Vagrant::Butcher "sudo: no tty present and no askpass program specified" when trying to "cat /etc/chef/client.pem"


Solution 1

This is ultimately not a vagrant-butcher issue; that plugin only happened to suffer from the problem first. Also any following vagrant operation would have failed too.

Vagrant requires password-less sudo permissions. Seems that the base box declared it in /etc/sudoers which you overwrite with the sudo cookbook.

You have at least the following choices:

  1. Set the node['authorization']['sudo']['passwordless'] attribute to true.
  2. Don't include the default recipe of the sudo cookbook at all.
  3. Use the sudo LWRP to grant password-less sudo access to the vagrant user.
  4. Use or build a base box which already uses /etc/sudoers.d/.

Solution 2

tmatilai covered the issue very well, however I thought I'd post my solution here for future reference. I found the same workaround as he mentioned as option #3, to write a recipe adding a sudoers.d config file for the vagrant user. This forced me to modify the sudo community cookbook to support the SETENV option. Otherwise you get the error:

sudo: sorry, you are not allowed to preserve the environment

The resulting file is /etc/sudoers.d/vagrant, note that it requires both NOPASSWD and SETENV:

# This file is managed by Chef.
# Do NOT modify this file directly.

vagrant  ALL=(ALL) NOPASSWD:SETENV: /bin/

Here are the changes I made:

File: sudo/recipes/default.rb

# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
  sudo 'vagrant' do
    user      'vagrant'
    runas     'ALL'  # can run as any user
    host      'ALL'  # from any Host/IP
    nopasswd  true   # prepends the runas_spec with NOPASSWD
    setenv    true   # prepends the runas_spec with SETENV
    commands  ['/bin/']  # let the user run anything in /bin/ without a password

File: sudo/resources/default.rb

# add new attribute "setenv"
attribute :setenv,     :equal_to => [true, false],  :default => false

# include it in the state_attrs list
state_attrs :commands,

File: sudo/providers/default.rb

# in render_sudoer, add setenv to the variables list
variables     :sudoer => sudoer,
              :host =>,
              :runas => new_resource.runas,
              :nopasswd => new_resource.nopasswd,
              :setenv => new_resource.setenv,
              :commands => new_resource.commands,
              :defaults => new_resource.defaults

File: sudo/templates/default/sudoer.erb

# generate SETENV option in the config file entry
<% @commands.each do |command| -%>
<%= @sudoer %>  <%= @host %>=(<%= @runas %>) <%= 'NOPASSWD:' if @nopasswd %><%= 'SETENV:' if @setenv %> <%= command %>
<% end -%>
Author by


android (java), ios (obj-c), windows (dotnet), *nix (perl, php), html+jquery+css

Updated on June 29, 2022


  • Alan
    Alan over 1 year

    Ubuntu 10.04.1 LTS with Vagrant 1.4.3 and Vagrant::Butcher 2.1.5.

    I get the following error at the end of "vagrant up":

    [2014-03-17T22:50:56+00:00] INFO: Chef Run complete in 245.448117502 seconds
    [2014-03-17T22:50:56+00:00] INFO: Running report handlers
    [2014-03-17T22:50:56+00:00] INFO: Report handlers complete
    [Butcher] Creating /home/testuser/vagrant_test/.vagrant/butcher
    [Butcher] Failed to create /home/testuser/vagrant_test/.vagrant/butcher/DEV-35-51-client.pem: Vagrant::Errors::VagrantError - The following SSH command responded with a non-zero exit status.
    Vagrant assumes that this means the command failed!
    cat /etc/chef/client.pem
    Stdout from the command:
    Stderr from the command:
    sudo: no tty present and no askpass program specified
    Sorry, try again.
    sudo: no tty present and no askpass program specified
    Sorry, try again.
    sudo: no tty present and no askpass program specified
    Sorry, try again.
    sudo: 3 incorrect password attempts

    The Chef client runs successfully, and our cookbooks are all installed. One of them is the sudo community cookbook, and I'm thinking we blew away an entry that the vagrant user needs to execute cat to read the client.pem file.

    Can anyone tell me what that might be?


    1) The vagrant user is part of the "sudo" group:

    $ grep sudo /etc/group

    2) The sudoers file contains an entry to let the "sudo" group run any command:

    # This file is managed by Chef.
    # Do NOT modify this file directly.
    Defaults      env_reset
    Defaults      secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
    # User privilege specification
    root      ALL=(ALL:ALL) ALL
    nagios    ALL=(ALL) NOPASSWD: /usr/local/nagios/libexec/
    # Members of the group 'admin' may gain root privileges
    %admin ALL=(ALL) ALL
    # Allow members of group sudo to execute any command
    %sudo     ALL=(ALL:ALL) ALL
    #includedir /etc/sudoers.d
  • Chris
    Chris about 9 years
    Not entirely sure why, but I had to do #1 and #4