sudo: no tty present and no askpass program specified

[jabbalaci]

Hi,

I followed the installation instructions but I keep getting this error:

SafeExecException: Couldn't execute jailed code: sudo: no tty present and no askpass program specified

Do you have any idea?

Thanks,

Laszlo

[nedbat]

Laszlo,

Make sure you have edited your sudoers file as instructed in the
README.rst, especially the "NOPASSWD" part. If that doesn't help, tell us
exactly how you are running CodeJail that produces that error.

--Ned.

On Tue, Oct 1, 2013 at 10:58 AM, Jabba Laci notifications@github.comwrote:

Hi,

I followed the installation instructions but I keep getting this error:

SafeExecException: Couldn't execute jailed code: sudo: no tty present and no askpass program specified

Do you have any idea?

Thanks,

Laszlo

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/17
.

[jabbalaci]

Hi Ned,

I tried it in dev. mode. My username is "jabba" and I have this directory structure:

jabba@jabba-VM-server ~/python/secure $ pwd
/home/jabba/python/secure
jabba@jabba-VM-server ~/python/secure $ ls -al
drwxrwxr-x 5 jabba jabba 4096 okt    1 18:00 .
drwx------ 4 jabba jabba 4096 okt    1 16:10 ..
drwxr-xr-x 3 jabba jabba 4096 okt    1 16:51 codejail
drwxrwxr-x 7 jabba jabba 4096 okt    1 16:26 venv
drwxr-xr-x 6 root  root  4096 okt    1 18:00 venv-sandbox

(It's not clear to me why the sandbox env. must be created with "sudo".)

The sandbox user is created as explained in Step 3.
The /etc/sudoers.d/01-sandbox file is created:

jabba ALL=(sandbox) SETENV:NOPASSWD:/home/jabba/python/secure/venv-sandbox/bin/python
jabba ALL=(ALL) NOPASSWD:/usr/bin/pkill

If I understand well, the 1st line means this: the user "jabba" can run the command .../python as user "sandbox".

The AppArmor profile is created as seen in Step 5.

Now in /home/jabba/python/secure I activate venv and launch the command nosetests. The result: FAILED (SKIP=1, errors=7, failures=23). The problem is this: sudo: unable to execute /home/jabba/python/secure/venv-sandbox/bin/python: Permission denied

I also tried to launch just .../venv-sandbox/bin/python as the user "sandbox":

[venv] jabba@jabba-VM-server ~/python/secure $ ls -al
total 20
drwxrwxr-x 5 jabba jabba 4096 okt    1 18:00 .
drwx------ 4 jabba jabba 4096 okt    1 16:10 ..
drwxr-xr-x 3 jabba jabba 4096 okt    1 16:51 codejail
drwxrwxr-x 7 jabba jabba 4096 okt    1 16:26 venv
drwxr-xr-x 6 root  root  4096 okt    1 18:00 venv-sandbox
[venv] jabba@jabba-VM-server ~/python/secure $ sudo -u sandbox /home/jabba/python/secure/venv-sandbox/bin/python
sudo: unable to execute /home/jabba/python/secure/venv-sandbox/bin/python: Permission denied

It seems there is a problem with the sudoers.d file but I can't figure out what exactly.

Thanks,

Laszlo

[nedbat]

Hmm, I'm not sure what's causing your problem. I notice that your
venv-sandbox is owned by root. Mine is owned by "ned", though not sure why
that would matter.

Can you show your apparmor config file?

Next step after that would be to try loosening permissions, just as a
diagnostic to find out what is being prevented.

--Ned.

On Thu, Oct 3, 2013 at 1:08 PM, Jabba Laci notifications@github.com wrote:

Hi Ned,

I tried it in dev. mode. My username is "jabba" and I have this directory
structure:

jabba@jabba-VM-server ~/python/secure $ pwd
/home/jabba/python/secure
jabba@jabba-VM-server ~/python/secure $ ls -al
drwxrwxr-x 5 jabba jabba 4096 okt 1 18:00 .
drwx------ 4 jabba jabba 4096 okt 1 16:10 ..
drwxr-xr-x 3 jabba jabba 4096 okt 1 16:51 codejail
drwxrwxr-x 7 jabba jabba 4096 okt 1 16:26 venv
drwxr-xr-x 6 root root 4096 okt 1 18:00 venv-sandbox

(It's not clear to me why the sandbox env. must be created with "sudo".)

The sandbox user is created as explained in Step 3.
The /etc/sudoers.d/01-sandbox file is created:

jabba ALL=(sandbox) SETENV:NOPASSWD:/home/jabba/python/secure/venv-sandbox/bin/python
jabba ALL=(ALL) NOPASSWD:/usr/bin/pkill

If I understand well, the 1st line means this: the user "jabba" can run
the command .../python as user "sandbox".

The AppArmor profile is created as seen in Step 5.

Now in /home/jabba/python/secure I activate venv and launch the command
nosetests. The result: FAILED (SKIP=1, errors=7, failures=23). The
problem is this: sudo: unable to execute
/home/jabba/python/secure/venv-sandbox/bin/python: Permission denied

I also tried to launch just .../venv-sandbox/bin/python as the user
"sandbox":

[venv] jabba@jabba-VM-server ~/python/secure $ ls -al
total 20
drwxrwxr-x 5 jabba jabba 4096 okt 1 18:00 .
drwx------ 4 jabba jabba 4096 okt 1 16:10 ..
drwxr-xr-x 3 jabba jabba 4096 okt 1 16:51 codejail
drwxrwxr-x 7 jabba jabba 4096 okt 1 16:26 venv
drwxr-xr-x 6 root root 4096 okt 1 18:00 venv-sandbox
[venv] jabba@jabba-VM-server ~/python/secure $ sudo -u sandbox /home/jabba/python/secure/venv-sandbox/bin/python
sudo: unable to execute /home/jabba/python/secure/venv-sandbox/bin/python: Permission denied

It seems there is a problem with the sudoers.d file but I can't figure out
what exactly.

Thanks,

Laszlo

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/17#issuecomment-25639024
.

[natea]

I'm getting this same error, but strangely when clicking on the "Check" button on this page:
http://localhost:8000/courses/edX/Open_DemoX/edx_demo_course/courseware/interactive_demonstrations/basic_questions/

It's not clear to me why the codejail would be invoked when I'm checking whether I've dragged-and-dropped the words into the appropriate buckets.

Staff debug info: Traceback (most recent call last): File "/edx/app/edxapp/edx-platform/common/lib/xmodule/xmodule/capa_base.py", line 984, in check_problem correct_map = self.lcp.grade_answers(answers) File "/edx/app/edxapp/edx-platform/common/lib/capa/capa/capa_problem.py", line 330, in grade_answers return self._grade_answers(answers) File "/edx/app/edxapp/edx-platform/common/lib/capa/capa/capa_problem.py", line 392, in _grade_answers results = responder.evaluate_answers(self.student_answers, oldcmap) File "/edx/app/edxapp/edx-platform/common/lib/capa/capa/responsetypes.py", line 247, in evaluate_answers new_cmap = self.get_score(student_answers) File "/edx/app/edxapp/edx-platform/common/lib/capa/capa/responsetypes.py", line 1589, in get_score self.execute_check_function(idset, submission) File "/edx/app/edxapp/edx-platform/common/lib/capa/capa/responsetypes.py", line 1617, in execute_check_function self._handle_exec_exception(err) File "/edx/app/edxapp/edx-platform/common/lib/capa/capa/responsetypes.py", line 1751, in _handle_exec_exception raise ResponseError(err.message, traceback_obj) ResponseError: ("Couldn't execute jailed code: sudo: no tty present and no askpass program specified\nSorry, try again.\nsudo: no tty present and no askpass program specified\nSorry, try again.\nsudo: no tty present and no askpass program specified\nSorry, try again.\nsudo: 3 incorrect password attempts\n", <traceback object at 0x7f19ac1a59e0>)

[nedbat]

@natea the latest configuration scripts (johnnycake) weren't configured properly for codejail when running for development. You can fix the problem a few ways:

1. if you don't care to run under a strict codejail environment, you can remove the virtualenv used for sandboxed execution. This will tell the server to go ahead and execute the code directly instead of with CodeJail: $ rm -rf /edx/app/edxapp/venvs/edxapp-sandbox

2. if you want to run with CodeJail, you can fix the sudoers file: /etc/sudoers.d/95-sandbox has four lines in it, and they should all start with the name of the user running the LMS. If it says "www-data", it will work for fullstack. To make it work for devstack, change those four lines to have "edxapp" instead.

[morenopc]

I've running into a similar issue here #29 (comment)

venvs structure:

vagrant@precise64:/edx/app$ ls -la xserver/venvs/
total 16
drwxr-xr-x 4 xserver xserver 4096 Oct  9 20:43 .
drwxr-xr-x 4 xserver xserver 4096 Oct  6 20:22 ..
drwxr-xr-x 8 xserver xserver 4096 Oct  6 22:18 xserver
drwxr-xr-x 7 xserver xserver 4096 Oct 16 19:53 xserver-sandbox

/etc/sudoers.d/01-sandbox

vagrant@precise64:/edx/app$ sudo vi /etc/sudoers.d/01-sandbox
xserver ALL=(sandbox) SETENV:NOPASSWD:/edx/app/xserver/venvs/xserver-sandbox/bin/python
xserver ALL=(sandbox) SETENV:NOPASSWD:/usr/bin/find
xserver ALL=(ALL) NOPASSWD:/usr/bin/pkill
makeitso ALL=(sandbox) NOPASSWD:/usr/bin/python-sandbox

xserver sandbox virtual environment python seems to be working

(xserver)xserver@precise64:/edx/app/xserver/venvs$ sudo -u sandbox xserver-sandbox/bin/python
Python 2.7.3 (default, Feb 27 2014, 19:58:35) 
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>
vagrant@precise64:/edx/app$ sudo -u sandbox xserver/venvs/xserver-sandbox/bin/python
Python 2.7.3 (default, Feb 27 2014, 19:58:35) 
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> 

[nedbat]

@morenopc I don't understand: do you have a problem that needs fixing?

[morenopc]

Yes @nedbat. Can you please take a look at #29. Thanks.