Sudo package installed getting sudo errors



  • I have the sudo package installed on a fresh install of 2.4.0 with config from a 2.3.4 p1.  When I ssh in and attempt to run sudo I get the following error:
    sudo: unable to stat /usr/local/etc/sudoers: Permission denied
    sudo: no valid sudoers sources found, quitting
    sudo: unable to initialize policy plugin

    I have removed the sudo package, rebooted, installed the sudo package again with the same results.


  • Rebel Alliance Developer Netgate

    What about if you go to the Sudo page in the GUI and save?



  • No luck.  I go into the page and save.


  • Rebel Alliance Developer Netgate

    What exact settings do you have in the sudo package?

    It's working fine for me here on 2.4



  • Just the normal setup.  The user I am logged in as is in the admin group, and I have tried logging in as admin as well and get the same issue.

    Even if I choose 8 from the firewall menu and run sudo I get the same error.

    ![sudo_settings_2017-10-16 10-43-58.png](/public/imported_attachments/1/sudo_settings_2017-10-16 10-43-58.png)
    ![sudo_settings_2017-10-16 10-43-58.png_thumb](/public/imported_attachments/1/sudo_settings_2017-10-16 10-43-58.png_thumb)


  • Rebel Alliance Developer Netgate

    What about if you uninstall the package and then install it again? (Don't use the "reinstall" button)

    I've tried a few more systems here with sudo and they all work. The sudoers file gets rewritten when the package syncs and I never see any errors.



  • I am sure it is some kind of local issue, just not sure how to solve it.  Here are my screen shots.

    ![pkgmgr_remove_sudo_cp2017-10-16 10-58-09.png](/public/imported_attachments/1/pkgmgr_remove_sudo_cp2017-10-16 10-58-09.png)
    ![pkgmgr_remove_sudo_cp2017-10-16 10-58-09.png_thumb](/public/imported_attachments/1/pkgmgr_remove_sudo_cp2017-10-16 10-58-09.png_thumb)
    ![pkgmgr_install_sudo_cp2017-10-16 11-12-30.png](/public/imported_attachments/1/pkgmgr_install_sudo_cp2017-10-16 11-12-30.png)
    ![pkgmgr_install_sudo_cp2017-10-16 11-12-30.png_thumb](/public/imported_attachments/1/pkgmgr_install_sudo_cp2017-10-16 11-12-30.png_thumb)
    ![pfsense_firewall_sudo_cmd_cpe2017-10-16 11-14-21.png](/public/imported_attachments/1/pfsense_firewall_sudo_cmd_cpe2017-10-16 11-14-21.png)
    ![pfsense_firewall_sudo_cmd_cpe2017-10-16 11-14-21.png_thumb](/public/imported_attachments/1/pfsense_firewall_sudo_cmd_cpe2017-10-16 11-14-21.png_thumb)
    ![diag_cmd_prompt_sudo_cp2017-10-16 11-20-36.png](/public/imported_attachments/1/diag_cmd_prompt_sudo_cp2017-10-16 11-20-36.png)
    ![diag_cmd_prompt_sudo_cp2017-10-16 11-20-36.png_thumb](/public/imported_attachments/1/diag_cmd_prompt_sudo_cp2017-10-16 11-20-36.png_thumb)



  • I can run visudo as root and the file is there and looks fine.  I can save it as root, same problem.


  • Rebel Alliance Developer Netgate

    What about these commands:

    : ls -l /usr/local/etc/sudoers
    -r--r-----  1 root  wheel  67 Oct 16 10:30 /usr/local/etc/sudoers
    : stat /usr/local/etc/sudoers
    3272947030 44002 -r--r----- 1 root wheel 4294967295 67 "Dec 31 19:00:00 1969" "Oct 16 10:30:07 2017" "Oct 16 10:30:07 2017" "Oct  9 07:07:13 2017" 4096 1 0x800 /usr/local/etc/sudoers
    

    You might also need to reboot and force a filesystem check.



  • @jimp:

    What about these commands:

    : ls -l /usr/local/etc/sudoers
    -r--r-----  1 root  wheel  67 Oct 16 10:30 /usr/local/etc/sudoers
    : stat /usr/local/etc/sudoers
    3272947030 44002 -r--r----- 1 root wheel 4294967295 67 "Dec 31 19:00:00 1969" "Oct 16 10:30:07 2017" "Oct 16 10:30:07 2017" "Oct  9 07:07:13 2017" 4096 1 0x800 /usr/local/etc/sudoers
    

    You might also need to reboot and force a filesystem check.

    [2.4.0-RELEASE]: ls -l /usr/local/etc/sudoers
    -r–r-----  1 root  wheel  104 Oct 16 12:14 /usr/local/etc/sudoers
    [2.4.0-RELEASE]: stat /usr/local/etc/sudoers
    3449806824 34253 -r–r----- 1 root wheel 4294967295 104 "Oct 16 12:08:52 2017" "Oct 16 12:14:32 2017" "Oct 16 12:14:32 2017" "Oct 16 12:08:52 2017" 4096 1 0x800 /usr/local/etc/sudoers


  • Rebel Alliance Developer Netgate

    That seems OK as well. Strange that sudo itself complains. Use the reboot option from the ssh or console menu and use the option to force a filesystem check, see if that helps.



  • @jimp:

    That seems OK as well. Strange that sudo itself complains. Use the reboot option from the ssh or console menu and use the option to force a filesystem check, see if that helps.

    Chose 5, to reboot and then chose F.  System rebooted fine, and I guess ran the file system check, it boots very quick.  Still same problem.  I am at a loss…

    Oh, and thanks for your help jimp.



  • @jimp:

    That seems OK as well. Strange that sudo itself complains. Use the reboot option from the ssh or console menu and use the option to force a filesystem check, see if that helps.

    Other things seem to be working, the only thing different from the 2.3.4p1 to my 2.4 upgrade is I selected to use the zfs filesystem.

    Here is what my dashboard reports about the fs.

    Memory usage
    8% of 16309 MiB
    SWAP usage
    0% of 16384 MiB
    Disk usage ( / )
    0% of 254GiB - zfs
    Disk usage ( /tmp )
    0% of 253GiB - zfs
    Disk usage ( /var )
    0% of 253GiB - zfs
    Disk usage ( /zroot )
    0% of 253GiB - zfs
    Disk usage ( /var/run )
    4% of 3.4MiB - ufs in RAM


  • Rebel Alliance Developer Netgate

    ZFS is fine, one of the hosts I tested is also using ZFS.

    What happens if you delete that file, and then save in the sudo GUI.

    rm /usr/local/etc/sudoers
    

    Also, when you try to run sudo, check the group membership if the user in the shell:

    : id
    uid=2004(jimp) gid=65534(nobody) groups=65534(nobody),1999(admins)
    
    

    It should have "admins" listed there



  • Deleted the file, went to the gui saved it, the file showed up, same error.

    : id
    uid=2000(xxxx) gid=65534(nobody) groups=65534(nobody),1999(admins)