Tmux as root broken?

Hi,
I just noticed that I cannot start a tmux session as the root user anymore under TrueNAS 24.10:

image

I also noticed, that I cannot become root anymore by running sudo su -:
image

I think, that this is related. As this happened on an upgraded 24.10 instance as well as on a freshly installed 24.10.0.2 environment (with restored settings from 24.04) I also think that it is not due to something I may have fucked up but that it is probably a bug.

Running tmux as another user still works, as does becoming root by running sudo su but that does not create an actual root-environment.

Could someone check if this happens for them as well and maybe advise on how to fix this?
I don’t want to file a bug report with iX before having properly qualified this error.

https://bugzilla.sudo.ws/show_bug.cgi?id=1050

It’s a bug in the upstream debian sudo package. You should be able to tmux as normal user then sudo su to root.

Okay thanks, that should solve itself in one of the next updates then.

I already noticed that I can work around this more or less.

It probably won’t be in a 24.10 release since an updated package is not available in stable-backports or security for debian (only testing). You’re probably not going to see a fix until 25.04 or 25.10 depending on when trixie is released.

That’s a bit disappointing.

I took a closer look at the bug report and wrote the following snippet as a workaround:

if ! grep -qF 'Defaults !intercept_verify' /etc/sudoers && dpkg -s sudo | grep -qF 'Version: 1.9.13'; then
  echo 'Defaults !intercept_verify' >> /etc/sudoers
fi

I put it in a script that runs on each reboot of my TN machine, works like a charm.

Do note that you are intentionally disabling a security feature of sudo. This is generally not appropriate.

1 Like

I haven’t tried it as root directly, but it may be related to the fact that su has been deprecated by TrueNAS Scale. If you run /bin/sudo /bin/bash directly, rather than trying to call sudo su - as a login process, it should work fine.

Meanwhile, running tmux as someone with sudoers permissions and then calling sudo bash or sudo zsh works fine for me, too. Since direct root logins are also documented as deprecated in TrueNAS, and generally a bad idea in general, try one of these two options instead.

2 Likes

I looked at it as a security feature from the get-go. But I also added a macro to my terminal app to auto-run sudo su after ssh’ing into truenas.