#40959: sudo @1.8.8_1 fails with "unable to open /opt/local/etc/sudoers: Permission denied" ------------------------+-------------------------------- Reporter: shabble@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.2.0 Resolution: | Keywords: Port: sudo | ------------------------+-------------------------------- Changes (by ryandesign@…): * keywords: sudo => Old description:
Any privs-requiring invocation of sudo fails with the following error:
{{{ sudo -V
Sudo version 1.8.8 sudo: unable to open /opt/local/etc/sudoers: Permission denied sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin
}}}
Permissions appear correct for both the sudo binary and the sudoers file:
{{{
stat /opt/local/bin/sudo File: ‘/opt/local/bin/sudo’ Size: 117036 Blocks: 232 IO Block: 4096 regular file Device: e000002h/234881026d Inode: 25568007 Links: 1 Access: (4755/-rwsr-xr-x) Uid: ( 0/ root) Gid: ( 0/ wheel) Access: 2013-10-26 16:06:53.000000000 +0100 Modify: 2013-10-02 20:52:47.000000000 +0100 Change: 2013-10-23 13:54:23.000000000 +0100 Birth: 2013-10-02 20:52:47.000000000 +0100
stat /opt/local/etc/sudoers
File: ‘/opt/local/etc/sudoers’ Size: 3429 Blocks: 8 IO Block: 4096 regular file Device: e000002h/234881026d Inode: 25568014 Links: 1 Access: (0440/-r--r-----) Uid: ( 0/ root) Gid: ( 20/ staff) Access: 2013-10-26 16:05:12.000000000 +0100 Modify: 2013-10-02 20:52:46.000000000 +0100 Change: 2013-10-23 13:54:23.000000000 +0100 Birth: 2013-10-02 20:52:46.000000000 +0100
}}}
Attached is dtruss log output (via /usr/bin/sudo dtruss /opt/local/bin/sudo true &> sudo-truss.log) from the 1.8.8_1 version.
Note that this is a distinct problem from the bug reported in #40644 / sudo @1.8.6p7_0, which also happens/happened to me.
Re-testing with that version demonstrates:
{{{
$ /usr/bin/sudo port activate -f sudo@1.8.6p7_0 ...
$ sudo -V Sudo version 1.8.6p7 Sudoers policy plugin version 1.8.6p7 Sudoers file grammar version 42 Sudoers I/O plugin version 1.8.6p7
$ sudo true Password: $ echo $? 0
$ sudo -u shabble true sudo: unable to change to runas uid (501, 501): Operation not permitted sudo: unable to execute /usr/bin/true: Operation not permitted
}}}
New description: Any privs-requiring invocation of sudo fails with the following error: {{{ sudo -V Sudo version 1.8.8 sudo: unable to open /opt/local/etc/sudoers: Permission denied sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin }}} Permissions appear correct for both the sudo binary and the sudoers file: {{{ stat /opt/local/bin/sudo File: ‘/opt/local/bin/sudo’ Size: 117036 Blocks: 232 IO Block: 4096 regular file Device: e000002h/234881026d Inode: 25568007 Links: 1 Access: (4755/-rwsr-xr-x) Uid: ( 0/ root) Gid: ( 0/ wheel) Access: 2013-10-26 16:06:53.000000000 +0100 Modify: 2013-10-02 20:52:47.000000000 +0100 Change: 2013-10-23 13:54:23.000000000 +0100 Birth: 2013-10-02 20:52:47.000000000 +0100 stat /opt/local/etc/sudoers File: ‘/opt/local/etc/sudoers’ Size: 3429 Blocks: 8 IO Block: 4096 regular file Device: e000002h/234881026d Inode: 25568014 Links: 1 Access: (0440/-r--r-----) Uid: ( 0/ root) Gid: ( 20/ staff) Access: 2013-10-26 16:05:12.000000000 +0100 Modify: 2013-10-02 20:52:46.000000000 +0100 Change: 2013-10-23 13:54:23.000000000 +0100 Birth: 2013-10-02 20:52:46.000000000 +0100 }}} Attached is dtruss log output (via `/usr/bin/sudo dtruss /opt/local/bin/sudo true &> sudo-truss.log`) from the 1.8.8_1 version. Note that this is a distinct problem from the bug reported in #40644 / sudo @1.8.6p7_0, which also happens/happened to me. Re-testing with that version demonstrates: {{{ $ /usr/bin/sudo port activate -f sudo@1.8.6p7_0 ... $ sudo -V Sudo version 1.8.6p7 Sudoers policy plugin version 1.8.6p7 Sudoers file grammar version 42 Sudoers I/O plugin version 1.8.6p7 $ sudo true Password: $ echo $? 0 $ sudo -u shabble true sudo: unable to change to runas uid (501, 501): Operation not permitted sudo: unable to execute /usr/bin/true: Operation not permitted }}} -- -- Ticket URL: <https://trac.macports.org/ticket/40959#comment:1> MacPorts <http://www.macports.org/> Ports system for OS X