docker-code-server icon indicating copy to clipboard operation
docker-code-server copied to clipboard
verified publisher icon linuxserver

[BUG] Executing sudo command prompts “/etc/sudo.conf is owned by uid 1001”

Open iCasture opened this issue 1 year ago • 3 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Current Behavior

The sudo command cannot execute properly, showing the following error:

sudo: /etc/sudo.conf is owned by uid 1001, should be 0
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

Expected Behavior

The sudo command should work normally.

Steps To Reproduce

  1. Deploy the Docker container.
  2. Access the Web UI and open the terminal to execute the sudo command.
  3. Alternatively, directly access the container’s terminal via the command line and execute the sudo command.

Both methods result in the same error.

Permissions of related files:

$ ls -al /etc

......
-rw-r--r-- 1 1001   1001  4343 Apr  8  2024 sudo.conf
-r--r----- 1 1001   1001  1822 Jan 16 17:16 sudoers
drwxr-xr-x 2 1001   1001  4096 Dec 21 06:48 sudoers.d
-rw-r--r-- 1 1001   1001  9804 Apr  8  2024 sudo_logsrvd.conf

$ ls -al /usr/bin/sudo
-rwxr-xr-x 1 1001 1001 277936 Apr  8  2024 /usr/bin/sudo

$  ls -al /bin/sudo
-rwxr-xr-x 1 1001 1001 277936 Apr  8  2024 /bin/sudo

$ whoami
abc

$ id -u
1007

$ id -g
1007

Environment

- OS: Ubuntu 24.04.1 LTS (Noble Numbat)
- How Docker service was installed: Official Docker repository (https://download.docker.com/linux/ubuntu)

CPU architecture

x86-64

Docker creation

---
services:
  code-server:
    image: lscr.io/linuxserver/code-server:4.96.2
    container_name: code-server-linuxserver
    environment:
      - PUID=1007
      - PGID=1007
      - TZ=Asia/Shanghai
      - HASHED_PASSWORD=$$argon2i$$v=19$$m=4096,t=3,p=1$$8ubC3XGwEFjMZCiC89YE+w$$carHsG2lXPYhrpTUZ/O9c9Udrledw48cYxv6iyisV2U
      - SUDO_PASSWORD_HASH=$$argon2i$$v=19$$m=4096,t=3,p=1$$XNVDWXPD8vciDi4nRUTevg$$RVZCjoVdN365UboMAJjn72Oezn6uvDRvgvNkq1P/6EQ
    volumes:
      - "/home/icasture/.config/code-server-linuxserver:/config"
    ports:
      - 23695:8443
    restart: unless-stopped

Container logs

/package/admin/s6-overlay/libexec/preinit: info: /run belongs to uid 1001 instead of 0 - fixing it
[migrations] started
[migrations] no migrations found
───────────────────────────────────────
      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝
   Brought to you by linuxserver.io
───────────────────────────────────────
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID:    1007
User GID:    1007
───────────────────────────────────────
Linuxserver.io version: 4.96.2-ls248
Build-date: 2024-12-20T22:44:41+00:00
───────────────────────────────────────
    
setting up sudo access
adding abc to sudoers
setting sudo password using sudo password hash
[custom-init] No custom files found, skipping...
[2025-01-16T09:02:04.664Z] info  code-server 4.96.2 08cbdfbdf11925e8a14ee03de97b942bba7e8a94
[2025-01-16T09:02:04.668Z] info  Using user-data-dir /config/data
[2025-01-16T09:02:04.692Z] info  Using config file /config/.config/code-server/config.yaml
[2025-01-16T09:02:04.693Z] info  HTTP server listening on http://0.0.0.0:8443/
[2025-01-16T09:02:04.693Z] info    - Authentication is enabled
[2025-01-16T09:02:04.693Z] info      - Using password from $HASHED_PASSWORD
[2025-01-16T09:02:04.693Z] info    - Not serving HTTPS
[2025-01-16T09:02:04.693Z] info  Session server listening on /config/data/code-server-ipc.sock
Connection to 127.0.0.1 8443 port [tcp/*] succeeded!
[ls.io-init] done.

iCasture avatar Jan 16 '25 09:01 iCasture

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

github-actions[bot] avatar Jan 16 '25 09:01 github-actions[bot]

Your entire container filesystem appears to be owned by UID 1001, as you can see from the very first log message

/package/admin/s6-overlay/libexec/preinit: info: /run belongs to uid 1001 instead of 0 - fixing it

I'm not entirely sure how you achieve that without some serious messing with namespacing in the daemon config or possibly some very ill-advised chowning of /var/lib/docker, but it's the root of your sudo issue.

thespad avatar Jan 16 '25 11:01 thespad

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

LinuxServer-CI avatar Feb 16 '25 02:02 LinuxServer-CI

This issue is locked due to inactivity

LinuxServer-CI avatar May 17 '25 02:05 LinuxServer-CI