Sudo package installed getting sudo errors

techyjtmb · Oct 16, 2017, 12:27 AM

I have the sudo package installed on a fresh install of 2.4.0 with config from a 2.3.4 p1. When I ssh in and attempt to run sudo I get the following error:
sudo: unable to stat /usr/local/etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

I have removed the sudo package, rebooted, installed the sudo package again with the same results.

jimp · Oct 16, 2017, 12:31 AM

What about if you go to the Sudo page in the GUI and save?

techyjtmb · Oct 16, 2017, 1:20 AM

No luck. I go into the page and save.

jimp · Oct 16, 2017, 1:59 AM

What exact settings do you have in the sudo package?

It's working fine for me here on 2.4

techyjtmb · Oct 16, 2017, 2:55 PM

Just the normal setup. The user I am logged in as is in the admin group, and I have tried logging in as admin as well and get the same issue.

Even if I choose 8 from the firewall menu and run sudo I get the same error.

![sudo_settings_2017-10-16 10-43-58.png](/public/imported_attachments/1/sudo_settings_2017-10-16 10-43-58.png)
![sudo_settings_2017-10-16 10-43-58.png_thumb](/public/imported_attachments/1/sudo_settings_2017-10-16 10-43-58.png_thumb)

jimp · Oct 16, 2017, 2:55 PM

What about if you uninstall the package and then install it again? (Don't use the "reinstall" button)

I've tried a few more systems here with sudo and they all work. The sudoers file gets rewritten when the package syncs and I never see any errors.

techyjtmb · Oct 16, 2017, 3:26 PM

I am sure it is some kind of local issue, just not sure how to solve it. Here are my screen shots.

![pkgmgr_remove_sudo_cp2017-10-16 10-58-09.png](/public/imported_attachments/1/pkgmgr_remove_sudo_cp2017-10-16 10-58-09.png)
![pkgmgr_remove_sudo_cp2017-10-16 10-58-09.png_thumb](/public/imported_attachments/1/pkgmgr_remove_sudo_cp2017-10-16 10-58-09.png_thumb)
![pkgmgr_install_sudo_cp2017-10-16 11-12-30.png](/public/imported_attachments/1/pkgmgr_install_sudo_cp2017-10-16 11-12-30.png)
![pkgmgr_install_sudo_cp2017-10-16 11-12-30.png_thumb](/public/imported_attachments/1/pkgmgr_install_sudo_cp2017-10-16 11-12-30.png_thumb)
![pfsense_firewall_sudo_cmd_cpe2017-10-16 11-14-21.png](/public/imported_attachments/1/pfsense_firewall_sudo_cmd_cpe2017-10-16 11-14-21.png)
![pfsense_firewall_sudo_cmd_cpe2017-10-16 11-14-21.png_thumb](/public/imported_attachments/1/pfsense_firewall_sudo_cmd_cpe2017-10-16 11-14-21.png_thumb)
![diag_cmd_prompt_sudo_cp2017-10-16 11-20-36.png](/public/imported_attachments/1/diag_cmd_prompt_sudo_cp2017-10-16 11-20-36.png)
![diag_cmd_prompt_sudo_cp2017-10-16 11-20-36.png_thumb](/public/imported_attachments/1/diag_cmd_prompt_sudo_cp2017-10-16 11-20-36.png_thumb)

techyjtmb · Oct 16, 2017, 4:16 PM

I can run visudo as root and the file is there and looks fine. I can save it as root, same problem.

jimp · Oct 16, 2017, 4:38 PM

What about these commands:

: ls -l /usr/local/etc/sudoers
-r--r-----  1 root  wheel  67 Oct 16 10:30 /usr/local/etc/sudoers
: stat /usr/local/etc/sudoers
3272947030 44002 -r--r----- 1 root wheel 4294967295 67 "Dec 31 19:00:00 1969" "Oct 16 10:30:07 2017" "Oct 16 10:30:07 2017" "Oct  9 07:07:13 2017" 4096 1 0x800 /usr/local/etc/sudoers

You might also need to reboot and force a filesystem check.

techyjtmb · Oct 16, 2017, 5:25 PM

@jimp:

What about these commands:

: ls -l /usr/local/etc/sudoers
-r--r-----  1 root  wheel  67 Oct 16 10:30 /usr/local/etc/sudoers
: stat /usr/local/etc/sudoers
3272947030 44002 -r--r----- 1 root wheel 4294967295 67 "Dec 31 19:00:00 1969" "Oct 16 10:30:07 2017" "Oct 16 10:30:07 2017" "Oct  9 07:07:13 2017" 4096 1 0x800 /usr/local/etc/sudoers

You might also need to reboot and force a filesystem check.

[2.4.0-RELEASE]: ls -l /usr/local/etc/sudoers
-r–r----- 1 root wheel 104 Oct 16 12:14 /usr/local/etc/sudoers
[2.4.0-RELEASE]: stat /usr/local/etc/sudoers
3449806824 34253 -r–r----- 1 root wheel 4294967295 104 "Oct 16 12:08:52 2017" "Oct 16 12:14:32 2017" "Oct 16 12:14:32 2017" "Oct 16 12:08:52 2017" 4096 1 0x800 /usr/local/etc/sudoers

jimp · Oct 16, 2017, 5:41 PM

That seems OK as well. Strange that sudo itself complains. Use the reboot option from the ssh or console menu and use the option to force a filesystem check, see if that helps.

techyjtmb · Oct 16, 2017, 6:08 PM

@jimp:

That seems OK as well. Strange that sudo itself complains. Use the reboot option from the ssh or console menu and use the option to force a filesystem check, see if that helps.

Chose 5, to reboot and then chose F. System rebooted fine, and I guess ran the file system check, it boots very quick. Still same problem. I am at a loss…

Oh, and thanks for your help jimp.

techyjtmb · Oct 16, 2017, 6:20 PM

@jimp:

That seems OK as well. Strange that sudo itself complains. Use the reboot option from the ssh or console menu and use the option to force a filesystem check, see if that helps.

Other things seem to be working, the only thing different from the 2.3.4p1 to my 2.4 upgrade is I selected to use the zfs filesystem.

Here is what my dashboard reports about the fs.

Memory usage
8% of 16309 MiB
SWAP usage
0% of 16384 MiB
Disk usage ( / )
0% of 254GiB - zfs
Disk usage ( /tmp )
0% of 253GiB - zfs
Disk usage ( /var )
0% of 253GiB - zfs
Disk usage ( /zroot )
0% of 253GiB - zfs
Disk usage ( /var/run )
4% of 3.4MiB - ufs in RAM

jimp · Oct 16, 2017, 7:21 PM

ZFS is fine, one of the hosts I tested is also using ZFS.

What happens if you delete that file, and then save in the sudo GUI.

rm /usr/local/etc/sudoers

Also, when you try to run sudo, check the group membership if the user in the shell:

: id
uid=2004(jimp) gid=65534(nobody) groups=65534(nobody),1999(admins)

It should have "admins" listed there

techyjtmb · Oct 16, 2017, 7:34 PM

Deleted the file, went to the gui saved it, the file showed up, same error.

: id
uid=2000(xxxx) gid=65534(nobody) groups=65534(nobody),1999(admins)