NFS 공유를 사용하여 Raspberry Pi를 부팅하려고 합니다. Raspbian Wheezy 이미지의 부팅 파티션을 SD 카드에 복사하고 루트 파티션을 네트워크 하드 드라이브에 복사했습니다. NFS 공유에서 부팅하기 위해 cmdline.txt를 편집했습니다. 이것은 잘 작동합니다.
시스템이 성공적으로 부팅되었으며 아무 문제 없이 명령을 실행하고 파일을 읽고 쓸 수 있습니다. 그런데 사용하려고 하면 문제가 발생합니다 sudo.
pi@raspberrypi ~ $ sudo
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
그러나 sudoers 파일을 찾을 수 있습니다.
pi@raspberrypi ~ $ cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
pi ALL=(ALL) NOPASSWD: ALL
이는 Raspbian 배포판에 포함된 기본 sudoers 파일입니다.
NFS 서버의 내 /etc/exports:
/DataVolume/shares/rasp *(rw,sync,no_root_squash,no_subtree_check)
권한에 대한 추가 정보:
pi@raspberrypi ~ $ ls -la /etc/sudoers
-r--r----- 1 root root 696 Jun 20 06:47 /etc/sudoers
pi@raspberrypi ~ $ ls -la /usr/bin/sudo
-rwsr-xr-x 2 root root 98712 Mar 3 2013 /usr/bin/sudo
pi@raspberrypi ~ $ ls -la /
total 1092
drwxr-xr-x 22 root root 65536 Jul 18 14:12 .
drwxr-xr-x 22 root root 65536 Jul 18 14:12 ..
drwxr-xr-x 2 root root 65536 Jun 20 08:55 bin
drwxr-xr-x 2 root root 4096 Jan 1 1970 boot
drwxr-xr-x 12 root root 3020 Jun 20 09:32 dev
drwxr-xr-x 99 root root 65536 Jul 18 17:14 etc
drwxr-xr-x 3 root root 65536 Jun 20 05:48 home
drwxr-xr-x 12 root root 65536 Jun 20 08:42 lib
drwx------ 2 root root 65536 Jun 20 05:34 lost+found
drwxr-xr-x 2 root root 65536 Jun 20 05:36 media
drwxr-xr-x 2 root root 65536 Apr 30 22:48 mnt
drwxr-xr-x 5 root root 65536 Jun 20 09:24 opt
dr-xr-xr-x 69 root root 0 Jan 1 1970 proc
drwx------ 2 root root 65536 Jun 20 05:36 root
drwxr-xr-x 10 root root 440 Jun 20 09:32 run
drwxr-xr-x 2 root root 65536 Jun 20 08:55 sbin
drwxr-xr-x 2 root root 65536 Jun 20 2012 selinux
drwxr-xr-x 2 root root 65536 Jun 20 05:36 srv
dr-xr-xr-x 12 root root 0 Jan 1 1970 sys
drwxrwxrwt 4 root root 65536 Jul 18 17:17 tmp
drwxr-xr-x 10 root root 65536 Jun 20 05:36 usr
drwxr-xr-x 11 root root 65536 Jul 18 17:14 var
pi@raspberrypi ~ $ strace /usr/bin/sudo
execve("/usr/bin/sudo", ["/usr/bin/sudo"], [/* 15 vars */]) = 0
brk(0) = 0x1774000
fcntl64(0, F_GETFD) = 0
fcntl64(1, F_GETFD) = 0
fcntl64(2, F_GETFD) = 0
access("/etc/suid-debug", F_OK) = -1 ENOENT (No such file or directory)
uname({sys="Linux", node="raspberrypi", ...}) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f9b000
access("/etc/ld.so.preload", R_OK) = 0
open("/etc/ld.so.preload", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=44, ...}) = 0
mmap2(NULL, 44, PROT_READ|PROT_WRITE, MAP_PRIVATE, 3, 0) = 0xb6f9a000
close(3) = 0
open("/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\270\4\0\0004\0\0\0"..., 512) = 512
lseek(3, 7276, SEEK_SET) = 7276
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1080) = 1080
lseek(3, 7001, SEEK_SET) = 7001
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0755, st_size=10170, ...}) = 0
mmap2(NULL, 39740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f6f000
mprotect(0xb6f71000, 28672, PROT_NONE) = 0
mmap2(0xb6f78000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb6f78000
close(3) = 0
munmap(0xb6f9a000, 44) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42997, ...}) = 0
mmap2(NULL, 42997, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6f64000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0TM\0\0004\0\0\0"..., 512) = 512
lseek(3, 107532, SEEK_SET) = 107532
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1120) = 1120
lseek(3, 107244, SEEK_SET) = 107244
read(3, "A0\0\0\0aeabi\0\1&\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 49) = 49
fstat64(3, {st_mode=S_IFREG|0644, st_size=108652, ...}) = 0
mmap2(NULL, 142424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f41000
mprotect(0xb6f5b000, 28672, PROT_NONE) = 0
mmap2(0xb6f62000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19) = 0xb6f62000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libutil.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\344\t\0\0004\0\0\0"..., 512) = 512
lseek(3, 8688, SEEK_SET) = 8688
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1160) = 1160
lseek(3, 8356, SEEK_SET) = 8356
read(3, "A0\0\0\0aeabi\0\1&\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 49) = 49
fstat64(3, {st_mode=S_IFREG|0644, st_size=9848, ...}) = 0
mmap2(NULL, 41128, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f36000
mprotect(0xb6f38000, 28672, PROT_NONE) = 0
mmap2(0xb6f3f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb6f3f000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0(\t\0\0004\0\0\0"..., 512) = 512
lseek(3, 8652, SEEK_SET) = 8652
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1160) = 1160
lseek(3, 8320, SEEK_SET) = 8320
read(3, "A0\0\0\0aeabi\0\1&\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 49) = 49
fstat64(3, {st_mode=S_IFREG|0644, st_size=9812, ...}) = 0
mmap2(NULL, 41136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f2b000
mprotect(0xb6f2d000, 28672, PROT_NONE) = 0
mmap2(0xb6f34000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb6f34000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\214y\1\0004\0\0\0"..., 512) = 512
lseek(3, 1198880, SEEK_SET) = 1198880
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1360) = 1360
lseek(3, 1198444, SEEK_SET) = 1198444
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0755, st_size=1200240, ...}) = 0
mmap2(NULL, 1242408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6dfb000
mprotect(0xb6f1e000, 28672, PROT_NONE) = 0
mmap2(0xb6f25000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x122) = 0xb6f25000
mmap2(0xb6f28000, 9512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6f28000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f9a000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f99000
set_tls(0xb6f994c0, 0xb6f99be8, 0xb6f9f048, 0xb6f994c0, 0xb6f9f048) = 0
mprotect(0xb6f25000, 8192, PROT_READ) = 0
mprotect(0xb6f34000, 4096, PROT_READ) = 0
mprotect(0xb6f3f000, 4096, PROT_READ) = 0
mprotect(0xb6f62000, 4096, PROT_READ) = 0
mprotect(0x26000, 4096, PROT_READ) = 0
mprotect(0xb6f9e000, 4096, PROT_READ) = 0
munmap(0xb6f64000, 42997) = 0
statfs64("/sys/fs/selinux", 88, 0xbebee7b8) = -1 ENOENT (No such file or directory)
statfs64("/selinux", 88, {f_type="NFS_SUPER_MAGIC", f_bsize=4096, f_blocks=485337168, f_bfree=286562224, f_bavail=286562224, f_files=30355200, f_ffree=29689069, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0
brk(0) = 0x1774000
brk(0x1795000) = 0x1795000
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f98000
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tr"..., 1024) = 287
read(3, "", 1024) = 0
close(3) = 0
munmap(0xb6f98000, 4096) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1534656, ...}) = 0
mmap2(NULL, 1534656, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6c84000
close(3) = 0
geteuid32() = 1000
stat64("/usr/bin/sudo", {st_mode=S_IFREG|S_ISUID|0755, st_size=98712, ...}) = 0
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f98000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2570
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb6f98000, 4096) = 0
open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "sudo", 4sudo) = 4
write(2, ": ", 2: ) = 2
write(2, "effective uid is not 0, is /usr/"..., 133effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?) = 133
write(2, "\n", 1
) = 1
close(0) = 0
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 0
fcntl64(0, F_GETFD) = 0x1 (flags FD_CLOEXEC)
_llseek(0, 0, [0], SEEK_SET) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, {it_interval={0, 0}, it_value={0, 0}}) = 0
rt_sigaction(SIGALRM, {0xb6efaa54, [], 0x4000000 /* SA_??? */}, {SIG_DFL, [], 0}, 8) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={10, 0}}, {it_interval={0, 0}, it_value={0, 0}}) = 0
fcntl64(0, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(0, "\10\0\0\0*\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\1\0\0\0002N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\10\0\0\0\304\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\331\7\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\332\7\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\333\7\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\7\0\0\0\337\7\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\334\7\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\336\7\0\0ttyAMA0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\335\7\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\7\0\0\0\363\7\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "", 384) = 0
fcntl64(0, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, {it_interval={0, 0}, it_value={9, 980558}}) = 0
rt_sigaction(SIGALRM, {SIG_DFL, [], 0x4000000 /* SA_??? */}, NULL, 8) = 0
exit_group(1) = ?
/proc/mounts의 출력:
pi@raspberrypi ~ $ cat /proc/mounts
rootfs / rootfs rw 0 0
10.0.0.12:/DataVolume/shares/rasp / nfs rw,relatime,vers=3,rsize=4096,wsize=4096,namlen=255,hard,nolock,proto=udp,timeo=11,retrans=3,sec=sys,mountaddr=10.0.0.12,mountvers=3,mountproto=udp,local_lock=all,addr=10.0.0.12 0 0
devtmpfs /dev devtmpfs rw,relatime,size=219832k,nr_inodes=54958,mode=755 0 0
tmpfs /run tmpfs rw,nosuid,noexec,relatime,size=44800k,mode=755 0 0
tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /run/shm tmpfs rw,nosuid,nodev,noexec,relatime,size=89580k 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620 0 0
/dev/mmcblk0p1 /boot vfat ro,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro 0 0
권한이 순서대로 있는 것 같습니다. strace가 어떤 용도로 사용되는지 확실하지 않으며 직접 해석하는 방법도 모르겠습니다.
이 문제를 해결할 아이디어가 있나요? 이것은 사전 구축된 Raspbian 이미지이므로 루트 비밀번호가 없으므로 작동하는지 테스트할 수 없습니다 su.
답변1
nosuidNFS 클라이언트는 mount 에는 없지만 기본적으로 nosuid로 설정되어 있는 것 같습니다.
suid 플래그를 명시적으로 설정하여 이 설정을 변경할 수 있습니다. 이 작업을 루트로 라이브로 수행하려면 다음을 수행하십시오.
mount -o remount,suid /
작동하는 경우 시작 옵션에 추가할 수 있습니다.
당신은 또한 볼 수 있습니다이것은 우분투 질문을 묻습니다이것은 당신이 겪고 있는 문제와 거의 같습니다.
답변2
sudo 실행 파일의 권한을 확인하십시오. 파일을 다른 위치에 복사하면 파일의 SUID 비트가 손실될 수 있습니다.
$ which sudo
/usr/bin/sudo
$ ls -la /usr/bin/sudo
---s--x--x 2 root root 208808 Jun 3 2011 /usr/bin/sudo
답변3
Arch Linux ARM을 사용해보기로 결정했으며 완벽하게 작동합니다.