Trouble with sudo in chroot

John Oliver joliver at
Fri Dec 20 14:23:35 EST 2002

On Fri, Dec 20, 2002 at 12:16:22PM -0700, Todd C. Miller wrote:
> It uses whatever path /etc/sudoers equates to inside the chroot space.

OK.  I thought it would, but wasn't sure.

> Also note that if /usr/sbin/makemap doesn't exist inside the
> chroot jail then you will get a confusing message from sudo.

[joliver at ns joliver]$ ls -l /home/blist/usr/sbin/makemap
-r-xr-xr-x    1 root     root        37808 Nov 30 15:23

[joliver at ns joliver]$ su - blist
bash-2.05$ ls -l /usr/sbin/makemap
-r-xr-xr-x    1 root     root        37808 Nov 30 23:23

> For debugging purposes, I would suggest the following at the top
> of the sudoers file in your chroot jail:
> defaults path_info, !authenticate

[joliver at ns joliver]$ su - blist
bash-2.05$ makevirt
>>> sudoers file: syntax error, line 1 <<<
sudo: parse error in /etc/sudoers near line 1
/bin/makevirt: line 2: 13811 Broken pipe             sudo makemap hash
/etc/mail/virtusertable </etc/mail/virtusertable
bash-2.05$ exit
[joliver at ns joliver]$ sudo cat /home/blist/etc/sudoers
defaults path_info, !authenticate

# sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# See the sudoers man page for the details on how to write a sudoers

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
blist   ALL=NOPASSWD: /bin/makevirt
blist   ALL=NOPASSWD: /usr/sbin/makemap hash /etc/mail/virtusertable
blist   ALL=NOPASSWD: /usr/sbin/makemap

John Oliver, CCNA                  
Linux/UNIX/network consulting
***               sendmail, Apache, ftp, DNS, spam filtering         ***
****                Colocation, T1s, web/email/ftp hosting          ****

More information about the sudo-users mailing list