我正在尝试使用 NFS 共享启动我的 Raspberry Pi。我已将 Raspbian Wheezy 映像的启动分区复制到 SD 卡,并将根分区复制到联网硬盘。我已编辑 cmdline.txt 以从 NFS 共享启动。这工作正常。
系统启动成功,我可以毫无问题地发出命令和读/写文件。然而,当我尝试使用时,问题就出现了sudo
。
pi@raspberrypi ~ $ sudo
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
但是,我可以找到 sudoers 文件。
pi@raspberrypi ~ $ cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
pi ALL=(ALL) NOPASSWD: ALL
这是 Raspbian 发行版中包含的默认 sudoers 文件。
我在 NFS 服务器上的 /etc/exports:
/DataVolume/shares/rasp *(rw,sync,no_root_squash,no_subtree_check)
有关权限的一些进一步信息:
pi@raspberrypi ~ $ ls -la /etc/sudoers
-r--r----- 1 root root 696 Jun 20 06:47 /etc/sudoers
pi@raspberrypi ~ $ ls -la /usr/bin/sudo
-rwsr-xr-x 2 root root 98712 Mar 3 2013 /usr/bin/sudo
pi@raspberrypi ~ $ ls -la /
total 1092
drwxr-xr-x 22 root root 65536 Jul 18 14:12 .
drwxr-xr-x 22 root root 65536 Jul 18 14:12 ..
drwxr-xr-x 2 root root 65536 Jun 20 08:55 bin
drwxr-xr-x 2 root root 4096 Jan 1 1970 boot
drwxr-xr-x 12 root root 3020 Jun 20 09:32 dev
drwxr-xr-x 99 root root 65536 Jul 18 17:14 etc
drwxr-xr-x 3 root root 65536 Jun 20 05:48 home
drwxr-xr-x 12 root root 65536 Jun 20 08:42 lib
drwx------ 2 root root 65536 Jun 20 05:34 lost+found
drwxr-xr-x 2 root root 65536 Jun 20 05:36 media
drwxr-xr-x 2 root root 65536 Apr 30 22:48 mnt
drwxr-xr-x 5 root root 65536 Jun 20 09:24 opt
dr-xr-xr-x 69 root root 0 Jan 1 1970 proc
drwx------ 2 root root 65536 Jun 20 05:36 root
drwxr-xr-x 10 root root 440 Jun 20 09:32 run
drwxr-xr-x 2 root root 65536 Jun 20 08:55 sbin
drwxr-xr-x 2 root root 65536 Jun 20 2012 selinux
drwxr-xr-x 2 root root 65536 Jun 20 05:36 srv
dr-xr-xr-x 12 root root 0 Jan 1 1970 sys
drwxrwxrwt 4 root root 65536 Jul 18 17:17 tmp
drwxr-xr-x 10 root root 65536 Jun 20 05:36 usr
drwxr-xr-x 11 root root 65536 Jul 18 17:14 var
pi@raspberrypi ~ $ strace /usr/bin/sudo
execve("/usr/bin/sudo", ["/usr/bin/sudo"], [/* 15 vars */]) = 0
brk(0) = 0x1774000
fcntl64(0, F_GETFD) = 0
fcntl64(1, F_GETFD) = 0
fcntl64(2, F_GETFD) = 0
access("/etc/suid-debug", F_OK) = -1 ENOENT (No such file or directory)
uname({sys="Linux", node="raspberrypi", ...}) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f9b000
access("/etc/ld.so.preload", R_OK) = 0
open("/etc/ld.so.preload", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=44, ...}) = 0
mmap2(NULL, 44, PROT_READ|PROT_WRITE, MAP_PRIVATE, 3, 0) = 0xb6f9a000
close(3) = 0
open("/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\270\4\0\0004\0\0\0"..., 512) = 512
lseek(3, 7276, SEEK_SET) = 7276
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1080) = 1080
lseek(3, 7001, SEEK_SET) = 7001
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0755, st_size=10170, ...}) = 0
mmap2(NULL, 39740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f6f000
mprotect(0xb6f71000, 28672, PROT_NONE) = 0
mmap2(0xb6f78000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb6f78000
close(3) = 0
munmap(0xb6f9a000, 44) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42997, ...}) = 0
mmap2(NULL, 42997, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6f64000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0TM\0\0004\0\0\0"..., 512) = 512
lseek(3, 107532, SEEK_SET) = 107532
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1120) = 1120
lseek(3, 107244, SEEK_SET) = 107244
read(3, "A0\0\0\0aeabi\0\1&\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 49) = 49
fstat64(3, {st_mode=S_IFREG|0644, st_size=108652, ...}) = 0
mmap2(NULL, 142424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f41000
mprotect(0xb6f5b000, 28672, PROT_NONE) = 0
mmap2(0xb6f62000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19) = 0xb6f62000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libutil.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\344\t\0\0004\0\0\0"..., 512) = 512
lseek(3, 8688, SEEK_SET) = 8688
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1160) = 1160
lseek(3, 8356, SEEK_SET) = 8356
read(3, "A0\0\0\0aeabi\0\1&\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 49) = 49
fstat64(3, {st_mode=S_IFREG|0644, st_size=9848, ...}) = 0
mmap2(NULL, 41128, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f36000
mprotect(0xb6f38000, 28672, PROT_NONE) = 0
mmap2(0xb6f3f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb6f3f000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0(\t\0\0004\0\0\0"..., 512) = 512
lseek(3, 8652, SEEK_SET) = 8652
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1160) = 1160
lseek(3, 8320, SEEK_SET) = 8320
read(3, "A0\0\0\0aeabi\0\1&\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 49) = 49
fstat64(3, {st_mode=S_IFREG|0644, st_size=9812, ...}) = 0
mmap2(NULL, 41136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f2b000
mprotect(0xb6f2d000, 28672, PROT_NONE) = 0
mmap2(0xb6f34000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb6f34000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\214y\1\0004\0\0\0"..., 512) = 512
lseek(3, 1198880, SEEK_SET) = 1198880
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1360) = 1360
lseek(3, 1198444, SEEK_SET) = 1198444
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0755, st_size=1200240, ...}) = 0
mmap2(NULL, 1242408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6dfb000
mprotect(0xb6f1e000, 28672, PROT_NONE) = 0
mmap2(0xb6f25000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x122) = 0xb6f25000
mmap2(0xb6f28000, 9512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6f28000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f9a000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f99000
set_tls(0xb6f994c0, 0xb6f99be8, 0xb6f9f048, 0xb6f994c0, 0xb6f9f048) = 0
mprotect(0xb6f25000, 8192, PROT_READ) = 0
mprotect(0xb6f34000, 4096, PROT_READ) = 0
mprotect(0xb6f3f000, 4096, PROT_READ) = 0
mprotect(0xb6f62000, 4096, PROT_READ) = 0
mprotect(0x26000, 4096, PROT_READ) = 0
mprotect(0xb6f9e000, 4096, PROT_READ) = 0
munmap(0xb6f64000, 42997) = 0
statfs64("/sys/fs/selinux", 88, 0xbebee7b8) = -1 ENOENT (No such file or directory)
statfs64("/selinux", 88, {f_type="NFS_SUPER_MAGIC", f_bsize=4096, f_blocks=485337168, f_bfree=286562224, f_bavail=286562224, f_files=30355200, f_ffree=29689069, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0
brk(0) = 0x1774000
brk(0x1795000) = 0x1795000
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f98000
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tr"..., 1024) = 287
read(3, "", 1024) = 0
close(3) = 0
munmap(0xb6f98000, 4096) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1534656, ...}) = 0
mmap2(NULL, 1534656, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6c84000
close(3) = 0
geteuid32() = 1000
stat64("/usr/bin/sudo", {st_mode=S_IFREG|S_ISUID|0755, st_size=98712, ...}) = 0
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f98000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2570
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb6f98000, 4096) = 0
open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "sudo", 4sudo) = 4
write(2, ": ", 2: ) = 2
write(2, "effective uid is not 0, is /usr/"..., 133effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?) = 133
write(2, "\n", 1
) = 1
close(0) = 0
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 0
fcntl64(0, F_GETFD) = 0x1 (flags FD_CLOEXEC)
_llseek(0, 0, [0], SEEK_SET) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, {it_interval={0, 0}, it_value={0, 0}}) = 0
rt_sigaction(SIGALRM, {0xb6efaa54, [], 0x4000000 /* SA_??? */}, {SIG_DFL, [], 0}, 8) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={10, 0}}, {it_interval={0, 0}, it_value={0, 0}}) = 0
fcntl64(0, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(0, "\10\0\0\0*\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\1\0\0\0002N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\10\0\0\0\304\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\331\7\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\332\7\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\333\7\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\7\0\0\0\337\7\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\334\7\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\336\7\0\0ttyAMA0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\335\7\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\7\0\0\0\363\7\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "", 384) = 0
fcntl64(0, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, {it_interval={0, 0}, it_value={9, 980558}}) = 0
rt_sigaction(SIGALRM, {SIG_DFL, [], 0x4000000 /* SA_??? */}, NULL, 8) = 0
exit_group(1) = ?
/proc/mounts 的输出:
pi@raspberrypi ~ $ cat /proc/mounts
rootfs / rootfs rw 0 0
10.0.0.12:/DataVolume/shares/rasp / nfs rw,relatime,vers=3,rsize=4096,wsize=4096,namlen=255,hard,nolock,proto=udp,timeo=11,retrans=3,sec=sys,mountaddr=10.0.0.12,mountvers=3,mountproto=udp,local_lock=all,addr=10.0.0.12 0 0
devtmpfs /dev devtmpfs rw,relatime,size=219832k,nr_inodes=54958,mode=755 0 0
tmpfs /run tmpfs rw,nosuid,noexec,relatime,size=44800k,mode=755 0 0
tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /run/shm tmpfs rw,nosuid,nodev,noexec,relatime,size=89580k 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620 0 0
/dev/mmcblk0p1 /boot vfat ro,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro 0 0
权限似乎是有序的。不确定 strace 是否有任何用处,我自己也不知道如何解释它。
有解决这个问题的想法吗?我没有 root 密码,因为这是预制的 Raspbian 映像,因此我无法测试是否su
有效。
答案1
虽然您的挂载上没有nosuid
,但您的 NFS 客户端似乎默认为 nosuid。
您可以通过明确设置 suid 标志来更改此设置。要以 root 身份实时执行此操作:
mount -o remount,suid /
如果有效,您可以将其添加到启动选项中。
也可以看看这个询问 Ubuntu 问题这与您遇到的问题几乎相同。
答案2
检查 sudo 可执行文件的权限。如果将文件复制到其他位置,则可能会丢失文件上的 SUID 位。
$ which sudo
/usr/bin/sudo
$ ls -la /usr/bin/sudo
---s--x--x 2 root root 208808 Jun 3 2011 /usr/bin/sudo
答案3
决定尝试Arch Linux ARM,工作完美。