-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sudo --login
not working on Arch Linux
#832
Comments
Thanks. I don't think we have focused on WSL being 'supported' yet, so I've added the "enhancement" label as well. Firing up a Windows machine to see if I can reproduce.
|
I managed to reproduce by upgrading my
|
Managed to reproduce! Very closely tied to the |
Tried it in a docker container, same thing happens, so does not seem tied to WSL. |
I have the same issue on my PC installation of Arch Linux. I installed sudo-rs 0.2.2 from the AUR. |
@JoelleJS Just to make sure: Did you fix the missing setuid/setgid on the sudo-rs binary? |
@Svintooo Yes, I added the |
Note: I've also noticed that in a fresh Arch-linux docker container, there is no PAM config for sudo, since there is no sudo in that docker. We should probably check with downstream packagers that they've thought of this. For Arch this would mean that the AUR sudo-rs package has a dependency on sudo unless the appropriate PAM files in |
I am not sure if missing PAM config for |
I've located the issue to this line: Since "sudo --login" starts a new login shell, a different PAM service name is used. This is done on purpose -- the system might have to do different session management for login sessions. ArchLinux doesn't provide this "sudo-i" service so authentication fails. Easy fix for Arch users: sudo cp /etc/pam.d/sudo /etc/pam.d/sudo-i After that, I guess this is not a problem with original sudo because that is likely compiled by the package maintainer with the To make sudo-rs the same, the AUR package maintainer can patch the above line in sudo-rs source code so the service_name is always Of course in the precompiled binaries we provide, we had to pick one and I think we went with |
sudo --login
not working on Arch Linux
Suggestion: Would it be possible to print a more descriptive error message when this issue happens? As an example, sudo-rs has a great error message (IMO) when setuid/setgid is not set for the binary. |
Good suggestion, let's create another issue for that. During my investigation here, I've also noticed original sudo sometimes printing uninformative error messages. Whether it is possible, I don't know -- this also requires the cooperation of PAM to give us helpful feedback. I think |
I just want to say thank you for a great experience in reporting this issue. The response this got has been wonderful. |
The biggest issue I see is that a missing service configuration could be a valid configuration, as PAM automatically falls back to the global PAM configuration in I think the best thing we could do is provide an example PAM configuration with our packages and include instructions for setting them up. Then leave it up to packagers of sudo to provide a configuration suitable for their specific distribution. One more thing we could do is to add build time configuration to allow changing the PAM service names for both login sessions and normal sessions at compile time, to give downstream maintainers a little more freedom (i.e. change the names of the services to |
Thanks to your help, I am adding the changes here in PKGBUILD. ❯ sudo-rs -i
arch# whoami
root
arch# exit
❯ sudo-rs --login
arch# whoami
root
arch#
|
Describe the bug
Whenever I try to use the
--login
option I instantly get an AuthError. No password prompt is shown.This is on Arch Linux on Windows Subsystem for Linux on Windows 11.
To Reproduce
pacman -S --needed wget # Install wget wget https://github.com/memorysafety/sudo-rs/releases/download/v0.2.2/sudo-0.2.2.tar.gz tar xf sudo-0.2.2.tar.gz --strip-components=1 bin/sudo
Expected behavior
Either receive a password prompt, OR execute
echo hello
.Environment:
sudo-rs
commit hash:f317145
(Version 0.2.2)(I also tried with a manual compile of master (
ebd3e60
) and got the same error.Additional context
No additional context.
The text was updated successfully, but these errors were encountered: