ah0b0
Posts: 20
Joined: Mon Jul 15, 2013 3:02 am
Location: USA

user is not allowed to execute as root

Wed Jul 24, 2013 5:12 pm

o/
xpost from xbian forum: http://forum.xbian.org/showthread.php?tid=1141

Running Xbian 1 beta 1
Was going fine. Installed samba and some other programs through SSH. I got to a point where I wanted to backup my SD.

At the time I didn't know a way to backup in linux -- so I shutdown properly (sudo shutdown -h now) and once it was done, removed power and removed SD card. Plugged the sd into windows7 box and it pops up to try to "Scan and fix the SD Card" or to continue without scanning. I decided to continue without scanning. Ran a "read" on Win32DiskImager. Backup was complete. Ejected and put in pi -- powered up pi. Now trying to run a simple command : sudo apt-get update

I get this error:

Code: Select all

xbian@Link ~ $ sudo apt-get update
[sudo] password for xbian:
Sorry, user xbian is not allowed to execute '/usr/bin/apt-get update' as root on Link.
xbian@Link ~ $
Now any command with sudo will return a similar error. Even sudo reboot.
Now "su" works fine and I opened visudo and everything looks fine.

TL;DR - Was working fine. Shutdown, removed sd card, backed up in win7, put back in pi and booted. Now Sudo won't work.

ah0b0
Posts: 20
Joined: Mon Jul 15, 2013 3:02 am
Location: USA

Re: user is not allowed to execute as root

Wed Jul 24, 2013 5:21 pm

Here's the main part of the sudoers / visudo file:

Code: Select all

*snip*
Defaults        env_reset
Defaults        mail_badpass
Defaults       secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

xbian ALL=(ALL) NOPASSWD: /usr/local/sbin/xbian-config, /sbin/halt, /sbin/reboot, /usr/bin/spalsh

User avatar
cyrano
Posts: 717
Joined: Wed Dec 05, 2012 11:48 pm
Location: Belgium

Re: user is not allowed to execute as root

Wed Jul 24, 2013 6:57 pm

Does it really say "/usr/bin/spalsh" at the end?

That should be "/usr/bin/splash", but if that is responsible for the sudo error?

ah0b0
Posts: 20
Joined: Mon Jul 15, 2013 3:02 am
Location: USA

Re: user is not allowed to execute as root

Wed Jul 24, 2013 7:03 pm

sorry, no, that was a typo from where it ran of the page and I copied and pasted it in.

User avatar
joan
Posts: 15381
Joined: Thu Jul 05, 2012 5:09 pm
Location: UK

Re: user is not allowed to execute as root

Wed Jul 24, 2013 7:12 pm

Are you meant to log in as xbian?

Isn't the xbian user limited to the few commands mentioned at the end of the xbian line?

Genuine question, I don't understand the sudoers format.

User avatar
rpdom
Posts: 18152
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: user is not allowed to execute as root

Wed Jul 24, 2013 8:44 pm

joan wrote:Are you meant to log in as xbian?

Isn't the xbian user limited to the few commands mentioned at the end of the xbian line?

Genuine question, I don't understand the sudoers format.
I think you are right.

However, there may also be other files in /etc/sudoers.d which are included in the sudo processing. I wonder if there is anything in there?

ah0b0
Posts: 20
Joined: Mon Jul 15, 2013 3:02 am
Location: USA

Re: user is not allowed to execute as root

Wed Jul 24, 2013 9:11 pm

rpdom wrote:
joan wrote:Are you meant to log in as xbian?

Isn't the xbian user limited to the few commands mentioned at the end of the xbian line?

Genuine question, I don't understand the sudoers format.
I think you are right.

However, there may also be other files in /etc/sudoers.d which are included in the sudo processing. I wonder if there is anything in there?
if you mean this line: "xbian ALL=(ALL) NOPASSWD: /usr/local/sbin/xbian-config, /sbin/halt, /sbin/reboot, /usr/bin/splash"

Then no. Those are just the commands that don't require you to put in the sudo password.

User avatar
joan
Posts: 15381
Joined: Thu Jul 05, 2012 5:09 pm
Location: UK

Re: user is not allowed to execute as root

Wed Jul 24, 2013 9:15 pm

rpdom wrote:...
However, there may also be other files in /etc/sudoers.d which are included in the sudo processing. I wonder if there is anything in there?
Hopefully someone with a working xbian system will answer that question.

User avatar
rpdom
Posts: 18152
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: user is not allowed to execute as root

Wed Jul 24, 2013 9:17 pm

In that case, is user xbian a member of group sudo?

ah0b0
Posts: 20
Joined: Mon Jul 15, 2013 3:02 am
Location: USA

Re: user is not allowed to execute as root

Wed Jul 24, 2013 10:02 pm

rpdom wrote:In that case, is user xbian a member of group sudo?
no.... it's not... But if it was part of the sudo group, I wouldn't need to "sudo" would I?

Code: Select all

uid=1001(xbian) gid=1001(xbian) groups=1001(xbian),1002(torrent)
Edit: just tested this on a new flash of xbian1.1 and it is the same as the default.

User avatar
jojopi
Posts: 3424
Joined: Tue Oct 11, 2011 8:38 pm

Re: user is not allowed to execute as root

Thu Jul 25, 2013 7:05 am

ah0b0 wrote:if you mean this line: "xbian ALL=(ALL) NOPASSWD: /usr/local/sbin/xbian-config, /sbin/halt, /sbin/reboot, /usr/bin/splash"
Then no. Those are just the commands that don't require you to put in the sudo password.
With your configuration, those are the only commands that user xbian is allowed to sudo at all.
ah0b0 wrote:no.... it's not... But if it was part of the sudo group, I wouldn't need to "sudo" would I?
Being in group sudo does not override permissions like root does. But you would match the "%sudo ALL=(ALL:ALL) ALL" line, and be able to sudo any command (with password) instead of just the four allowed by the xbian line (without).

I do not use XBian, but your sudoers appears to match the default. In the old image I have, xbian was in group sudo.

ah0b0
Posts: 20
Joined: Mon Jul 15, 2013 3:02 am
Location: USA

Soved : user is not allowed to execute as root

Thu Jul 25, 2013 1:05 pm

jojopi wrote:
ah0b0 wrote:if you mean this line: "xbian ALL=(ALL) NOPASSWD: /usr/local/sbin/xbian-config, /sbin/halt, /sbin/reboot, /usr/bin/splash"
Then no. Those are just the commands that don't require you to put in the sudo password.
With your configuration, those are the only commands that user xbian is allowed to sudo at all.
ah0b0 wrote:no.... it's not... But if it was part of the sudo group, I wouldn't need to "sudo" would I?
Being in group sudo does not override permissions like root does. But you would match the "%sudo ALL=(ALL:ALL) ALL" line, and be able to sudo any command (with password) instead of just the four allowed by the xbian line (without).

I do not use XBian, but your sudoers appears to match the default. In the old image I have, xbian was in group sudo.
Fixed sudo! Goddamn that was easy! :lol: I just changed the line to xbian ALL=(ALL:ALL) ALL and it works great! ....and to think of how much hair I've pulled out because of this :|

User avatar
joan
Posts: 15381
Joined: Thu Jul 05, 2012 5:09 pm
Location: UK

Re: Soved : user is not allowed to execute as root

Thu Jul 25, 2013 1:11 pm

ah0b0 wrote:...
Fixed sudo! Goddamn that was easy! :lol: I just changed the line to xbian ALL=(ALL:ALL) ALL and it works great! ....and to think of how much hair I've pulled out because of this :|
Remember that whoever decided the default permissions may have given it careful thought.

Return to “Troubleshooting”