LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Can't see contents of /etc/sudoers in visudo, yet vi shows it clearly (https://www.linuxquestions.org/questions/linux-security-4/cant-see-contents-of-etc-sudoers-in-visudo-yet-vi-shows-it-clearly-4175582927/)

hazel 06-23-2016 12:53 PM

Can't see contents of /etc/sudoers in visudo, yet vi shows it clearly
 
I'm fooling around with a new, very skeletal NuTyX system, doing various configuration jobs. I hope eventually to have it fully operational. But I've now come across something that I've never seen before on any Linux system, and I can't find any relevant google articles either.

The system has an /etc/sudoers file which I can view as root; its contents look entirely normal. I can also put it into the vi editor (which, as far as I can see, is the only editor I've got). But when I use visudo, it shows a completely empty file!

I don't want to do any edits of sudoers outside of visudo, so I can't give myself any sudo rights for the time being. I need to know what's going on here.

Turbocapitalist 06-23-2016 01:14 PM

I've not seen that distro but have you tried telling "visudo" explicitly which file to work on?

Code:

visudo -f /etc/sudoers
Or with a different editor?

Code:

EDITOR=/usr/bin/nano visudo -f /etc/sudoers

sgosnell 06-23-2016 04:18 PM

What files are in /etc/sudoers.d?

hazel 06-24-2016 02:25 AM

Quote:

Originally Posted by Turbocapitalist (Post 5565335)
I've not seen that distro but have you tried telling "visudo" explicitly which file to work on?

Code:

visudo -f /etc/sudoers

Yes, that was the first thing I tried, and it doesn't make any difference. This morning I had another go, trying to move my cursor around inside the file. I can't, so this is a genuinely empty file that visudo gives me, not a file with invisible text (now that really would be weird!).
Quote:

Or with a different editor?

Code:

EDITOR=/usr/bin/nano visudo -f /etc/sudoers

The problem at the moment is that I haven't got another editor, and I won't be able to install one until I get wifi working. Which is another problem, but let's take things one at a time. Actually I don't think this vi that I'm using is really vi at all. I think it's a clone; it looks different. Classic vi doesn't show you which mode you're in; vim does (but not if you're in command mode). This vi shows the mode all the time, in inverse video.

I've thought up a few more tests, but to do them, I'll first have to back up sudoers to a safe place. I'll report back later. Now I have to walk the dog.

@sgosnell: /etc/sudoers.d is empty.

hazel 06-24-2016 06:56 AM

Ok, here's the results of my tests. I started by making a backup copy of /etc/sudoers just in case. I wrote some random data into the empty file that visudo gave me, then wrote it out with :w. There was no warning about bad syntax (there should have been!) but it did not overwrite /etc/sudoers. Where it got filed, I have no idea, but subsequent calls to visudo recovered this file, with my random data in it. I also wrote it out under another name and checked that it contained my data and nothing else. So visudo makes a new file and keeps it separate from the actual sudoers file.

I also tried to load the real file by using ":r /etc/sudoers" inside visudo, but that didn't work either. The file remained empty.

sgosnell 06-24-2016 08:29 AM

/etc/sudoers.d should have at least one file. Usually it's README, which explains this. But I'm not certain your distro requires this. But for most distros using recent versions of sudo, at least one file of some type must be present.

What visudo does is save your changes to sudoers.tmp, and then moves the tmp file to the real sudoers file. You can see this in nano by looking at what is displayed at the bottom, "File Name to Write: /etc/sudoers.tmp". Is /etc/sudoers.tmp present? If so, it's not getting moved for some reason. I've never seen that behavior, but then there are lots of things I've never seen, fortunately.

hazel 06-24-2016 11:19 AM

Quote:

Originally Posted by sgosnell (Post 5565674)
/etc/sudoers.d should have at least one file. Usually it's README, which explains this. But I'm not certain your distro requires this. But for most distros using recent versions of sudo, at least one file of some type must be present.

I don't have such a file in LFS or in Crux either, yet sudo works perfectly well there. I do have a README file in Debian, according to which you only need a file in sudoers.d if you have the "includedir" directive uncommented in sudoers.

Quote:

What visudo does is save your changes to sudoers.tmp, and then moves the tmp file to the real sudoers file. You can see this in nano by looking at what is displayed at the bottom, "File Name to Write: /etc/sudoers.tmp". Is /etc/sudoers.tmp present? If so, it's not getting moved for some reason.
New info: Visudo does create such a file and it contains the actual contents of sudoers. I can view it from another terminal. But what visudo shows at the console is a different file, an empty one. The closing message from visudo mentions "/etc/sudoers.tmp unchanged", but the file is no longer there after visudo exits.

sgosnell 06-24-2016 12:14 PM

If the sudoers.tmp file isn't saved, then it can't be moved to sudoers. That would seem to be the issue, but I have no idea why it's not being saved. Nano should save the file, but it's being called by visudo, not directly. You could try running nano from the terminal as root, making a file named /etc/sudoers.tmp, and trying to save it, and see what happens. Not having nano (or visudo) save the tmp file is a puzzlement to me.

hazel 06-24-2016 12:21 PM

Quote:

Originally Posted by sgosnell (Post 5565762)
If the sudoers.tmp file isn't saved, then it can't be moved to sudoers. That would seem to be the issue, but I have no idea why it's not being saved. Nano should save the file, but it's being called by visudo, not directly. You could try running nano from the terminal as root, making a file named /etc/sudoers.tmp, and trying to save it, and see what happens. Not having nano (or visudo) save the tmp file is a puzzlement to me.

I told you, I don't have nano yet. This is a very skeletal system. Tomorrow, I'm going to wire up the ethernet port so that I can get some more software downloaded and installed, including wpa_supplicant, vim or nano, and an update for sudo.

sgosnell 06-24-2016 02:07 PM

So what is visudo using for an editor? I guess it uses vi by default, but nano is installed by default on most systems, and I've never seen anything other than nano. But visudo has to use an external editor, it has no capabilities for that on its own.

From the visudo man page:
Quote:

There is a hard-coded list of one or more editors that visudo will use set at compile-time that may be overridden via the editor sudoers Default variable.
...
visudo parses the sudoers file after the edit and will not save the changes if there is a syntax error. Upon finding an error, visudo will print a message stating the line number(s) where the error occurred and the user will receive the “What now?” prompt. At this point the user may enter ‘e’ to re-edit the sudoers file, ‘x’ to exit without saving the changes, or ‘Q’ to quit and save changes. The ‘Q’ option should be used with extreme care because if visudo believes there to be a parse error, so will sudo and no one will be able to run sudo again until the error is fixed. If ‘e’ is typed to edit the sudoers file after a parse error has been detected, the cursor will be placed on the line where the error occurred (if the editor supports this feature).
I don't know if any of this applies to your system, I've never even heard of NuTyX, but perhaps it might be helpful.

hazel 06-25-2016 12:19 AM

Visudo is hard-wired to use /usr/bin/vi if the EDITOR variable isn't set. I assume that's why it's called visudo. In Debian-based distros it seems to default to nano. I still don't know what causes the problem I ran into, but it seems to be a problem with vi and not just visudo itself. Yesterday, I managed to get an ethernet connection working and installed a lot of stuff including nano. With "EDITOR=nano visudo" everything works normally and I was able to give myself sudo rights.

It annoys me that I still don't have any idea what was going wrong, or indeed how the observed behaviour was brought about.

NuTyX is an unusual distro that was put together using Linux From Scratch. It's mostly binary but with a system of BSD-like ports that can be built locally. It installs without formatting the partition, so you can have any filesystem you like on your root partition, or install to a directory and then bundle it up as an iso image. You can even upgrade by reinstalling over the old image; only the active system directories will be removed and replaced leaving the home tree intact. And you can "net-install" it without using a disc image at all, just a simple bash script run in an existing Linux system. That's what I did. Of course the system you get then is skeletal, but it's fun fleshing it out.

sgosnell 06-25-2016 10:23 AM

So vi is installed on your system? If it is, visudo will certainly use it. I have no idea why it wouldn't work, and I've avoided dealing with vi forever. It's not something I need, and the learning curve is steeper than I'm willing to deal with. YMMV.

According to the NuTyX installation instructions, you can't use any filesystem you like, only the standard Linux filesystem types. It will format the root filesystem to the Linux filesystem of your choice if you select that. I don't believe Linux can run on just any filesystem, only a few. FAT, VFAT, NTFS, etc won't work. This is the same for any Linux distro, there are limits imposed by the Linux kernel.

hazel 06-25-2016 10:46 AM

Quote:

Originally Posted by sgosnell (Post 5566137)
So vi is installed on your system? If it is, visudo will certainly use it. I have no idea why it wouldn't work, and I've avoided dealing with vi forever. It's not something I need, and the learning curve is steeper than I'm willing to deal with. YMMV.

I don't like classic vi either, but I like vim and I really love gvim. It's the graphical editor that I use on all my systems, except for programming (when I use geany).
Quote:

According to the NuTyX installation instructions, you can't use any filesystem you like, only the standard Linux filesystem types. It will format the root filesystem to the Linux filesystem of your choice if you select that. I don't believe Linux can run on just any filesystem, only a few. FAT, VFAT, NTFS, etc won't work. This is the same for any Linux distro, there are limits imposed by the Linux kernel.
Well, that's what I meant of course: any Linux filesystem. I wasn't even thinking about NTFS. Though that filesystem thread I started in the Linux General forum has had some posts about using Linux on FAT, which I must say I hadn't previously considered possible. The point I was trying to make here is that most distros have a preferred filesystem (usually ext4) and format the partition you give them to that system before installing the software.

sgosnell 06-25-2016 11:45 AM

Every distro I've tried gives you an option to format a partition or not. Many do by default, but you can override that.


All times are GMT -5. The time now is 05:21 AM.