Opened 10 years ago

Closed 8 years ago

#40959 closed defect (worksforme)

sudo @1.8.8_1 fails with "unable to open /opt/local/etc/sudoers: Permission denied"

Reported by: shabble@… Owned by: youvegotmoxie@…
Priority: Normal Milestone:
Component: ports Version: 2.2.0
Keywords: lack-of-interest Cc: neverpanic (Clemens Lang), jpo@…, cooljeanius (Eric Gallager)
Port: sudo

Description (last modified by ryandesign (Ryan Carsten Schmidt))

Any privs-requiring invocation of sudo fails with the following error: 

sudo -V

Sudo version 1.8.8
sudo: unable to open /opt/local/etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Permissions appear correct for both the sudo binary and the sudoers file: 

stat /opt/local/bin/sudo 
  File: ‘/opt/local/bin/sudo’
  Size: 117036    	Blocks: 232        IO Block: 4096   regular file
Device: e000002h/234881026d	Inode: 25568007    Links: 1
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/   wheel)
Access: 2013-10-26 16:06:53.000000000 +0100
Modify: 2013-10-02 20:52:47.000000000 +0100
Change: 2013-10-23 13:54:23.000000000 +0100
 Birth: 2013-10-02 20:52:47.000000000 +0100

stat /opt/local/etc/sudoers

  File: ‘/opt/local/etc/sudoers’
  Size: 3429      	Blocks: 8          IO Block: 4096   regular file
Device: e000002h/234881026d	Inode: 25568014    Links: 1
Access: (0440/-r--r-----)  Uid: (    0/    root)   Gid: (   20/   staff)
Access: 2013-10-26 16:05:12.000000000 +0100
Modify: 2013-10-02 20:52:46.000000000 +0100
Change: 2013-10-23 13:54:23.000000000 +0100
 Birth: 2013-10-02 20:52:46.000000000 +0100

Attached is dtruss log output (via /usr/bin/sudo dtruss /opt/local/bin/sudo true &> sudo-truss.log) from the 1.8.8_1 version.

Note that this is a distinct problem from the bug reported in #40644 / sudo @1.8.6p7_0, which also happens/happened to me.

Re-testing with that version demonstrates: 

$ /usr/bin/sudo port activate -f sudo@1.8.6p7_0
...

$ sudo -V 
Sudo version 1.8.6p7
Sudoers policy plugin version 1.8.6p7
Sudoers file grammar version 42
Sudoers I/O plugin version 1.8.6p7

$ sudo true 
Password:
$ echo $?
0

$ sudo -u shabble true
sudo: unable to change to runas uid (501, 501): Operation not permitted
sudo: unable to execute /usr/bin/true: Operation not permitted

Attachments (2)

sudo-truss.log (41.7 KB) - added by shabble@… 10 years ago.
dtruss output of running `sudo true' with broken version.
sudo-truss-works.log (39.3 KB) - added by jpo@… 10 years ago.
root# dtruss /opt/local/bin/sudo true &> sudo-truss-works.log

Download all attachments as: .zip

Change History (9)

Changed 10 years ago by shabble@…

Attachment: sudo-truss.log added

dtruss output of running `sudo true' with broken version.

comment:1 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)

Description: modified (diff)
Keywords: sudo removed

comment:2 Changed 10 years ago by jpo@…

works for me on OS X 10.6.8, sudo @1.8.8_1

Changed 10 years ago by jpo@…

Attachment: sudo-truss-works.log added

root# dtruss /opt/local/bin/sudo true &> sudo-truss-works.log

comment:3 Changed 10 years ago by jpo@…

Cc: jpo@… added

Cc Me!

comment:4 Changed 10 years ago by cooljeanius (Eric Gallager)

Cc: egall@… added

Cc Me!

comment:5 Changed 9 years ago by raimue (Rainer Müller)

Owner: changed from macports-tickets@… to youvegotmoxie@…

Assigning to maintainer.

comment:6 Changed 9 years ago by youvegotmoxie@…

I cannot recreate this issue on my machine using sudo @1.8.14p3.

Is this still an issue?

comment:7 Changed 8 years ago by neverpanic (Clemens Lang)

Keywords: lack-of-interest added
Resolution: worksforme
Status: newclosed

Closing due to lack of response from reporter.

Note: See TracTickets for help on using tickets.