Bug 751

Summary: sudo stops working if there is no free space on /
Product: Sudo Reporter: arekm
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.8.17   
Hardware: PC   
OS: Linux   

Description arekm 2016-07-11 23:05:46 MDT 
On one server I have / with no separate /var. Unfortunately logs filled root fs entirely:
/dev/md2         96G   96G   20K 100% /

so wanted to log in onto regular user and use sudo to remove some files and make free space.

Unfortunately sudo in such case stops working without displaying any message:

[arekm@host ~]$ sudo su -
[arekm@host ~]$

Message is one thing but the fact that sudo stopped working prevented me from cleaning files which is even worse than lack of message.

(at the end logged in directly onto root via remote management console)
Comment 1 Todd C. Miller 2016-07-16 16:28:40 MDT 
Do you have I/O logging enabled?  E.g. log_output or log_input in sudoers?
Sudo fails closed if I/O logging is enabled and it cannot write the logs.  This should be configurable (though it is currently not) and there should definitely be an error message.
Comment 2 arekm 2016-07-17 01:04:34 MDT 
# grep -r log_ /etc/sudoers*
/etc/sudoers:# Defaults log_output
/etc/sudoers:# Defaults!/usr/bin/sudoreplay !log_output
/etc/sudoers:# Defaults!/usr/local/bin/sudoreplay !log_output
/etc/sudoers:# Defaults!REBOOT !log_output
Comment 3 Todd C. Miller 2016-07-17 05:57:08 MDT 
I was able to reproduce this with sudo 1.8.15 but only when logging to a file (not syslog).  It is fixed in sudo 1.8.16 so I suggest you update your sudo to 1.8.17p1 (the latest).  You can find updated sudo packages for several Linux distros at https://www.sudo.ws/download.html#binary
Comment 4 arekm 2016-08-12 14:23:22 MDT 
sudo-1.8.17p1 build with "--with-logging=both"

doing "sudo ls" - no error on stderr. logging to syslog works in theory (in theory because sendto() succeeded but syslog cannot write to disk - no free space)

[arekm@x ~]$ sudo su -
[arekm@x ~]$ 

So should there be message on stderr in such case?

Managed to get strace for this:

[...]
read(6, "", 4096)                       = 0
close(6)                                = 0
setresuid(0, -1, -1)                    = 0
setresgid(-1, 0, -1)                    = 0
brk(0x5628a5b0d000)                     = 0x5628a5b0d000
socket(AF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 6
connect(6, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = -1 EPROTOTYPE (Protocol wrong type for socket)
close(6)                                = 0
socket(AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0) = 6
connect(6, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = 0
sendto(6, "<37>Aug 12 22:13:33 sudo:    arekm : TTY=pts/0 ; PWD=/usersfs/arekm ; USER=root ; COMMAND=/bin/su -\0", 100, MSG_NOSIGNAL, NULL, 0) = 100
close(6)                                = 0
umask(077)                              = 022
open("/var/log/sudo", O_WRONLY|O_CREAT|O_APPEND, 0666) = 6
lseek(6, 0, SEEK_END)                   = 573440
umask(022)                              = 077
fcntl(6, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_CUR, l_start=0, l_len=0}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2705, ...}) = 0
fstat(6, {st_mode=S_IFREG|0640, st_size=573440, ...}) = 0
write(6, "Aug 12 22:13:33 : arekm : TTY=pts/0 ; PWD=/usersfs/arekm ; USER=root ; COMMAND=/bin/su -\n", 89) = -1 ENOSPC (No space left on device)
close(6)                                = 0
setresuid(1000, -1, -1)                 = 0
setresgid(-1, 1000, -1)                 = 0
setresuid(-1, -1, -1)                   = 0
setresgid(-1, -1, -1)                   = 0
setrlimit(RLIMIT_NPROC, {rlim_cur=RLIM64_INFINITY, rlim_max=RLIM64_INFINITY}) = 0
exit_group(1)                           = ?
+++ exited with 1 +++
Comment 5 Todd C. Miller 2016-08-17 15:01:24 MDT 
I'm not sure why I wasn't able to reproduce this early.  I've committed changes to ignore write errors to the log file by default and sudoers options to control the behavior when logging fails due to an error.  Those changes will be part of sudo 1.8.18.
Comment 6 Todd C. Miller 2016-08-23 10:43:54 MDT 
There is a beta version of sudo 1.8.18 available that includes the fix.
https://www.sudo.ws/dist/beta/sudo-1.8.18b1.tar.gz
Comment 7 Todd C. Miller 2016-09-20 15:15:09 MDT 
Fixed in sudo 1.8.18