HqLabSniffer ~ # emerge --info Portage 2.0.54 (default-linux/x86/2005.1, gcc-3.3.6, glibc-2.3.5-r2, 2.6.15-gentoo-r1 i686) ================================================================= System uname: 2.6.15-gentoo-r1 i686 Pentium III (Katmai) Gentoo Base System version 1.6.14 dev-lang/python: 2.3.5, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O3 -march=pentium3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/X11/xorg.conf /etc/conf.d/gpm.conf /etc/conf.d/ntp-client /etc/domainname /etc/hostname /etc/rc.conf /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -march=pentium3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.us.gentoo.org/gentoo-portage" USE="x86 X alsa apm arts audiofile avi berkdb bitmap-fonts bzip2 crypt cups eds emboss encode esd ethereal exif expat fam foomaticdb fortran gdbm gif glib++ glut gnome gpm gstreamer gtk gtk2 gtkhtml idn imlib ipv6 java jpeg kde lcms libg++ libwww mad mikmod mng motif mozilla mp3 mpeg ncurses nls ogg oggvorbis opengl oss pam pcre pdflib perl png python qt quicktime readline samba sdl spell ssl tcpd tiff truetype truetype-fonts type1-fonts udev vorbis xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
HqLabSniffer ~ # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video) HqLabSniffer ~ # sudo -l sudo: can't open /etc/sudoers: Permission denied HqLabSniffer ~ # sendmail: Cannot open mail:25 HqLabSniffer ~ # cat /etc/sudoers # sudoers file. # # This file MUST be edited with the 'visudo' command as root. # # See the sudoers man page for the details on how to write a sudoers file. # # Host alias specification # User alias specification # Cmnd alias specification # Defaults specification # Reset environment by default Defaults env_reset # Uncomment to allow users in group wheel to export variables # Defaults:%wheel !env_reset # Allow users in group users to export specific variables # Defaults:%users env_keep=TZ # Allow specific user to bypass env_delete for TERMCAP # Defaults:user env_delete-=TERMCAP # Set default EDITOR to vi, and do not allow visudo to use EDITOR/VISUAL. Defaults editor=/usr/bin/vim, !env_editor # Onvoy defaults Defaults logfile=/var/log/sudo.log,log_year Defaults requiretty Defaults lecture=always # Runas alias specification # *** REMEMBER *************************************************** # * GIVING SUDO ACCESS TO USERS ALLOWS THEM TO RUN THE SPECIFIED * # * COMMANDS WITH ELEVATED PRIVILEGES. * # * * # * NEVER PERMIT UNTRUSTED USERS TO ACCESS SUDO. * # **************************************************************** # User privilege specification root ALL=(ALL) ALL dsanders ALL=(ALL) NOPASSWD:ALL # Uncomment to allow people in group wheel to run all commands # %wheel ALL=(ALL) ALL # Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL # Users in group www are allowed to edit httpd.conf and ftpd.conf # using sudoedit, or sudo -e, without a password. # %www ALL=(ALL) NOPASSWD: sudoedit /etc/httpd.conf, /etc/ftpd.conf # Samples # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now HqLabSniffer ~ # ls -l /usr/bin/sudo ---s--x--x 2 root root 106640 Feb 16 16:35 /usr/bin/sudo HqLabSniffer ~ # sudo -V Sudo version 1.6.8p9 Authentication methods: 'pam' Syslog facility if syslog is being used for logging: local2 Syslog priority to use when user authenticates successfully: notice Syslog priority to use when user authenticates unsuccessfully: alert Send mail if the user is not in sudoers Lecture user the first time they run sudo Require users to authenticate by default Root may run sudo Allow some information gathering to give useful error messages Visudo will honor the EDITOR environment variable Set the LOGNAME and USER environment variables Length at which to wrap log file lines (0 for no wrap): 80 Authentication timestamp timeout: 5 minutes Password prompt timeout: 5 minutes Number of tries to enter a password: 3 Umask to use or 0777 to use user's: 022 Path to mail program: /usr/sbin/sendmail Flags for mail program: -t Address to send mail to: root Subject line for mail messages: *** SECURITY information for %h *** Incorrect password message: Sorry, try again. Path to authentication timestamp dir: /var/run/sudo Default password prompt: Password: Default user to run commands as: root Path to the editor for use by visudo: /bin/nano When to require a password for 'list' pseudocommand: any When to require a password for 'verify' pseudocommand: all File containing dummy exec functions: /usr/libexec/sudo_noexec.so Environment variables to check for sanity: LANGUAGE LANG LC_* Environment variables to remove: BASH_ENV ENV TERMCAP TERMPATH TERMINFO_DIRS TERMINFO _RLD* LD_* PATH_LOCALE NLSPATH HOSTALIASES RES_OPTIONS LOCALDOMAIN CDPATH IFS SHELLOPTS PERLIO_DEBUG PERL5LIB PERLLIB FPATH PS4 NULLCMD READNULLCMD GLOBIGNORE PERL5OPT PYTHONHOME PYTHONPATH PYTHONINSPECT RUBYLIB RUBYOPT ZDOTDIR Local IP address and netmask pairs: 10.31.2.101 / 0xfffffe00 * app-admin/sudo Latest version available: 1.6.8_p9-r2 Latest version installed: 1.6.8_p9-r2 Size of downloaded files: 571 kB Homepage: http://www.sudo.ws/ Description: Allows users or groups to run commands as other users License: Sudo
Are you doing something unusual on this system we should know about? selinux, unusual filesystem layout, kernel patches, gcc patches, etc. The line that prints that sudoers error only appears if an fopen() and fread() of sudoers fails, and you seem to have cat working fine. please paste the output of "stat /etc/sudoers" and "mount".
(In reply to comment #2) > Are you doing something unusual on this system we should know about? > selinux, unusual filesystem layout, kernel patches, gcc patches, etc. > The line that prints that sudoers error only appears if an fopen() and fread() > of sudoers fails, and you seem to have cat working fine. > please paste the output of "stat /etc/sudoers" and "mount". I have build three gentoo system this week. On two of the systems, sudo is not working. On another it is working. The machine were built specificly following the Gentoo Handbook. HqLabSniffer ~ # stat /etc/sudoers File: `/etc/sudoers' Size: 1781 Blocks: 8 IO Block: 131072 regular file Device: 303h/771d Inode: 194356 Links: 1 Access: (0440/-r--r-----) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2006-02-16 16:35:17.000000000 -0600 Modify: 2006-02-16 16:35:17.000000000 -0600 Change: 2006-02-16 16:36:50.000000000 -0600 HqLabSniffer ~ # mount /dev/hda3 on / type reiserfs (rw,noatime) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) udev on /dev type tmpfs (rw,nosuid) devpts on /dev/pts type devpts (rw) /dev/hda1 on /boot type ext2 (rw,noatime) shm on /dev/shm type tmpfs (rw,noexec,nosuid,nodev) usbfs on /proc/bus/usb type usbfs (rw,devmode=0664,devgid=85) HqLabSniffer ~ #
Can you run "strace sudoers -l" and "ltrace sudoers -l" (you can emerge them if you dont have these commands) and paste the output (you will have to be root to run these commands).
David: A colleague suggested this might be incorrect permissions on /, please run ls -ld / and compare the output with mine below $ ls -ld / drwxr-xr-x 18 root root 480 Oct 30 23:28 //
(In reply to comment #5) > David: A colleague suggested this might be incorrect permissions on /, please > run ls -ld / and compare the output with mine below > $ ls -ld / > drwxr-xr-x 18 root root 480 Oct 30 23:28 // Looks like that fixed it. Not sure how it got set that way. Thanks for the help. HqLabSniffer ~ # ls -ld / d-wxr----t 20 root root 520 Feb 8 13:29 / HqLabSniffer ~ # cd HqLabSniffer ~ # chmod 755 / HqLabSniffer ~ # ls -ld / drwxr-xr-x 20 root root 520 Feb 8 13:29 / HqLabSniffer ~ # sudo -l User root may run the following commands on this host: (ALL) ALL HqLabSniffer ~ #
