On Wed, Jan 05, 2022 at 09:17:46AM -0800, H. S. Teoh wrote: > On Wed, Jan 05, 2022 at 02:25:27PM +0100, Marc Haber wrote: > [...] > > On Tue, Jan 04, 2022 at 06:36:52PM -0800, H. S. Teoh wrote: > > > PermissionError: [Errno 1] Operation not permitted > > > c : fatal: ['/usr/bin/sudo', '-p', '[local sudo] Password: ', > > > '/usr/bin/env', 'PYTHONPATH=/usr/lib/python3/dist-packages', > > > '/usr/bin/python3', '/usr/bin/sshuttle', '-v', '--method', 'nft', > > > '--firewall'] returned 1 > > > > Can you please verify whether this command also fails on the command > > line, and then reduce the command line so that we can find out whatever > > the current sudo doesn't like? > [...] > > The failure appears to be coming from sshuttle itself, with that > specific combination of arguments. It's not sudo that's rejecting the > command per se, but something about the environment it sets up isn't > working well with sshuttle. The failure is coming from the os.setsid() > call inside sshuttle (the lines before the ones you quoted above). > > The previous version of sudo was obviously setting up *something* > differently, such that this call worked.
The changes we made that might cause this are mainly setting use_pty in /etc/sudoers and some changes in pam configuration. Can you try using sudo 1.9.8 with the sudoers file and and /etc/pam.d snapshot from sudo 1.9.5? Remember to have a root shell open in a different window or the "real" root password handy when doing such experiments with sudo. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
