Page 1 of 1

[SOLVED] sudo and su both do not work

Posted: 2016/04/22 22:37:34
by warron.french
Hello, I have discovered a problem, and also solved it.

The problem presented 2 specific symptoms:
  • 1. The sudo bash -o vi command (to gain access to root) did not work; failing with "Effective ID is not 0"
, and
  • 2. when attempting to su - root the result was a prompt for root's password, and a response that the 'password was incorrect.'
This problem occurred because a security guideline required that I apply, to each of the filesystems listed within the /etc/fstab file, the mount option of nosuid.

Solution: REMOVE the nosuid argument from the mount options, and both commands will return to normal operation.

This was absolutely the resolution for me after doing research for 2 weeks and trying many other things. Heck! When I realized this option it wasn't even suggested on any other websites, more like danced around, so please, do suffer - take my advice on this.

If push comes to shove, you can do the following in a pinch:
  • 1. Assume the role of root in whatever way is most graceful.
    2. Remove the nosuid from the mount-options listed for your affected filesystem.
    3. run the mount command: mount -o remount,rw your_FS
    4. Perform your specific operations, then
    5. Go back into your /etc/fstab file and re-add the nosuid option back to the appropriate line, and finally,
    6. Perform again the remount command as listed above (exactly as it worked).

Re: [SOLVED] sudo and su both do not work

Posted: 2016/04/24 21:20:39
by jyoung
What guidelines or recommendations require or suggest that you should mount your root volume or /usr as nosuid? Mounting remote filesystems that way makes sense, but not local ones. In fact, if you've partitioned/LVM'ed your system in such a way that supports it, I'd mount everything other than /usr as nosuid.

I think the root of your problem is that you mounted your entire system nosuid.

Re: [SOLVED] sudo and su both do not work

Posted: 2016/04/25 19:58:43
by warron.french
Hi jyoung,
It was some guidelines from the US Government that I had to follow. I remove the nosuid option from the root-filesystem (/) line and then enabled the change realtime.

It is possible that I may have misunderstood their instructions, but I won't know until I can run through the SCAP Tool to determine if it really is an issue.