Permission denied when updating /etc/hosts on host machine

denizdogan commented 6 years ago

It seems that vagrant-hostmanager has a permission problem in updating /etc/hosts on the host machine. This is the first time I've encountered this.

I'm using Vagrant 2.0.1 with VirtualBox 5.1.30, both clean installs, on macOS High Sierra 10.13.2 Developer Beta.

/etc/sudoers.d/vagrant_hostmanager contains:

Cmnd_Alias VAGRANT_HOSTMANAGER_UPDATE = /bin/cp /Users/deniz/.vagrant.d/tmp/hosts.local /etc/hosts
%admin ALL=(root) NOPASSWD: VAGRANT_HOSTMANAGER_UPDATE

My user is part of the admin group:

$ groups deniz
staff everyone localaccounts _appserverusr admin _appserveradm _lpadmin com.apple.sharepoint.group.1 _appstore _lpoperator _developer _analyticsusers com.apple.access_ftp com.apple.access_screensharing com.apple.access_ssh

The ~/.vagrant.d/tmp/ directory is empty:

$ tmp pwd
/Users/deniz/.vagrant.d/tmp
$ tmp ls -la
total 0
drwxr-xr-x   2 deniz  staff   64 Nov 16 12:33 .
drwxr-xr-x  10 deniz  staff  320 Nov 16 12:39 ..

These are the plugins I use:

$ vagrant plugin list
vagrant-env (0.0.3)
vagrant-hostmanager (1.8.7)
vagrant-share (1.1.9, system)
vagrant-vbguest (0.15.0)

Here is my Vagrantfile:

# -*- mode: ruby -*-
# vi: set ft=ruby :

# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  ZONE = "europe-west3-a"

  # vagrant-env
  config.env.enable

  # vagrant-hostmanager
  config.hostmanager.enabled = true
  config.hostmanager.manage_host = true
  config.hostmanager.manage_guest = false

  # local centos VM
  config.vm.define "local", primary: true do |local|
    local.vm.box = "bento/centos-7.4"
    local.vm.hostname = "local.my-project.test"
    local.vm.network "private_network", ip: "10.11.12.13"
    local.vm.provision "shell",
      path: "./Vagrantfile.local.sh",
      privileged: true,
      env: ENV.to_hash

    local.vm.provider "virtualbox" do |v|
      v.memory = 2048
      v.cpus = 2
    end

    local.vm.synced_folder ".", "/vagrant"
  end

  # compute engine VM
  config.vm.define "prod", autostart: false do |cloud|
    cloud.vm.box = "google/gce"
    cloud.vm.hostname = "prod.my-project.test"
    cloud.vm.provision "shell",
      path: "./Vagrantfile.prod.sh",
      privileged: true,
      env: ENV.to_hash

    cloud.vm.provider "google" do |google, override|
      google.google_project_id = ENV['GOOGLE_PROJECT_ID']
      google.google_client_email = ENV['GOOGLE_CLIENT_EMAIL']
      google.google_json_key_location = ENV['GOOGLE_JSON_KEY_PATH']
      google.disk_type = "pd-ssd"

      override.ssh.username = ENV['GOOGLE_SSH_USERNAME']
      override.ssh.private_key_path = ENV['GOOGLE_SSH_KEY_PATH']

      # Make sure to set this to trigger the zone_config
      google.zone = ZONE
      google.zone_config ZONE do |zone|
        zone.name = "mongodb-redis"
        zone.image = "centos-7-v20171025"
        zone.machine_type = "n1-standard-1"
        zone.zone = ZONE
        zone.tags = ["mongodb", "redis", "socketio"]
      end
    end
  end
end

Here is the full output:

$ vagrant destroy -f ; vagrant up
==> prod: VM not created. Moving on...
==> local: VM not created. Moving on...
Bringing machine 'local' up with 'virtualbox' provider...
==> local: Importing base box 'bento/centos-7.4'...
==> local: Matching MAC address for NAT networking...
==> local: Checking if box 'bento/centos-7.4' is up to date...
==> local: Setting the name of the VM: my-project_local_1510832387546_93699
==> local: Clearing any previously set network interfaces...
==> local: Preparing network interfaces based on configuration...
    local: Adapter 1: nat
    local: Adapter 2: hostonly
==> local: Forwarding ports...
    local: 22 (guest) => 2222 (host) (adapter 1)
==> local: Running 'pre-boot' VM customizations...
==> local: Booting VM...
==> local: Waiting for machine to boot. This may take a few minutes...
    local: SSH address: 127.0.0.1:2222
    local: SSH username: vagrant
    local: SSH auth method: private key
    local:
    local: Vagrant insecure key detected. Vagrant will automatically replace
    local: this with a newly generated keypair for better security.
    local:
    local: Inserting generated public key within guest...
    local: Removing insecure key from the guest if it's present...
    local: Key inserted! Disconnecting and reconnecting using new SSH key...
==> local: Machine booted and ready!
[local] GuestAdditions 5.1.30 running --- OK.
==> local: Checking for guest additions in VM...
==> local: Setting hostname...
==> local: Configuring and enabling network interfaces...
    local: SSH address: 127.0.0.1:2222
    local: SSH username: vagrant
    local: SSH auth method: private key
==> local: Mounting shared folders...
    local: /vagrant => /Users/deniz/Code/my-project
==> local: [vagrant-hostmanager:host] Updating hosts file on your workstation (password may be required)...
==> local: Forcing shutdown of VM...
==> local: Destroying VM and associated drives...
/opt/vagrant/embedded/lib/ruby/2.4.0/fileutils.rb:1289:in `initialize': Permission denied @ rb_sysopen - /etc/hosts (Errno::EACCES)
  from /opt/vagrant/embedded/lib/ruby/2.4.0/fileutils.rb:1289:in `open'
  from /opt/vagrant/embedded/lib/ruby/2.4.0/fileutils.rb:1289:in `copy_file'
  from /opt/vagrant/embedded/lib/ruby/2.4.0/fileutils.rb:430:in `copy_file'
  from /opt/vagrant/embedded/lib/ruby/2.4.0/fileutils.rb:357:in `block in cp'
  from /opt/vagrant/embedded/lib/ruby/2.4.0/fileutils.rb:1461:in `block in fu_each_src_dest'
  from /opt/vagrant/embedded/lib/ruby/2.4.0/fileutils.rb:1477:in `fu_each_src_dest0'
  from /opt/vagrant/embedded/lib/ruby/2.4.0/fileutils.rb:1459:in `fu_each_src_dest'
  from /opt/vagrant/embedded/lib/ruby/2.4.0/fileutils.rb:356:in `cp'
  from /Users/deniz/.vagrant.d/gems/2.4.2/gems/vagrant-hostmanager-1.8.7/lib/vagrant-hostmanager/hosts_file/updater.rb:72:in `update_host'
  from /Users/deniz/.vagrant.d/gems/2.4.2/gems/vagrant-hostmanager-1.8.7/lib/vagrant-hostmanager/action/update_all.rb:46:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/config_validate.rb:25:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/provision.rb:80:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/clear_forwarded_ports.rb:15:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/set_name.rb:50:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/clean_machine_folder.rb:17:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/check_accessible.rb:18:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builder.rb:116:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `block in run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/util/busy.rb:19:in `busy'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/call.rb:53:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builder.rb:116:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `block in run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/util/busy.rb:19:in `busy'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/call.rb:53:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builder.rb:116:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `block in run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/util/busy.rb:19:in `busy'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/call.rb:53:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/box_check_outdated.rb:78:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/config_validate.rb:25:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/check_virtualbox.rb:17:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/match_mac_address.rb:19:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/discard_state.rb:15:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/import.rb:74:in `import'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/import.rb:13:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/prepare_clone_snapshot.rb:17:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/prepare_clone.rb:15:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/customize.rb:40:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/check_accessible.rb:18:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builder.rb:116:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `block in run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/util/busy.rb:19:in `busy'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/call.rb:53:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/config_validate.rb:25:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/handle_box.rb:56:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builder.rb:116:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `block in run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/util/busy.rb:19:in `busy'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builtin/call.rb:53:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/plugins/providers/virtualbox/action/check_virtualbox.rb:17:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/warden.rb:34:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/builder.rb:116:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `block in run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/util/busy.rb:19:in `busy'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/action/runner.rb:66:in `run'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/machine.rb:227:in `action_raw'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/machine.rb:202:in `block in action'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/environment.rb:631:in `lock'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/machine.rb:188:in `call'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/machine.rb:188:in `action'
  from /opt/vagrant/embedded/gems/gems/vagrant-2.0.1/lib/vagrant/batch_action.rb:82:in `block (2 levels) in run'

denizdogan commented 6 years ago

Solved this by doing sudo chmod go+r /etc/hosts (add read access to group and others)

cibulka commented 6 years ago

I have the same problem and same configuration, however sudo chmod go+r /etc/hosts does not seem to fix the issue.

/etc/sudoers.d/vagrant_hostmanager contains:

Cmnd_Alias VAGRANT_HOSTMANAGER_UPDATE = /bin/cp /users/Cibulka/.vagrant.d/tmp/hosts.local /etc/hosts
%admin ALL=(root) NOPASSWD: VAGRANT_HOSTMANAGER_UPDATE

My user is part of the admin group:

$ groups cibulka
staff com.apple.sharepoint.group.1 everyone localaccounts _appserverusr admin _appserveradm _lpadmin _appstore _lpoperator _developer _analyticsusers com.apple.access_ftp com.apple.access_screensharing com.apple.access_ssh

My ~/.vagrant.d/tmp/ directory is not empty. Should it be?

$ cd cd ~/.vagrant.d/tmp/
$ ls
hosts.default hosts.local

These are the plugins I use:

$ vagrant plugin list
vagrant-bindfs (1.0.2)
  - Version Constraint: > 0
vagrant-hostmanager (1.8.5)
  - Version Constraint: > 0
vagrant-share (1.1.6)
  - Version Constraint: > 0
vagrant-vbguest (0.13.0)
  - Version Constraint: > 0

I've ran the command @denizdogan suggested, but it does not seem to fix the issue. What have I done wrong?

Thanks in advance!

cibulka commented 6 years ago

It seems, that sudo prompt did not come from vagrant-hostmanager, but from Vagrant NFS setup (I think?).

Anyway, this answer on StackOverflow fixed that for me: https://askubuntu.com/a/519841/737192

Sorry for barking up the wrong tree!

devopsgroup-io / vagrant-hostmanager

Permission denied when updating /etc/hosts on host machine #246