Re: [gce-discussion] Re: /etc/sudoers is owned by uid 1001, should be 0

[Shanmugam Kulandaivel]

Hi Patrick - Not sure if this is still helpful, but the course of action you identified is the likely path. If you are concerned about restarting the instance, you can create a snapshot of the root disk using Cloud Console (from the Disks list), and use that snapshot to create a second instance that you can tinker with to fix the issue. 

thanks

  

On Wed, Aug 23, 2017 at 12:19 PM, Patrick Needham <patrick....@gmail.com> wrote:

fyi uid 1001

$ id

...groups=...,1001(google-sudoers)

On Wednesday, August 23, 2017 at 2:15:59 PM UTC-4, Patrick Needham wrote:

Please bear with me as I inherited dev ops duty when the engineer who moved us from Heroku to Google Cloud left suddenly without training me. 

I am having the same exact issue as here: https://askubuntu.com/questions/929207/cant-change-owner-in-google-cloud-instance

$ sudo

sudo: /etc/sudoers is owned by uid 1001, should be 0

sudo: no valid sudoers sources found, quitting

sudo: unable to initialize policy plugin

When I check the permissions I see: 

$ ls -l /etc/sudoers

-r--r----- 1 instancename root 755 Jan 20  2017 /etc/sudoers

I believe the issue was caused when trying to set up ssh permissions for gitlab continuous integration from some bad notes I wrote over a month ago.

Prior to this issue I was able to run 

sudo su - instancename

to gain root access, but not anymore :(

I've tried adding a new user with full permissions with no luck.

I've seen this approach of including a startup script which says to restart the VM: https://superuser.com/questions/1154649/sudo-doesnt-work-etc-sudoers-is-owned-by-uid-1005-should-be-0-ubuntu

I am very nervous about restarting an instance or creating a new one if that's the solution. It is my strong preference that the existing users in our app are not kicked out and have to re-sign in if possible. We have the app served through Nginx/Phusion Passenger running Redis locally with a PostgreSQL on Google Cloud SQL. I've heard of suggestions to mounting a disk to a new instance, but that's starting to get over my head.

I am the owner of the project and can provide more details if needed.

--
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/6d8fe266-9cde-4b1f-af71-c3fff14f622e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Max Illfelder]

Hi Patrick,

When you rebooted your VM, did you include a startup script to fix the permissions issue on the etc directory?

Max

On Mon, Aug 28, 2017 at 9:37 AM, Patrick Needham <patrick....@gmail.com> wrote:

Thanks Shanmugam. I've learned a lot over the past week on how our cloud service is run and how this stuff works in general :)

I believe I gave that a shot -- by saving the snapshot and booting a new instance with it installed. Unfortunately, it seemed to just bring over my problem from one instance to the other :(

My solution has been to create a new instance and review and match the nginx/passenger settings to deploy our app. 

Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.

---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.