Trouble with sudo in chroot
John Oliver
joliver at john-oliver.net
Fri Dec 20 14:23:35 EST 2002
On Fri, Dec 20, 2002 at 12:16:22PM -0700, Todd C. Miller wrote:
> It uses whatever path /etc/sudoers equates to inside the chroot space.
OK. I thought it would, but wasn't sure.
> Also note that if /usr/sbin/makemap doesn't exist inside the
> chroot jail then you will get a confusing message from sudo.
[joliver at ns joliver]$ ls -l /home/blist/usr/sbin/makemap
-r-xr-xr-x 1 root root 37808 Nov 30 15:23
/home/blist/usr/sbin/makemap
[joliver at ns joliver]$ su - blist
Password:
bash-2.05$ ls -l /usr/sbin/makemap
-r-xr-xr-x 1 root root 37808 Nov 30 23:23
/usr/sbin/makemap
> For debugging purposes, I would suggest the following at the top
> of the sudoers file in your chroot jail:
>
> defaults path_info, !authenticate
[joliver at ns joliver]$ su - blist
Password:
bash-2.05$ makevirt
>>> sudoers file: syntax error, line 1 <<<
sudo: parse error in /etc/sudoers near line 1
/bin/makevirt: line 2: 13811 Broken pipe sudo makemap hash
/etc/mail/virtusertable </etc/mail/virtusertable
bash-2.05$ exit
logout
[joliver at ns joliver]$ sudo cat /home/blist/etc/sudoers
defaults path_info, !authenticate
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers
file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
blist ALL=NOPASSWD: /bin/makevirt
blist ALL=NOPASSWD: /usr/sbin/makemap hash /etc/mail/virtusertable
blist ALL=NOPASSWD: /usr/sbin/makemap
--
John Oliver, CCNA http://www.john-oliver.net/
Linux/UNIX/network consulting http://www.john-oliver.net/resume/
*** sendmail, Apache, ftp, DNS, spam filtering ***
**** Colocation, T1s, web/email/ftp hosting ****
More information about the sudo-users
mailing list