sudo: effective uid is not 0, is sudo installed setuid root?

stianfp · July 12, 2017, 8:59am

Hi,

We get this when we try to run any job on our ansible clients via tower.

Ansible tower server version 3.1.4, ansible version 2.4.0 (got the same error with older versions as well)

Ansible server, and all other servers are also IDM (freeipa) implemented, might be relevant. The user has all the rights, and can sudo to root on all servers, and locally everything works for the ansible user on all servers with sudo.

See attached photo of the rights on the sudo bin file, it is like this on all servers.

[root@XXX XXX]# getfacl /usr/bin/sudo
getfacl: Removing leading ‘/’ from absolute path names

file: usr/bin/sudo

owner: root

group: root

flags: s–

user::–x
group::–x
other::–x

We tested running this manually with ansible-playbook on cmd line, and with the --become option, it worked. But via tower, the "Enable Privilege Escalation " does not work. Job we ran via tower:

eansible-playbook 2.4.0e
2
e config file = /etc/ansible/ansible.cfge
3
e configured module search path = [u’/var/lib/awx/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]e
4
e ansible python module location = /usr/lib/python2.7/site-packages/ansiblee
5
e executable location = /usr/bin/ansible-playbooke
6
e python version = 2.7.5 (default, Aug 2 2016, 04:20:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]e
7
eUsing /etc/ansible/ansible.cfg as config filee
8
SSH password:
9
Vault password:
10
eParsed /var/lib/awx/venv/tower/lib/python2.7/site-packages/awx/plugins/inventory/awxrest.py inventory source with script plugine
11
e1 plays in baseline-inf.marops.tech.ymle
12
13
PLAY [all] *********************************************************************10:32:37
14
15
TASK [Gathering Facts] *********************************************************10:32:37
16
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/basic.pye
17
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/init.pye
18
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/collector.pye
19
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/namespace.pye
20
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/default_collectors.pye
21
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/_text.pye
22
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/pycompat24.pye
23
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/six/init.pye
24
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/six/_six.pye
25
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/timeout.pye
26
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/freebsd.pye
27
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/virtual/openbsd.pye
28
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/base.pye
29
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/dragonfly.pye
30
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/dragonfly.pye
31
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/aix.pye
32
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/aix.pye
33
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/linux.pye
34
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/platform.pye
35
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/hpux.pye
36
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/user.pye
37
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/hurd.pye
38
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/other/facter.pye
39
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/virtual/sunos.pye
40
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/hpux.pye
41
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/distribution.pye
42
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/virtual/freebsd.pye
43
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/init.pye
44
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/openbsd.pye
45
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/darwin.pye
46
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/linux.pye
47
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/sunos.pye
48
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/sunos.pye
49
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/apparmor.pye
50
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/openbsd.pye
51
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/local.pye
52
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/other/ohai.pye
53
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/other/init.pye
54
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/service_mgr.pye
55
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/hurd.pye
56
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/virtual/hpux.pye
57
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/fips.pye
58
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/selinux.pye
59
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/virtual/init.pye
60
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/pkg_mgr.pye
61
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/dns.pye
62
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/virtual/base.pye
63
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/darwin.pye
64
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/virtual/dragonfly.pye
65
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/ssh_pub_keys.pye
66
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/init.pye
67
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/init.pye
68
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/lsb.pye
69
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/date_time.pye
70
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/virtual/netbsd.pye
71
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/base.pye
72
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/cmdline.pye
73
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/freebsd.pye
74
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/netbsd.pye
75
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/hardware/netbsd.pye
76
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/caps.pye
77
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/env.pye
78
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/virtual/linux.pye
79
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/system/python.pye
80
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/network/generic_bsd.pye
81
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/virtual/sysctl.pye
82
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/utils.pye
83
eUsing module_utils file /usr/lib/python2.7/site-packages/ansible/module_utils/facts/sysctl.pye
84
eUsing module file /usr/lib/python2.7/site-packages/ansible/modules/system/setup.pye
85
e ESTABLISH LOCAL CONNECTION FOR USER: awxe
86
e EXEC /bin/sh -c 'echo ~ && sleep 0’e
87
e EXEC /bin/sh -c '( umask 77 && mkdir -p “echo /var/lib/awx/.ansible/tmp/ansible-tmp-1499675558.31-212544145104699” && echo ansible-tmp-1499675558.31-212544145104699=“echo /var/lib/awx/.ansible/tmp/ansible-tmp-1499675558.31-212544145104699” ) && sleep 0’e
88
e PUT /tmp/tmpRMAhkW TO /var/lib/awx/.ansible/tmp/ansible-tmp-1499675558.31-212544145104699/setup.pye
89
e EXEC /bin/sh -c ‘chmod u+x /var/lib/awx/.ansible/tmp/ansible-tmp-1499675558.31-212544145104699/ /var/lib/awx/.ansible/tmp/ansible-tmp-1499675558.31-212544145104699/setup.py && sleep 0’e
90
e EXEC /bin/sh -c ‘sudo -H -S -n -u root /bin/sh -c ‘"’“‘echo BECOME-SUCCESS-qyavnlkmazufqqotggxvlqdqtaufnace; /usr/bin/python /var/lib/awx/.ansible/tmp/ansible-tmp-1499675558.31-212544145104699/setup.py; rm -rf “/var/lib/awx/.ansible/tmp/ansible-tmp-1499675558.31-212544145104699/” > /dev/null 2>&1’”’"’ && sleep 0’e
91
efatal: [XXXXXXX]: FAILED! => {“changed”: false, “failed”: true, “module_stderr”: “sudo: effective uid is not 0, is sudo installed setuid root?\n”, “module_stdout”: “”, “msg”: “MODULE FAILURE”, “rc”: 1}e
92
93
PLAY RECAP *********************************************************************10:32:38
94
eXXXXXXXXe : ok=0 changed=0 unreachable=0 efailed=1 e
95

Topic		Replies	Views
"sudo: effective uid is not 0" for callback script from tower on AWS? Ansible Project aws	1	0	November 27, 2015
Sudo privilege escalation is not working Ansible Project	3	5	May 24, 2019
Issues with become AWX Project	5	2	September 18, 2017
sudo not working when using ansible_ssh_user and ansible_become_user Ansible Project	3	5	September 24, 2015
Ansible Tower - user awx permission Ansible Project awx , ansible-project	0	0	June 10, 2020

sudo: effective uid is not 0, is sudo installed setuid root?

file: usr/bin/sudo

owner: root

group: root

flags: s–

Related topics