Sudo not working any more

Raspberry Pi 4 running Openhab 3.3.0
I have playing all evening trying to get Node-Red to work and now suddenly found, that I can’t use any more “sudo” command in console…
It gives me “/usr/bin/sudo must be owned by uid 0 and have the setuid bit set”
I don’t know, what I did to have this problem… :frowning_face:
Openhab itself runs nicely, everyting is working.
In console command " sudo openhabian-config" gives me the answer: “sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set”
Command “ls-l /usr/bin/sudo” gives me “-rwxr-xr-x 1 frontail frontail 135376 Jan 23 2021 /usr/bin/sudo”

Is there a way to restore my root privileges?

Yes but you’re not going to like it. And the permissions on the sodoers file is not something that just randomly happens which makes me question whether there isn’t something much more fundamental going on (SD care is wearing out) like you ran one of the nuclear destruction commands on Linux/Unix machines like recursively changing the ownership of all files under / or even just under /etc which is going to take way more than just fixing that one file to get the machine back up and running.

To fix sudo you’ll need to stop that machine, mount the SD card on another machine that can read ext4 file systems (Windows cannot without special software, many will use a VM running Linux to mount the file system). Then navigate to that folder and fix the ownership of the file to root:root (i.e. 0:0) and make sure the file permissions are -rwsr-xr-x.

Given that output from ls I’m going to guess you (or something) ran a chmod -r and chown -r from \ to set the permissions for frontail and now everything is owned by frontail with those permissions. If only that one file is owned by frontail, your SD card is wearing out or at the very least your file system is corrupted.

In either case the fastest solution will be to start up a new SD card and restore from a backup or mount the SD card to another machine and pull off it what you can. But you will have to pay attention to the ownership and permissions that those file need to be on the new machine. They can’t stay owned by frontail.

Can’t I just give permissions back to root, instead of frontend? :slight_smile:

I guess I messed with npm install and this caused this problem…

You can try that but you require root privileges to do so and will not become root without sudo which does not work… Besides that the risk is verry high that more is broken…

There is another thread reporting the same problem. Question would be if there ate common causes.

openhabian@openHABianPi:/usr/bin $ ls -al gives me, that all files are owned by frontail…

-rwxr-xr-x 1 frontail frontail 135376 Jan 23 2021 sudo
lrwxrwxrwx 1 frontail frontail 4 Jan 23 2021 sudoedit → sudo
-rwxr-xr-x 1 frontail frontail 42776 Jan 23 2021 sudoreplay
-rwxr-xr-x 1 frontail frontail 34648 Feb 22 2017 sum
-rwxr-xr-x 1 frontail frontail 87816 Feb 7 2019 symcryptrun
-rwxr-xr-x 1 frontail frontail 845964 Jun 29 15:41 systemd-analyze

openhabian@openHABianPi:/usr $ ls -al
total 228
drwxr-xr-x 12 openhabian openhabian 4096 Oct 18 17:47 .
drwxr-xr-x 21 root root 4096 Dec 17 2021 …
drwxr-xr-x 2 frontail frontail 36864 Oct 18 20:56 bin
-rw-r–r-- 1 frontail frontail 53097 Mar 5 2019
drwxr-xr-x 2 root root 4096 Oct 18 17:47 etc
drwxr-xr-x 2 root root 4096 Dec 14 2017 games
drwxr-xr-x 45 frontail frontail 4096 Sep 30 00:26 include
drwxr-xr-x 55 frontail frontail 4096 Jan 4 2022 lib
-rw-r–r-- 1 frontail frontail 65839 Mar 5 2019 LICENSE
drwxrwsr-x 10 root staff 4096 Mar 13 2018 local
drwxr-xr-x 4 root root 4096 Dec 21 2021 man
-rw-r–r-- 1 frontail frontail 26697 Mar 5 2019
drwxr-xr-x 2 openhabian openhabian 4096 Sep 30 00:26 sbin
drwxr-xr-x 120 frontail frontail 4096 Oct 18 20:23 share
drwxr-xr-x 2 root root 4096 Dec 14 2017 src

openhabian@openHABianPi:~ $ ls -l /usr/bin/su*

-rwxr-xr-x 1 frontail frontail 135376 Jan 23 2021 /usr/bin/sudo
lrwxrwxrwx 1 frontail frontail 4 Jan 23 2021 /usr/bin/sudoedit → sudo
-rwxr-xr-x 1 frontail frontail 42776 Jan 23 2021 /usr/bin/sudoreplay
-rwxr-xr-x 1 frontail frontail 34648 Feb 22 2017 /usr/bin/sum

As my Openhab system is moved to SSD and SD card is only booting?, then I must change owner of files on SSD?

So didn’t you read the docs or did you deliberately choose to ignore both of these sections ?

Thank you for pointing that.
My Openhab has run on this setup at least for 5 years, and those times all told, that heavy log writing will destroy SD card soone or later - and it did! Added SSD, openhabian-config had “move file system to…” and everything run perfectly.
…untill I messed up with npm and node-red install and accidentally changed owner from root to frontail…
I’m not a linux egineer, my daywork is not computers and programming, Openhab is my hobby project at my house, and I’m dealing with it in the evenings and nights.
Yesterday evening also spent 5 hours to find solution from google, BEFORE to write here and ask for help!

It’s a catch 22. You need root to change the ownership to root. And you don’t have root any more because of the ownership and permissions.

But once again, if this impacted all the files in /usr/bin, which is highly likely, sudo is not the only thing that’s broken. In fact most of your commands and programs will be broken. I’d be surprised if you tried to reboot whether the machine would come back online.

It’s my understanding that openhabian-config has the option to install Node-Red. Why didn’t you use that?

I’ll say it once again, this machine is toast. It’s going to take far longer to fix what’s broken than it will be to start over from scratch. The good news is if you don’t have backups the files on this machine are likely intact. But their ownership and permissions are likely not correct so be careful when you restore them on the new machine that they get restored with proper ownership and permissions (you can see the default files that are there and match those ownership and permission settings.

If you insist on trying to fix this by hand, it’s going to take many hours of tedious work and you will not get much help here because:

  1. it’s a Linux problem, not an openHAB or even an openHABian problem
  2. we’ve already told you the easiest way to fix this, it’s not really required of us to support you doing it the hard way
1 Like

Rebooted yesterday night - came alive.

I tried - it gave error and did not install…

Thank You!

I had the same problem. I am not sure if it is a Linux problem or maybe a problem with openHABian (openhabian-config).

For me it occurred after I updated from openHAB 2.5 to 3.4 using openhabian-config. At first it worked after the update, but with some problems (MQTT, LCN, MySensors Binding). Anyway, sudo was also possible without any problems.

However, fronttail also still showed the openHAB2 log and I had no write permission over the samba shares.

Therefore I had run “Fix Permissions” via openhabian-config and reinstalled fronntail. Samba write access then worked and fronttail showed the correct log. But sudo was broken after that. The user and group for all programs in /usr/bin was set to frontail.

After that I wrote my openHAB 2.5 backup back to the SSD.

I will do the update again soon and make a backup before “fix permissions” and reinstalling fronttail. Then we will see if openhabian-config corrupts sudo again.

That is strange. Out of curiosity I had a look into openhabian-config script. I was not able to find any location where chown frontail is being used. While for other apps like influxdb the apps permssions can be reset but this is not being done for frontail.

OK I just checked it again. With the same result. In my case, after updating, installation of the log viewer with openhabian-config, breaks sudo. I opened a issue on github for this.

But this time I made a backup of the converted openhab 3.4 configuration. Now I installed openhabian from scratch and imported this config. In this case no problems after installation of the log viewer. And as a good side effect, my system is now also upgraded to bullseye.

I had this problem with a openhabian installation. It happened after specifying a password in the openhabian.conf file, then copying a local key to the new install so I could log in without that password, as in:

ssh-copy-id -i ~/.ssh/ openhabian@192.1XX.X.XX