NFS共有からRaspberry Piを起動する

NFS共有からRaspberry Piを起動する

NFS共有を使用してRaspberry Piを起動しようとしています。 Raspbian WheezyイメージのブートパーティションをSDカードにコピーし、ルートパーティションをネットワークハードドライブにコピーしました。 NFS共有から起動するようにcmdline.txtを編集しました。これはうまくいきます。

システムが正常に起動し、問題なくコマンドを実行し、ファイルを読み書きできます。しかし、使用しようとすると問題が発生しますsudo

pi@raspberrypi ~ $ sudo
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

しかし、sudoersファイルを見つけることができます。

pi@raspberrypi ~ $ cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
pi ALL=(ALL) NOPASSWD: ALL

これはRaspbianディストリビューションに含まれるデフォルトのsudoersファイルです。

NFSサーバーの私の/ etc / exports:

/DataVolume/shares/rasp *(rw,sync,no_root_squash,no_subtree_check)

権限に関する追加情報:

pi@raspberrypi ~ $ ls -la /etc/sudoers
-r--r----- 1 root root 696 Jun 20 06:47 /etc/sudoers

pi@raspberrypi ~ $ ls -la /usr/bin/sudo
-rwsr-xr-x 2 root root 98712 Mar  3  2013 /usr/bin/sudo

pi@raspberrypi ~ $ ls -la /
total 1092
drwxr-xr-x 22 root root 65536 Jul 18 14:12 .
drwxr-xr-x 22 root root 65536 Jul 18 14:12 ..
drwxr-xr-x  2 root root 65536 Jun 20 08:55 bin
drwxr-xr-x  2 root root  4096 Jan  1  1970 boot
drwxr-xr-x 12 root root  3020 Jun 20 09:32 dev
drwxr-xr-x 99 root root 65536 Jul 18 17:14 etc
drwxr-xr-x  3 root root 65536 Jun 20 05:48 home
drwxr-xr-x 12 root root 65536 Jun 20 08:42 lib
drwx------  2 root root 65536 Jun 20 05:34 lost+found
drwxr-xr-x  2 root root 65536 Jun 20 05:36 media
drwxr-xr-x  2 root root 65536 Apr 30 22:48 mnt
drwxr-xr-x  5 root root 65536 Jun 20 09:24 opt
dr-xr-xr-x 69 root root     0 Jan  1  1970 proc
drwx------  2 root root 65536 Jun 20 05:36 root
drwxr-xr-x 10 root root   440 Jun 20 09:32 run
drwxr-xr-x  2 root root 65536 Jun 20 08:55 sbin
drwxr-xr-x  2 root root 65536 Jun 20  2012 selinux
drwxr-xr-x  2 root root 65536 Jun 20 05:36 srv
dr-xr-xr-x 12 root root     0 Jan  1  1970 sys
drwxrwxrwt  4 root root 65536 Jul 18 17:17 tmp
drwxr-xr-x 10 root root 65536 Jun 20 05:36 usr
drwxr-xr-x 11 root root 65536 Jul 18 17:14 var

pi@raspberrypi ~ $ strace /usr/bin/sudo
execve("/usr/bin/sudo", ["/usr/bin/sudo"], [/* 15 vars */]) = 0
brk(0)                                  = 0x1774000
fcntl64(0, F_GETFD)                     = 0
fcntl64(1, F_GETFD)                     = 0
fcntl64(2, F_GETFD)                     = 0
access("/etc/suid-debug", F_OK)         = -1 ENOENT (No such file or directory)
uname({sys="Linux", node="raspberrypi", ...}) = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f9b000
access("/etc/ld.so.preload", R_OK)      = 0
open("/etc/ld.so.preload", O_RDONLY)    = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=44, ...}) = 0
mmap2(NULL, 44, PROT_READ|PROT_WRITE, MAP_PRIVATE, 3, 0) = 0xb6f9a000
close(3)                                = 0
open("/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\270\4\0\0004\0\0\0"..., 512) = 512
lseek(3, 7276, SEEK_SET)                = 7276
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1080) = 1080
lseek(3, 7001, SEEK_SET)                = 7001
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0755, st_size=10170, ...}) = 0
mmap2(NULL, 39740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f6f000
mprotect(0xb6f71000, 28672, PROT_NONE)  = 0
mmap2(0xb6f78000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb6f78000
close(3)                                = 0
munmap(0xb6f9a000, 44)                  = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42997, ...}) = 0
mmap2(NULL, 42997, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6f64000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0TM\0\0004\0\0\0"..., 512) = 512
lseek(3, 107532, SEEK_SET)              = 107532
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1120) = 1120
lseek(3, 107244, SEEK_SET)              = 107244
read(3, "A0\0\0\0aeabi\0\1&\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 49) = 49
fstat64(3, {st_mode=S_IFREG|0644, st_size=108652, ...}) = 0
mmap2(NULL, 142424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f41000
mprotect(0xb6f5b000, 28672, PROT_NONE)  = 0
mmap2(0xb6f62000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19) = 0xb6f62000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libutil.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\344\t\0\0004\0\0\0"..., 512) = 512
lseek(3, 8688, SEEK_SET)                = 8688
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1160) = 1160
lseek(3, 8356, SEEK_SET)                = 8356
read(3, "A0\0\0\0aeabi\0\1&\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 49) = 49
fstat64(3, {st_mode=S_IFREG|0644, st_size=9848, ...}) = 0
mmap2(NULL, 41128, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f36000
mprotect(0xb6f38000, 28672, PROT_NONE)  = 0
mmap2(0xb6f3f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb6f3f000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0(\t\0\0004\0\0\0"..., 512) = 512
lseek(3, 8652, SEEK_SET)                = 8652
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1160) = 1160
lseek(3, 8320, SEEK_SET)                = 8320
read(3, "A0\0\0\0aeabi\0\1&\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 49) = 49
fstat64(3, {st_mode=S_IFREG|0644, st_size=9812, ...}) = 0
mmap2(NULL, 41136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f2b000
mprotect(0xb6f2d000, 28672, PROT_NONE)  = 0
mmap2(0xb6f34000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb6f34000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\214y\1\0004\0\0\0"..., 512) = 512
lseek(3, 1198880, SEEK_SET)             = 1198880
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1360) = 1360
lseek(3, 1198444, SEEK_SET)             = 1198444
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0755, st_size=1200240, ...}) = 0
mmap2(NULL, 1242408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6dfb000
mprotect(0xb6f1e000, 28672, PROT_NONE)  = 0
mmap2(0xb6f25000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x122) = 0xb6f25000
mmap2(0xb6f28000, 9512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6f28000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f9a000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f99000
set_tls(0xb6f994c0, 0xb6f99be8, 0xb6f9f048, 0xb6f994c0, 0xb6f9f048) = 0
mprotect(0xb6f25000, 8192, PROT_READ)   = 0
mprotect(0xb6f34000, 4096, PROT_READ)   = 0
mprotect(0xb6f3f000, 4096, PROT_READ)   = 0
mprotect(0xb6f62000, 4096, PROT_READ)   = 0
mprotect(0x26000, 4096, PROT_READ)      = 0
mprotect(0xb6f9e000, 4096, PROT_READ)   = 0
munmap(0xb6f64000, 42997)               = 0
statfs64("/sys/fs/selinux", 88, 0xbebee7b8) = -1 ENOENT (No such file or directory)
statfs64("/selinux", 88, {f_type="NFS_SUPER_MAGIC", f_bsize=4096, f_blocks=485337168, f_bfree=286562224, f_bavail=286562224, f_files=30355200, f_ffree=29689069, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0
brk(0)                                  = 0x1774000
brk(0x1795000)                          = 0x1795000
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f98000
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tr"..., 1024) = 287
read(3, "", 1024)                       = 0
close(3)                                = 0
munmap(0xb6f98000, 4096)                = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1534656, ...}) = 0
mmap2(NULL, 1534656, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6c84000
close(3)                                = 0
geteuid32()                             = 1000
stat64("/usr/bin/sudo", {st_mode=S_IFREG|S_ISUID|0755, st_size=98712, ...}) = 0
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f98000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2570
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb6f98000, 4096)                = 0
open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "sudo", 4sudo)                     = 4
write(2, ": ", 2: )                       = 2
write(2, "effective uid is not 0, is /usr/"..., 133effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?) = 133
write(2, "\n", 1
)                       = 1
close(0)                                = 0
access("/var/run/utmpx", F_OK)          = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 0
fcntl64(0, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
_llseek(0, 0, [0], SEEK_SET)            = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, {it_interval={0, 0}, it_value={0, 0}}) = 0
rt_sigaction(SIGALRM, {0xb6efaa54, [], 0x4000000 /* SA_??? */}, {SIG_DFL, [], 0}, 8) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={10, 0}}, {it_interval={0, 0}, it_value={0, 0}}) = 0
fcntl64(0, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(0, "\10\0\0\0*\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\1\0\0\0002N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\10\0\0\0\304\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\331\7\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\332\7\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\333\7\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\7\0\0\0\337\7\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\334\7\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\336\7\0\0ttyAMA0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\6\0\0\0\335\7\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "\7\0\0\0\363\7\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(0, "", 384)                        = 0
fcntl64(0, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
setitimer(ITIMER_REAL, {it_interval={0, 0}, it_value={0, 0}}, {it_interval={0, 0}, it_value={9, 980558}}) = 0
rt_sigaction(SIGALRM, {SIG_DFL, [], 0x4000000 /* SA_??? */}, NULL, 8) = 0
exit_group(1)                           = ?

/proc/mountsの出力:

pi@raspberrypi ~ $ cat /proc/mounts
rootfs / rootfs rw 0 0
10.0.0.12:/DataVolume/shares/rasp / nfs rw,relatime,vers=3,rsize=4096,wsize=4096,namlen=255,hard,nolock,proto=udp,timeo=11,retrans=3,sec=sys,mountaddr=10.0.0.12,mountvers=3,mountproto=udp,local_lock=all,addr=10.0.0.12 0 0
devtmpfs /dev devtmpfs rw,relatime,size=219832k,nr_inodes=54958,mode=755 0 0
tmpfs /run tmpfs rw,nosuid,noexec,relatime,size=44800k,mode=755 0 0
tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /run/shm tmpfs rw,nosuid,nodev,noexec,relatime,size=89580k 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620 0 0
/dev/mmcblk0p1 /boot vfat ro,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro 0 0

権限が順番にあるようです。 straceがどのような用途に使用されるのかわからず、直接解釈する方法もわかりません。

この問題を解決するアイデアはありますか?これは事前に構築されたRaspbianイメージなので、ルートパスワードがないため、動作しているかどうかをテストできませんsu

答え1

nosuidNFSクライアントはマウントにはありませんが、デフォルトではnosuidに設定されているようです。

suidフラグを明示的に設定してこの設定を変更できます。これをrootとしてライブで実行するには、次のようにします。

mount -o remount,suid /

機能している場合は、[スタート]オプションに追加できます。

また、見ることができますこれはUbuntuの質問をするこれはあなたが経験している問題とほぼ同じです。

答え2

sudo 実行可能ファイルの権限を確認してください。ファイルを別の場所にコピーすると、ファイルのSUIDビットが失われる可能性があります。

$ which sudo
/usr/bin/sudo
$ ls -la /usr/bin/sudo
---s--x--x 2 root root 208808 Jun  3  2011 /usr/bin/sudo

答え3

Arch Linux ARMを試してみることにしました。

関連情報