finch icon indicating copy to clipboard operation
finch copied to clipboard

Published 20 hours ago verified publisher icon runfinch

finch vm init fails ("failed to read sudoers file")

Open goura opened this issue 2 years ago • 4 comments

Hi, thank you for sharing the great project! I'm excited to try it, but finch vm init fails in my environment.

% uname -v
Darwin Kernel Version 22.1.0: Sun Oct  9 20:14:54 PDT 2022; root:xnu-8792.41.9~2/RELEASE_X86_64
% sw_vers
ProductName:		macOS
ProductVersion:		13.0.1
BuildVersion:		22A400

Error message:

% finch vm init --debug
DEBU[0000] Creating limactl command: ARGUMENTS: [ls -f {{.Status}} finch], LIMA_HOME: /Applications/Finch/lima/data 
DEBU[0000] Status of virtual machine:                   
ERRO[0000] failed to read sudoers file: %!w(*fs.PathError=&{open /etc/sudoers.d/finch-lima 13}) 
INFO[0000] Requesting root access to finish network dependency configuration 
DEBU[0000] Creating limactl command: ARGUMENTS: [sudoers], LIMA_HOME: /Applications/Finch/lima/data 
Password:
DEBU[0002] config file not found: %!w(*fs.PathError=&{open /Applications/Finch/lima/data/_config/override.yaml 2}) 
ERRO[0002] failed to read sudoers file: %!w(*fs.PathError=&{open /etc/sudoers.d/finch-lima 13}) 
ERRO[0002] Dependency error: failed to install dependencies: [Failed to finish installing rootful dependencies which are needed for external network access within the guest OS. Boot will continue, but container exposed ports will not be accessible from macOS.: [skipping installation of network configuration because pre-requisites are missing]] 
FATA[0002] failed to load the lima config file: open /Applications/Finch/lima/data/_config/override.yaml: no such file or directory

I checked /etc/sudoers.d/finch-lima, and the permission was rw-------

% ls -l /etc/sudoers.d/finch-lima
-rw------- 1 root wheel 983 Nov 27 10:05 /etc/sudoers.d/finch-lima

So I tried changing it to 644, and then I'm able to do finch vm init stop start, but I'm not sure if this is correct. May I ask what's the expected permission for this /etc/sudoers.d/finch-lima?

If rw------- isn't correct, could this be because my login shell's umask (it's 077) is respected when the file is created?

goura avatar Nov 27 '22 01:11 goura

Same message here, and it hangs for me at the 'starting' line

INFO[0000] binaries directory doesn't exist             
INFO[0000] Requesting root access to finish network dependency configuration 
Password:
INFO[0004] sudoers file not found: %!w(*fs.PathError=&{open /etc/sudoers.d/finch-lima 2}) 
INFO[0004] Initializing and starting Finch virtual machine...

ciaranmcnulty avatar Nov 28 '22 20:11 ciaranmcnulty

@ciaranmcnulty Hi Ciaran, besides the INFO lines, did you see the init failed finally? We noticed that sometimes the init will spend longer, but will be successful after some wait time.

KevinLiAWS avatar Nov 28 '22 20:11 KevinLiAWS

I tried again and it did work after some minutes 🤦

ciaranmcnulty avatar Nov 28 '22 20:11 ciaranmcnulty

@goura Hi Kazuhiro, I checked the expected permission and it is 644, so your current permission is correct. We are investigating the root cause which result in your permission set to 600 initially.

KevinLiAWS avatar Nov 28 '22 20:11 KevinLiAWS

Was able to reproduce by setting my shell's umask to 077:

$ finch --version
finch version v0.5.0
$ sudo rm -rf /etc/sudoers.d/finch-lima 
Password:
$ umask 077
$ finch vm init --debug
DEBU[0000] Creating limactl command: ARGUMENTS: [ls -f {{.Status}} finch], LIMA_HOME: /Applications/Finch/lima/data 
DEBU[0000] Status of virtual machine:                   
ERRO[0000] failed to read sudoers file: open /etc/sudoers.d/finch-lima: permission denied 
INFO[0000] Requesting root access to finish network dependency configuration 
DEBU[0000] Creating limactl command: ARGUMENTS: [sudoers], LIMA_HOME: /Applications/Finch/lima/data 
DEBU[0000] Creating limactl command: ARGUMENTS: [disk ls finch --json], LIMA_HOME: /Applications/Finch/lima/data 
DEBU[0000] Creating limactl command: ARGUMENTS: [start --name=finch /Applications/Finch/os/finch.yaml --tty=false], LIMA_HOME: /Applications/Finch/lima/data 
INFO[0000] Initializing and starting Finch virtual machine... 
ERRO[0000] Finch virtual machine failed to start, debug logs:
time="2023-04-14T14:54:23-07:00" level=info msg="Terminal is not available, proceeding without opening an editor"
time="2023-04-14T14:54:23-07:00" level=fatal msg="can't read \"/private/etc/sudoers.d/finch-lima\": open /private/etc/sudoers.d/finch-lima: permission denied (Hint: run `/Applications/Finch/lima/bin/limactl sudoers >etc_sudoers.d_lima && sudo install -o root etc_sudoers.d_lima \"/private/etc/sudoers.d/finch-lima\"`))" 
FATA[0000] exit status 1
$ ls -lah /etc/sudoers.d/finch-lima
-rw-------  1 root  wheel   983B Apr 14 14:52 /etc/sudoers.d/finch-lima

sam-berning avatar Apr 14 '23 22:04 sam-berning

This is resolved as of v0.6.0:

$ finch --version
finch version v0.6.0
$ sudo rm -rf /etc/sudoers.d/finch-lima 
Password:
$ umask 077
$ finch vm init
INFO[0000] Requesting root access to finish network dependency configuration 
INFO[0000] sudoers file not found: open /etc/sudoers.d/finch-lima: no such file or directory 
INFO[0003] Initializing and starting Finch virtual machine... 
INFO[0121] Finch virtual machine started successfully
$ ls -lah /etc/sudoers.d/finch-lima
-rw-r--r--  1 root  wheel   983B Apr 25 12:14 /etc/sudoers.d/finch-lima

sam-berning avatar Apr 25 '23 19:04 sam-berning