[MacPorts] #40959: sudo @1.8.8_1 fails with "unable to open /opt/local/etc/sudoers: Permission denied"

MacPorts noreply at macports.org
Sat Oct 26 10:07:20 PDT 2013 

#40959: sudo @1.8.8_1 fails with "unable to open /opt/local/etc/sudoers: Permission
denied"
------------------------+--------------------------------
  Reporter:  shabble@…  |      Owner:  macports-tickets@…
      Type:  defect     |     Status:  new
  Priority:  Normal     |  Milestone:
 Component:  ports      |    Version:  2.2.0
Resolution:             |   Keywords:
      Port:  sudo       |
------------------------+--------------------------------
Changes (by ryandesign@…):

 * keywords:  sudo =>


Old description:

> Any privs-requiring invocation of sudo fails with the following error:
>
> {{{
> sudo -V
>
> Sudo version 1.8.8
> sudo: unable to open /opt/local/etc/sudoers: Permission denied
> sudo: no valid sudoers sources found, quitting
> sudo: unable to initialize policy plugin
>
> }}}
>

> Permissions appear correct for both the sudo binary and the sudoers file:
>
> {{{
>
> stat /opt/local/bin/sudo
>   File: ‘/opt/local/bin/sudo’
>   Size: 117036          Blocks: 232        IO Block: 4096   regular file
> Device: e000002h/234881026d     Inode: 25568007    Links: 1
> Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/   wheel)
> Access: 2013-10-26 16:06:53.000000000 +0100
> Modify: 2013-10-02 20:52:47.000000000 +0100
> Change: 2013-10-23 13:54:23.000000000 +0100
>  Birth: 2013-10-02 20:52:47.000000000 +0100
>
> stat /opt/local/etc/sudoers
>
>   File: ‘/opt/local/etc/sudoers’
>   Size: 3429            Blocks: 8          IO Block: 4096   regular file
> Device: e000002h/234881026d     Inode: 25568014    Links: 1
> Access: (0440/-r--r-----)  Uid: (    0/    root)   Gid: (   20/   staff)
> Access: 2013-10-26 16:05:12.000000000 +0100
> Modify: 2013-10-02 20:52:46.000000000 +0100
> Change: 2013-10-23 13:54:23.000000000 +0100
>  Birth: 2013-10-02 20:52:46.000000000 +0100
>
> }}}
>
> Attached is dtruss log output (via /usr/bin/sudo dtruss
> /opt/local/bin/sudo true &> sudo-truss.log) from the 1.8.8_1 version.
>
> Note that this is a distinct problem from the bug reported in #40644 /
> sudo @1.8.6p7_0, which also happens/happened to me.
>
> Re-testing with that version demonstrates:
>
> {{{
>
> $ /usr/bin/sudo port activate -f sudo at 1.8.6p7_0
> ...
>
> $ sudo -V
> Sudo version 1.8.6p7
> Sudoers policy plugin version 1.8.6p7
> Sudoers file grammar version 42
> Sudoers I/O plugin version 1.8.6p7
>
> $ sudo true
> Password:
> $ echo $?
> 0
>
> $ sudo -u shabble true
> sudo: unable to change to runas uid (501, 501): Operation not permitted
> sudo: unable to execute /usr/bin/true: Operation not permitted
>
> }}}

New description:

 Any privs-requiring invocation of sudo fails with the following error:

 {{{
 sudo -V

 Sudo version 1.8.8
 sudo: unable to open /opt/local/etc/sudoers: Permission denied
 sudo: no valid sudoers sources found, quitting
 sudo: unable to initialize policy plugin

 }}}


 Permissions appear correct for both the sudo binary and the sudoers file:

 {{{

 stat /opt/local/bin/sudo
   File: ‘/opt/local/bin/sudo’
   Size: 117036          Blocks: 232        IO Block: 4096   regular file
 Device: e000002h/234881026d     Inode: 25568007    Links: 1
 Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/   wheel)
 Access: 2013-10-26 16:06:53.000000000 +0100
 Modify: 2013-10-02 20:52:47.000000000 +0100
 Change: 2013-10-23 13:54:23.000000000 +0100
  Birth: 2013-10-02 20:52:47.000000000 +0100

 stat /opt/local/etc/sudoers

   File: ‘/opt/local/etc/sudoers’
   Size: 3429            Blocks: 8          IO Block: 4096   regular file
 Device: e000002h/234881026d     Inode: 25568014    Links: 1
 Access: (0440/-r--r-----)  Uid: (    0/    root)   Gid: (   20/   staff)
 Access: 2013-10-26 16:05:12.000000000 +0100
 Modify: 2013-10-02 20:52:46.000000000 +0100
 Change: 2013-10-23 13:54:23.000000000 +0100
  Birth: 2013-10-02 20:52:46.000000000 +0100

 }}}

 Attached is dtruss log output (via `/usr/bin/sudo dtruss
 /opt/local/bin/sudo true &> sudo-truss.log`) from the 1.8.8_1 version.

 Note that this is a distinct problem from the bug reported in #40644 /
 sudo @1.8.6p7_0, which also happens/happened to me.

 Re-testing with that version demonstrates:

 {{{

 $ /usr/bin/sudo port activate -f sudo at 1.8.6p7_0
 ...

 $ sudo -V
 Sudo version 1.8.6p7
 Sudoers policy plugin version 1.8.6p7
 Sudoers file grammar version 42
 Sudoers I/O plugin version 1.8.6p7

 $ sudo true
 Password:
 $ echo $?
 0

 $ sudo -u shabble true
 sudo: unable to change to runas uid (501, 501): Operation not permitted
 sudo: unable to execute /usr/bin/true: Operation not permitted

 }}}

--

-- 
Ticket URL: <https://trac.macports.org/ticket/40959#comment:1>
MacPorts <http://www.macports.org/>
Ports system for OS X

More information about the macports-tickets mailing list