Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sudo: unable to allocate pty: EDC5129I No such file or directory. (errno2=0x0594004D) #32

Open
gngrossi opened this issue Feb 13, 2025 · 13 comments
Open

sudo: unable to allocate pty: EDC5129I No such file or directory. (errno2=0x0594004D) #32

gngrossi opened this issue Feb 13, 2025 · 13 comments

Comments

@gngrossi
Copy link

@IgorTodorovskiIBM
Installed sudo-1.9.16p2.20250213_022328.zos.pax.Z

[SYSA] bash-5.2$ sudo -V
Sudo version 1.9.16p2
Sudoers policy plugin version 1.9.16p2
Sudoers file grammar version 50
Sudoers I/O plugin version 1.9.16p2
Sudoers audit plugin version 1.9.16p2

sudo -l runs as expected.

[SYSA] bash-5.2$ sudo ps -ef
sudo: unable to allocate pty: EDC5129I No such file or directory. (errno2=0x0594004D)
@IgorTodorovskiIBM
Copy link
Contributor

Hmm, this may be related to the addition of openpty in zoslib: https://github.com/ibmruntimes/zoslib/blob/zopen2/src/zos-pty.c#L17

What is the output of?

ls -l /dev/ptyp*

and

ls -l /dev/ttyp*

@IgorTodorovskiIBM
Copy link
Contributor

I can reproduce it on one of my systems, I'll investigate

@gngrossi
Copy link
Author

[SYSA] bash-5.2$ ls -l /dev/ptyp*
crw-rw-rw- 1 BPXROOT @ISZOST1 0, 0 Feb 13 08:24 /dev/ptyp0000
.
crw-rw-rw- 1 BPXROOT @ISZOST1 0, 0 Feb 13 08:24 /dev/ptyp0256

[SYSA] bash-5.2$ ls -l /dev/ttyp*
crw--w---- 1 @42021 TTY 0, 0 Feb 13 14:10 /dev/ttyp0000
.
crw-rw-rw- 1 BPXROOT @ISZOST1 0, 0 Feb 9 1998 /dev/ttyp0256

@gngrossi
Copy link
Author

Tried to install sudo-1.9.16p2.20250222_034953.zos.pax.Z
Is this something can be prevented when it's packaged?
thanks

installing https://github.com/zopencommunity/sudo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
pax: FSUM7148 cannot create file "sudo-1.9.16p2/bin/cvtsudoers": EDC5111I Permission denied. (errno2=0xEF786015)
pax: FSUM7148 cannot create file "sudo-1.9.16p2/bin/sudoreplay": EDC5111I Permission denied. (errno2=0xEF786015)
pax: FSUM7148 cannot create file "sudo-1.9.16p2/bin/sudo": EDC5111I Permission denied. (errno2=0xEF786015)
pax: FSUM7148 cannot create file "sudo-1.9.16p2/etc/sudoers": EDC5111I Permission denied. (errno2=0xEF786015)
pax: FSUM7148 cannot create file "sudo-1.9.16p2/etc/sudoers.dist": EDC5111I Permission denied. (errno2=0xEF786015)
pax: FSUM7148 cannot create file "sudo-1.9.16p2/etc/sudo.conf": EDC5111I Permission denied. (errno2=0xEF786015)
pax: FSUM7148 cannot create file "sudo-1.9.16p2/share/doc/sudo/examples/sudo.conf": EDC5111I Permission denied. (errno2=0xEF786015)
100 19.3M 100 19.3M 0 0 19.6M 0 --:--:-- --:--:-- --:--:-- 19.6M
pax: FSUM7148 cannot create file "sudo-1.9.16p2/share/man/man5/sudo.conf.5": EDC5111I Permission denied. (errno2=0xEF786015)
pax: FSUM7148 cannot create file "sudo-1.9.16p2/share/man/man5/sudoers.5": EDC5111I Permission denied. (errno2=0xEF786015)

@IgorTodorovskiIBM
Copy link
Contributor

EF786015

Interesting, I'm not seeing that on my end.

[ITODORO@ZOSCAN2B ~]$ bpxmtext EF786015
zFS Tue Apr 30 15:46:12 EDT 2024
Description: SAF CKACC returned error.

Action: The user did not have the correct permission on the object for the
operation requested. Change the permissions on the object or have a user that
is authorized execute the operation.

Is the uid running zopen install the same id that performs the post-setup commands?

For details on sudo, see: https://www.sudo.ws/releases/stable/#1.9.16p2
To finish installing sudo, run the following commands with elevated privileges:
SUDO_HOME=/jenkins/zopen-root/usr/local/zopen/sudo/sudo-1.9.16p2.20250222_034953.zos
chown 0:0 $SUDO_HOME/bin/*
chmod u+s $SUDO_HOME/bin/*
Review the $SUDO_HOME/etc/sudoers file.
Use visudo to create your own /etc/sudoers file.

@gngrossi
Copy link
Author

Tried again...was able to install the pax file. Note, I'm not using zopen install for this package...yet.
thanks

@gngrossi
Copy link
Author

Image

Image

@IgorTodorovskiIBM
Copy link
Contributor

Ok, I narrowed it down to the openpty call introduced in zoslib . I have a workaround for now that I'll push and will continue investigating openpty in the meantime.

@IgorTodorovskiIBM IgorTodorovskiIBM mentioned this issue Feb 24, 2025
Merged
@gngrossi
Copy link
Author

Installed the updated package and the pty issue is resolved.
Should I close or will there be additional testing needed?

thanks

@IgorTodorovskiIBM
Copy link
Contributor

Installed the updated package and the pty issue is resolved. Should I close or will there be additional testing needed?

thanks

Great! Let's leave it open. I'm reimplementing openpty and will add an update once sudo is updated with the new implementation

@IgorTodorovskiIBM
Copy link
Contributor

Ok, the latest release of sudo has the new openpty implementation. Please confirm when you get a chance.

@gngrossi
Copy link
Author

Installed the updated package and is working (no pty issues).

Here are the timings between sudo implementations. I ran each one 4 times, but capturing the timings on the 2, 3, 4 invocations.

/hewitt/zopentools/guild/sudo-1.9.16p2/bin/sudo
[SYSA] bash-5.2$ time sudo ps -ef

real 0m1.022s
user 0m0.443s
sys 0m0.148s

real 0m1.052s
user 0m0.493s
sys 0m0.164s

real 0m1.063s
user 0m0.518s
sys 0m0.173s

[SYSA] bash-5.2$ type sudo
sudo is /usr/lpp/ported/bin/sudo

[SYSA] bash-5.2$ sudo -V
Sudo version 1.7.2p2

[SYSA] bash-5.2$ time sudo ps -ef

real 0m0.192s
user 0m0.105s
sys 0m0.035s

real 0m0.218s
user 0m0.121s
sys 0m0.040s

real 0m0.207s
user 0m0.122s
sys 0m0.041s

@gngrossi
Copy link
Author

fyi, still seeing RACF security error messages.

sudo -V
SYSA 2025057 07:46:46.84 S0865768 00000291 ICH408I USER(@02858 ) GROUP(@ISCICS1) NAME(GROSSI, GARY )
301 00000291 BPX.DAEMON CL(FACILITY)
301 00000291 INSUFFICIENT ACCESS AUTHORITY
301 00000291 ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )

sudo -l
SYSA 2025057 07:47:27.94 S0849244 00000291 ICH408I USER(@02858 ) GROUP(@ISCICS1) NAME(GROSSI, GARY )
427 00000291 BPX.DAEMON CL(FACILITY)
427 00000291 INSUFFICIENT ACCESS AUTHORITY
427 00000291 ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )

sudo ps -ef
SYSA 2025057 07:53:25.96 S0888110 00000291 ICH408I USER(@02858 ) GROUP(@ISCICS1) NAME(GROSSI, GARY )
866 00000291 BPX.DAEMON CL(FACILITY)
866 00000291 INSUFFICIENT ACCESS AUTHORITY
866 00000291 ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )

SYSA 2025057 07:53:26.73 S0874239 00000291 ICH408I USER(@02858 ) GROUP(@ISCICS1) NAME(GROSSI, GARY )
875 00000291 BPX.DAEMON CL(FACILITY)
875 00000291 INSUFFICIENT ACCESS AUTHORITY
875 00000291 ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )

SYSA 2025057 07:53:26.73 S0874239 00000291 ICH408I USER(@02858 ) GROUP(@ISCICS1) NAME(GROSSI, GARY )
876 00000291 BPX.DAEMON CL(FACILITY)
876 00000291 INSUFFICIENT ACCESS AUTHORITY
876 00000291 ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@IgorTodorovskiIBM @gngrossi