Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Executing sudo command prompts “/etc/sudo.conf is owned by uid 1001” #191

Open
1 task done
iCasture opened this issue Jan 16, 2025 · 2 comments
Open
1 task done

[BUG] Executing sudo command prompts “/etc/sudo.conf is owned by uid 1001” #191

iCasture opened this issue Jan 16, 2025 · 2 comments

Comments

@iCasture
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

The sudo command cannot execute properly, showing the following error:

sudo: /etc/sudo.conf is owned by uid 1001, should be 0
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

Expected Behavior

The sudo command should work normally.

Steps To Reproduce

  1. Deploy the Docker container.
  2. Access the Web UI and open the terminal to execute the sudo command.
  3. Alternatively, directly access the container’s terminal via the command line and execute the sudo command.

Both methods result in the same error.

Permissions of related files:

$ ls -al /etc

......
-rw-r--r-- 1 1001   1001  4343 Apr  8  2024 sudo.conf
-r--r----- 1 1001   1001  1822 Jan 16 17:16 sudoers
drwxr-xr-x 2 1001   1001  4096 Dec 21 06:48 sudoers.d
-rw-r--r-- 1 1001   1001  9804 Apr  8  2024 sudo_logsrvd.conf

$ ls -al /usr/bin/sudo
-rwxr-xr-x 1 1001 1001 277936 Apr  8  2024 /usr/bin/sudo

$  ls -al /bin/sudo
-rwxr-xr-x 1 1001 1001 277936 Apr  8  2024 /bin/sudo

$ whoami
abc

$ id -u
1007

$ id -g
1007

Environment

- OS: Ubuntu 24.04.1 LTS (Noble Numbat)
- How Docker service was installed: Official Docker repository (https://download.docker.com/linux/ubuntu)

CPU architecture

x86-64

Docker creation

---
services:
  code-server:
    image: lscr.io/linuxserver/code-server:4.96.2
    container_name: code-server-linuxserver
    environment:
      - PUID=1007
      - PGID=1007
      - TZ=Asia/Shanghai
      - HASHED_PASSWORD=$$argon2i$$v=19$$m=4096,t=3,p=1$$8ubC3XGwEFjMZCiC89YE+w$$carHsG2lXPYhrpTUZ/O9c9Udrledw48cYxv6iyisV2U
      - SUDO_PASSWORD_HASH=$$argon2i$$v=19$$m=4096,t=3,p=1$$XNVDWXPD8vciDi4nRUTevg$$RVZCjoVdN365UboMAJjn72Oezn6uvDRvgvNkq1P/6EQ
    volumes:
      - "/home/icasture/.config/code-server-linuxserver:/config"
    ports:
      - 23695:8443
    restart: unless-stopped

Container logs

/package/admin/s6-overlay/libexec/preinit: info: /run belongs to uid 1001 instead of 0 - fixing it
[migrations] started
[migrations] no migrations found
───────────────────────────────────────
      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝
   Brought to you by linuxserver.io
───────────────────────────────────────
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID:    1007
User GID:    1007
───────────────────────────────────────
Linuxserver.io version: 4.96.2-ls248
Build-date: 2024-12-20T22:44:41+00:00
───────────────────────────────────────
    
setting up sudo access
adding abc to sudoers
setting sudo password using sudo password hash
[custom-init] No custom files found, skipping...
[2025-01-16T09:02:04.664Z] info  code-server 4.96.2 08cbdfbdf11925e8a14ee03de97b942bba7e8a94
[2025-01-16T09:02:04.668Z] info  Using user-data-dir /config/data
[2025-01-16T09:02:04.692Z] info  Using config file /config/.config/code-server/config.yaml
[2025-01-16T09:02:04.693Z] info  HTTP server listening on http://0.0.0.0:8443/
[2025-01-16T09:02:04.693Z] info    - Authentication is enabled
[2025-01-16T09:02:04.693Z] info      - Using password from $HASHED_PASSWORD
[2025-01-16T09:02:04.693Z] info    - Not serving HTTPS
[2025-01-16T09:02:04.693Z] info  Session server listening on /config/data/code-server-ipc.sock
Connection to 127.0.0.1 8443 port [tcp/*] succeeded!
[ls.io-init] done.
@github-actions GitHub Actions
Copy link

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

@thespad
Copy link
Member

thespad commented Jan 16, 2025

Your entire container filesystem appears to be owned by UID 1001, as you can see from the very first log message

/package/admin/s6-overlay/libexec/preinit: info: /run belongs to uid 1001 instead of 0 - fixing it

I'm not entirely sure how you achieve that without some serious messing with namespacing in the daemon config or possibly some very ill-advised chowning of /var/lib/docker, but it's the root of your sudo issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Issue & PR Tracker
Status: Issues
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thespad @iCasture