Ubuntu
sudo package

sudo lldpctl fails with "mere mortals may not do that, 'root' privileges are required"

Asked by Ted Llewellyn

This is a brand-new install of Ubuntu, I am in the adm group, lldpd was installed from the GUI. But I cannot modify the daemon with lldpctl. Is it not built for use with sudo?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu sudo Edit question
Assignee:
No assignee Edit question
Solved by:
Ted Llewellyn
Solved:
Last query:
Last reply:
Revision history for this message
marcobra (Marco Braida) (marcobra) said : 		#1

To get plain access to root type:

sudo -i

Revision history for this message
Ted Llewellyn (ted-llewellyn) said : 		#2

Yes, I saw that, but it all but says THIS IS A REALLY REALLY BAD IDEA! :-) Actually, I normally use Debian, and I would have done what I wanted to do as root immediately. This is the first time I've used Ubuntu, and I just thought I'd check and see if I should be following Ubuntu's rules.

Thanks for the reply.

Revision history for this message
Ted Llewellyn (ted-llewellyn) said : 		#3

  Interestingly enough, root cannot issue commands to lldpctl either. At least not on the installation I have. I repeat that this is a fresh install and the package came from the package manager. When I tried to run lldpctl I got:

ted@rover:~$ sudo -i
[sudo] password for ted:
root@rover:~# lldpctl -P 1:0:1:2:5:46
fatal: mere mortals may not do that, 'root' privileges are required.
root@rover:~# ^C
root@rover:~#

  Maybe I should file a bug report. Since I haven't used Ubuntu before I'll have to figure out how to do that.

Revision history for this message
Ted Llewellyn (ted-llewellyn) said : 		#4

  This is not an Ubuntu issue. I just tried it on my Debian Lenny desktop, same package, same commands, same error. I will look at the package system's bug database.

Revision history for this message
Ted Llewellyn (ted-llewellyn) said : 		#5

  There was no bug listed on the Debian package, and there weren't many bugs to begin with, so I emailed the maintainer and he kindly replied:

>Hi Ted!

>An easy fix is to drop setuid bit on /usr/sbin/lldpctl:
 >chmod 0755 /usr/sbin/lldpctl

>The setuid bit was here to allow people in adm group to use lldpctl to
>watch for neighbors without being root. However, lldpctl is doing an
>additional check if you are trying to modify something. This check seems
>bogus, I will correct it.

  This worked fine for me:

ted@rover:~$ sudo chmod 0755 /usr/sbin/lldpctl
[sudo] password for ted:
ted@rover:~$ sudo -i
root@rover:~# lldpctl -P 1:0:1:2:5:46
set_policy: Network Policy successfully set for eth0
set_policy: Network Policy successfully set for wlan0
root@rover:~# exit
logout

  And the proof is in the packet (from Wireshark):

    TIA - Network Policy
        1111 111. .... .... = TLV Type: Organization Specific (127)
        .... ...0 0000 1000 = TLV Length: 8
        Organization Unique Code: TIA (0x0012bb)
        Media Subtype: Network Policy (0x02)
        Application Type: Voice (1)
        0... .... .... .... = Policy: Defined
        .1.. .... .... .... = Tagged: Yes
        ...0 0000 0000 010. = VLAN Id: 2
        .... ...1 01.. .... = L2 Priority: 5
        ..10 1110 = DSCP Value: 46