /
total 34
drwxr-x--t 19 root root 1024 Sep 21 02:15 .
drwxr-x--t 19 root root 1024 Sep 21 02:15 ..
~ $ ls -l /
ls: /: Permission denied
| Without that "r" bit on the group permissions, "sudo" complains about not being able to open "sudoer".
So you can still keep the contents of / away from all regular users on the machine while allowing some to run "sudo". What you need to do is to run instead of as "root", of course. |
|
Back to top |
|
|
ww9rivers n00b
Joined: 26 Oct 2003 Posts: 48
|
Posted: Sat Oct 21, 2006 3:58 pm Post subject: Re: sudo Permission denied |
|
|
chy168 wrote: | And, I event don't install "sendmail", why I get the message "sendmail: Cannot open mail:25" ? |
The reason that it complains about "sendmail" is that, by default, "sudo" tries to send an email to the "root" user on the machine about a failed "sudo" attempt. |
|
Back to top |
|
|
|