Permission Denied for User with Sudo Privileges

ubuntu sudo

Suddenly I'm running into permission problems when I issue commands as root via sudo.

I can create files in my home directory using normal permissions, so something like this works for example:

vi /home/mike/test.txt

But the equivalent command run using sudo doesn't work:

sudo vi /home/mike/test.txt
"test.txt" E212: Can't open file for writing

This is just one example, all commands using sudo fail for permission reasons.

I'm assuming because I can write using normal permissions that it's not an issue with the file system being read-only. It's also not limited to file writes, commands like "sudo visudo" will fail for permission reasons as well. I am not aware of any recent changes to the server that would have caused this ("sudo" had been working fine for this user for the 8 or so months it's been up). A hard reboot hasn't solved the issue.

Server is: Ubuntu 8.04.2 LTS (hardy)

Any ideas or help would be greatly appreciated!


Solution 1:

Could you run 

sudo -s
id

And post the output? I want to see if it's actually making you the user you think.

Also, try 

sudo cat /etc/sudoers

The output of id here is quite enlightening. When you ran sudo -s, you were given a UID of 1, while the only UID that the kernel will recognize as having root privileges is UID 0.

Try running 

getent passwd | grep ':0:'

and see if any entries have that 0 in their first numeric field, the UID. Whatever account that is is the real superuser on the system, while root is a fake. Once you know the name, you can try

sudo -s -u username

to get a shell as that user.

You should also post the output of 

getent passwd root

The bigger issue here is how such a condition came to pass.

Is this machine offering any network services? If so, someone may have broken into it and taken it over. In that case, you should probably back up the data, do a clean re-install, and audit anything that goes back on it.

If it's more of a personal machine, might there be a knowledgeable prankster who's had access to it recently?

Edit: your comment to another answer suggests that this is a server. I would highly recommend taking it offline ASAP and imaging its disks for forensic purposes. Unless you can identify a benign cause for this in short order, you've probably had your server cracked.

Solution 2:

I am wondering if the /home directory is an NFS mount. In this case, the root user has the permission of the 'other' catagory as its permissions on the NFS mount are as the user nobody/nobody and not the root user.

Solution 3:

can you still become root using 

sudo su -

then, does

cd /home/mike
vi test.txt

work?

Solution 4:

Is the sudo binary SUID root?

ls -l $(which sudo)

Solution 5:

  • is /home or /home/mike same partition as "/" mount?
  • could you also post output from lsattr /home/mike/test.txt command ?

Related

How to set up Gitweb
fastest web server for static, dynamic content?
Trouble interpreting iostat's tps measure
Backup - rsync or tar [closed]
What are the effects of the L root server now publishing DURZ?
user GPG key not able to be used by SUDO
What is the best Linux distro for a php web server? [closed]
Why does any .php page give me a 404 error on Server 2008 with IIS 7.0? [closed]
Tools to run a background process command line in windows?
Support Ticketing system [duplicate]
I'm looking for a word that means "Intended for particular use"
"Jolly good" meaning "extremely good" in British English