Deleted a shared library and broke sudo

Because I am stupid, I deleted /lib/libgssapi_krb5.so.2 , which turns out to be crucially important to the system, trying to debug a different error. After I did that, when I run any command with sudo I get

sudo: PAM authentication error: Module is unknown
sudo: a password is required

I have tried the steps outlined here, but if I run pkexec nano /etc/pam.d/common-session-noninteractive I get

Error executing command as another user: Not authorized

This incident has been reported.

And I can’t create a file there with nano, since it requires sudo privileges. Is there any way around this? Any idea why deleting that library broke sudo?

you can try to login as root with

su

and repair your system. otherwise as always : no backup, no mercy

1 Like

output of su:

su: Module is unknown
  • Boot from a live usb medium
  • Mount your installation to e.g. /mnt
  • Run pacman --sysroot /mnt -S krb5

(This might work, though I’ve never done it.)

The file you deleted is from the package krb5 which is a dependecy of auditpam, which is a hard dependency for sudo. The config files in /etc/pam.d are set to load this library which fails because you deleted it.

Thanks, I’ll give this a go.

But the thing is, I had another copy of /lib/libgssapi_krb5.so.2 in an environment called junest, so I added its path to LD_LIBRARY_PATH, and this solved some other issues like opening Dolphin and VSCode, but sudo still won’t work. Why wouldn’t that resolve the sudo issue if it’s purely looking for it as a dependency and the library exists on the LD path?

My guess is that sudo has its own env variables and will not take yours into account.

There might be ways to tell it where to find it, however, simply booting from a live usb and fixing it might be faster and easier.

So I’ve mounted the filesystem to /mnt, then running pacman --sysroot /mnt -S krb5 gives

pacman --sysroot /mnt -S krb5
warning: krb5-1.20.1-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (1) krb5-1.20.1-1

Total Download Size:   1.24 MiB
Total Installed Size:  4.31 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] y
error: could not open file: /etc/mtab: No such file or directory
error: could not determine filesystem mount points
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

Not sure why this is happening. Maybe I can just copy the existing libgssapi_krb5.so.2 into /lib manually?

I think you need to overwrite everything it provides, so try:

pacman --sysroot /mnt -S krb5 --overwrite='/usr`

Note:

The --overwrite argument has potential to brick your system, so use with care.

same error :confused:

If you know what you deleted from where
you could just download the package
for instance from this mirror here:

https://mirror.alpix.eu/manjaro/stable/core/x86_64/krb5-1.20.1-1-x86_64.pkg.tar.zst

unpack it
and copy the file you need to the place where it was.

The file itself is in /usr/lib
it is: libgssapi_krb5.so.2.2
and two symlinks to it:
libgssapi_krb5.so.2
libgssapi_krb5.so

libgssapi_krb5.so.2 is not the file itself - it is a symlink to the actual file libgssapi_krb5.so.2.2

Or perhaps it is even still available in your pacman cache?
/var/cache/pacman/pkg

The procedure is not really lege artis, but if you know what you did, reverting it this way will do no harm.

Then I’m guessing you need to boot into a live environment, from there enter a chroot environment, and then reinstall sudo:

How to chroot

  1. Ensure you’ve got a relatively new ISO or at least one with a still supported LTS kernel.

  2. Write/copy/dd the ISO to a USB thumb drive.

  3. When done, boot with the above mentioned USB thumb drive into the live environment.

  4. Once booted, open a terminal and enter the following command to enter the chroot encironment:

manjaro-chroot -a
  1. If you have more than one Linux installation, select the correct one to use from the list provided.

When done, you should now be in the chroot environment.

But, be careful, as you’re now in an actual root environment on your computer, so any changes you make will persist after a restart.

Once you’re in the chroot environment, reinstall sudo:

pamac reinstall sudo --overwrite='usr/*'

Hope this is it!

This should work, too.

I recommend reinstalling the krb5 package afterwards just to make sure it’s correctly installed again.

Try manjaro-chroot -a instead to chroot your Manjaro partition. And then just:

pacman -S krb5

This is what I ended up doing; chroot onto the filesystem, copied the symlink from the junest environment where it was available to where I had deleted it from, then sudo worked, and then reinstalled krb5 with pacman. Thanks all for your help.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.