Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sudo must be owned by uid 0 and have the setuid bit set #22914

Closed
pstn opened this issue Feb 17, 2017 · 10 comments
Closed

sudo must be owned by uid 0 and have the setuid bit set #22914

pstn opened this issue Feb 17, 2017 · 10 comments
Assignees
@globin
Labels
1.severity: blocker This is preventing another PR or issue from being completed
Milestone
17.03

Comments

@pstn
Copy link
Contributor

pstn commented Feb 17, 2017

Issue description

The sudo binary doesn't have an setuid bit that it needs to be useful.
Could be because of the pcap wrappers merge.

Steps to reproduce

Install sudo, try to run it.

Technical details

  • System: 17.03pre101267.a9584c9 (Gorilla)
  • Nix version: nix-env (Nix) 1.11.6
  • Nixpkgs version: 17.03pre101267.a9584c9
@pstn
Copy link
Contributor Author

pstn commented Feb 17, 2017

It was just a broken env. Sorry to bother you.

@pstn pstn closed this as completed Feb 17, 2017
@Mic92
Copy link
Member

Mic92 commented Feb 17, 2017
edited
Loading

nix-user-chroot breaks sudo for instance with the same error message. There might a fix for that, but I have not yet looked into it.

@globin
Copy link
Member

globin commented Feb 17, 2017

@pstn's occurence was due to the setuid sudo binary being moved from /run/setuid-wrappers to /run/wrappers/bin and his PATH not yet being updated. I'll add a temporary symlink before the release.

@MP2E
Copy link

MP2E commented Feb 19, 2017
edited
Loading

I was bit by this and was very confused for some time, but it turns out that the PATH was being overwritten by ~/.zshenv. With that line deleted and a reboot, everything works.

So if you're a zsh user bit by this bug, please check both your .zshrc and .zshenv for any lines setting PATH, and remove them.

@dezgeg
Copy link
Contributor

dezgeg commented Feb 24, 2017

Let's keep this issue open until the temporary symlink is added so this isn't forgotten.

@dezgeg dezgeg reopened this Feb 24, 2017
@dezgeg dezgeg added the 1.severity: blocker This is preventing another PR or issue from being completed label Feb 24, 2017
@dezgeg dezgeg added this to the 17.03 milestone Feb 24, 2017
@vcunat vcunat mentioned this issue Feb 27, 2017
Closed
@seagreen
Copy link

What's the symlink fix? I'd like to get sudo working again without waiting.

@7c6f434c
Copy link
Member

The idea of the symlink fix is just to make /var/setuid-wrappers a symlink to /run/wrappers/bin

@seagreen
Copy link

Ohhh, I tried /run/setuid-wrappers (from earlier in the thread), not /var/setuid-wrappers.

@globin
Copy link
Member

globin commented Mar 22, 2017

#23641

@globin globin closed this as completed Mar 22, 2017
globin added a commit that referenced this issue Mar 23, 2017
@globin
security-wrapper: link old wrapper dir to new one
e82baf0 
This makes setuid wrappers not fail after upgrading.

references #23641, #22914, #19862, #16654
globin added a commit that referenced this issue Mar 23, 2017
@globin
security-wrapper: link old wrapper dir to new one
1394a0c 
This makes setuid wrappers not fail after upgrading.

references #23641, #22914, #19862, #16654

(cherry picked from commit e82baf0)
@tinkyholloway
Copy link

I upgraded from 17.03 to 18.03 and I have this problem.

The idea of the symlink fix is just to make /var/setuid-wrappers a symlink to /run/wrappers/bin

This did not help.

adrianpk added a commit to adrianpk/nixpkgs that referenced this issue May 31, 2024
@adrianpk
security-wrapper: link old wrapper dir to new one
f60c441 
This makes setuid wrappers not fail after upgrading.

references NixOS#23641, NixOS#22914, NixOS#19862, NixOS#16654

(cherry picked from commit e82baf0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@globin globin

Labels
1.severity: blocker This is preventing another PR or issue from being completed
Projects
None yet
Milestone
17.03
Development

No branches or pull requests
8 participants
@Mic92 @MP2E @dezgeg @seagreen @pstn @globin @7c6f434c @tinkyholloway