Pihole won't save Settings -> sudo: /etc/sudo.conf is world writable

Hi!

Fairly new to Docker. Was running Pihole and unbound (mvance) on a Raspi since three years now without any problems. My old NAS died an I bought mysel a Qnap. Now I wanted to setup Pihole and unbound on the NAS, so I don't need two devices.

I installed Pihole and unbound through portainer and everything works except, I can't save any settings. I tried to set the unbound IP as my upstream DNS and it says saved, but it doesn't. I checked the Log through portainer and saw this entry:

sudo: /etc/sudo.conf is world writable
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
sudo: /etc/sudo.conf is world writable
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
sudo: /etc/sudo.conf is world writable
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

I tried to find a solution somewhere, but I'm not sure, how to set the right permissions. Can anyone here help me out with the command to solve this issue? Don't want to try something and crash my permissions on the NAS accidentally.

thanks a lot for your help in advance :slight_smile:

Greetings!

Hey,

I’ve had the same issue yesterday. For me those errors always appeared in my log when I tried changing dns settings. I’ve tried countless ways to reconfigure and reclaim the folders but nothing worked.

I’ve done a „sudo apt-get install --reinstall docker-ce“ and I recreated my PiHole container after backing up my stuff and now it works again without any errors appearing in log. For me no files disappeared but I’d still recommend a backup of any important files.

Hi!

Thx a lot for your answer. Sadly won't work for me :neutral_face:

root@pihole:/# sudo apt-get install --reinstall docker-ce
sudo: /etc/sudo.conf is world writable
sudo: /etc/sudo.conf is world writable
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: /usr/lib/sudo/sudoers.so must be only be writable by owner
sudo: fatal error, unable to load plugins

Also deleted the container and recreated it via Portainer, but still the same issue from the start after that.

sudo: /etc/sudo.conf is world writable
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
sudo: /etc/sudo.conf is world writable
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
sudo: /etc/sudo.conf is world writable
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

Are you seeing these messages inside the container or on the host?

Are you using volumes? Can you show the compose file or docker run command used to start the container?

Blockquote
Are you seeing these messages inside the container or on the host?

I see this messages inside the container Log, when I access it through the portainer GUI.

Blockquote
Are you using volumes? Can you show the compose file or docker run command used to start the container?

I use one Volume on my Qnap and also one in Portainer. I'm starting the container through Portainer.
I used this Guide to setup the Pihole Container and thougt there is something wrong with the deployment and tried another Guide to setup the Conatiner through portainer and not through Container Station and still have the same messages in the log.
I'm sure, there is a mistake on my side, but I don't know where.

I didn't watch the video you used as a Guide, but reading through the comments there are people warning this guide is not working as expected.

Maybe this video is not the best source. Some comments are not very promising:

I just tried this PiHole install and it broken container station and it now won't load. It had to restart the NAS too even login to it but it just disappears off the network and I have to restart again. It's completely bricked

BE AWRE OF RISK OF BRICKING your NAS by this guide! I followed the instructions and almost got my NAS bricked! The moment I created the pi-hole container, I lost connection to my NAS -- web console and file server, basically the IP of my NAS is unreachable. I spent hours to figure out why: when you create the container using bridge network, QNAP will automatically create a Virtual Switch attached to you ethernet interface/adapter. And if your firewall has strict policy to only allow connection from the ethernet adapter, that rule will ridiculously become nonfunctional, making your NAS inaccessible from your LAN. I had to to connect a monitor to the NAS to be able to rescue it. All I can say is QNAP makes really sh*tty software!

Yeah was also the reason, why I tried it with Portainer after that, without Container Station but still no difference. So weird, that unbound is working and also tried AdGuard Home, just that I know if there is a problem overall, but AdGuard and unbound are working flawless. Just don't like AdGuard at all to use.

If you want to try one more time using Portainer, my suggestion is:

  • use a compose file. Start with the official one;

  • edit the file to use the correct paths for the volumes, include any other options and environment variables;

  • in Portainer, open the Stacks page:

    or

  • create a new Stack clicking on the + Add Stack button;

  • paste the file contents on the editor window and click on the Deploy the stack button.

Thx again for your time and help.

I want to set the IP 192.168.178.65 out of my mcvlan as my IP adress. I created the macvlan already in Portainer. COuld you please help me out, to add this to my File?

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole_docker
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: 'Europe/Berlin'
      # WEBPASSWORD: 'ChangeMeNow'
    # Volumes store your data between container upgrades
    volumes:
      - './share/Docker/pihole/etc'
      - './share/Docker/pihole/dnsmasq'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    restart: always

The next idea I have is to setup unbound (192.168.178.66) as the DNS1 in the deployment, that I don't have to change it afterwards. I do add this like this?

I'm modifying your example above:

version: "3"

services:
  pihole:
    container_name: pihole_docker
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" (or "macvlan")
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: 'Europe/Berlin'
      # WEBPASSWORD: 'ChangeMeNow'
    # Volumes store your data between container upgrades
    volumes:
      - './share/Docker/pihole/etc'
      - './share/Docker/pihole/dnsmasq'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    restart: always

    # THIS IS THE NEW PART - you need to define the network for Pi-hole
    networks:
      macvlan_network:
        ipv4_address: 192.168.178.65

# Here you will declare the network details.
networks:
  macvlan_network:
    external:
      name: macvlan_network # This must be the same name you used when you created the macvlan

You need to know the macvlan name and replace it above.

You can add the environment variable in the compose file (like you did with TZ and WEBPASSWORD) to keep all values in one place.

    (...)

    environment:
      TZ: 'Europe/Berlin'
      # WEBPASSWORD: 'ChangeMeNow'
      # FTLCONF_LOCAL_IPV4: `192.168.178.65` # is just a suggestion
      PIHOLE_DNS_: '192.168.178.66'  # set your upstream DNS servers 

    (...)

I'm using PIHOLE_DNS_ here, because DNS1 and DNS2 were deprecated a long time ago.

I put in the IP from my NAS in "FTLCONF_LOCAL_IPV4", right?

Portainer says: There is an error in the yaml syntax: YAMLSyntaxError: All collection items must start at the same column I use Notepad++ and for me it looks ok. Do you have a suggestion for a better Editor?

Thx again for your patience.

version: "3"

services:
  pihole:
    container_name: pihole_docker
    image: pihole/pihole:latest
   # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" (or "macvlan")
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: 'Europe/Berlin'
      WEBPASSWORD: 'ChangeMeNow'
	  FTLCONF_LOCAL_IPV4: '192.168.178.101' # is just a suggestion
      PIHOLE_DNS_: '192.168.178.66'  # set your upstream DNS servers 
	# Volumes store your data between container upgrades
    volumes:
      - './share/Docker/pihole/etc'
      - './share/Docker/pihole/dnsmasq'
    #  https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    restart: always
    # Define Network
    networks: '192.168.178.0/24'
     macvlan_network: '192.168.178.64/27'
      ipv4_address: '192.168.178.65'
    # Declare Network Details
    networks: '192.168.178.0/24'
     macvlan_network: '192.168.178.64/27'
      external: true
       name: macvlan

If you are using macvlan, the container has its own IP and you should use it.

This block shouldn't be indented (like services:):

-    # Declare Network Details
-    networks: '192.168.178.0/24'
-     macvlan_network: '192.168.178.64/27'
-      external: true
-       name: macvlan
+# Declare Network Details
+networks: '192.168.178.0/24'
+  macvlan_network: '192.168.178.64/27'
+    external: true
+      name: macvlan

Hi again

Sorry for the late response. Had to adjust the Network part but now I could deploy the stack and the DNS Server is correct and the probolpems from before are gone, but now I see this in my "Pi-hole diagnosis"

My final compsoe file was:

version: "3"

services:
 pihole:
  container_name: pihole_docker
  image: pihole/pihole:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host" (or "macvlan")
  ports:
   - "53:53/tcp"
   - "53:53/udp"
   - "80:80/tcp"
  environment:
   TZ: 'Europe/Berlin'
   WEBPASSWORD: 'ChangeMeNow'
   FTLCONF_LOCAL_IPV4: '192.168.178.67' # is just a suggestion
   PIHOLE_DNS_: '192.168.178.66'  # set your upstream DNS servers 
# Volumes store your data between container upgrades
  volumes:
   - './share/Docker/pihole/etc:/etc/pihole/'
   - './share/Docker/pihole/dnsmasq:/etc/dnsmasq.d/'
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
  restart: always
  networks:
      macvlan:
        ipv4_address: 192.168.178.67

networks:
  macvlan:
    external: true
    name: macvlan

I saw something what seems weird to me and maybe this is the reason for the message? The mapping path is different like the ones I set in the Compose File or was ist maybe wrong, what I did in the Compose FIle?

Compose File:
'./share/Docker/pihole/etc:/etc/pihole/'
'./share/Docker/pihole/dnsmasq:/etc/dnsmasq.d/'

Container:
/data/compose/26/share/Docker/pihole/etc -> /etc/pihole/
/data/compose/26/share/Docker/pihole/dnsmasq -> /etc/dnsmasq.d

I can access the path and see the some files there.

./share/Docker/pihole/etc is a relative path.

/data/compose/26/share/Docker/pihole/etc is an absolute path.

You probably started the container from /data/compose/26.
Then the original path (/data/compose/26) combined with the relative path (./share/Docker/pihole/etc) resulted in the final path: /data/compose/26/share/Docker/pihole/etc.

1 Like

This means your disk is 94% full.

Pi-hole is not causing the issue, it just noticed the disk is almost full.

This is so weird. I have only one big Volume on my NAS and over 4.5TB of free Space on my NAS. Checked my Pihole-Log on my Raspberry aswell and it is after all this years only this big.

I created now a new empty Database and connected my Phone to test, if the log will be again fast as full as before.

Thank you again for your time and patience. Really appreciate it :slight_smile: