NFS home dirs and sudo

Howard Owen hbo at egbok.com
Sat Jul 27 20:55:07 EDT 2002


Hmm. This acts like the attempt to read the cwd is always done by
root regardless. Perhaps he does have an older version...

Thomas, it sounds like the root (heh) cause of your problem is that your
NFS mounted home has root mapped to nobody. This means that accesses
to your home by root are mapped to a user with no privs at all. This
is a common way to increase the security of NFS servers. If root could
write to the directories these servers export, then root on a client
could do bad things to the shares.

Todd says more recent versions of sudo may prevent you from seeing the
error, because these versions try to read the CWD as the user, before trying
as root. He also adds the caveat that programs you run with sudo, and 
therefore
as root, may get cranky if they can't read the CWD. A work around could be 
something
like the following Perl script:

#!/usr/bin/perl
$pwd=`/bin/pwd`; #works on Linux, BSD and Solaris
if ($ENV{HOME}=~/$pwd/) { # is the current dir under my home?
  chdir "/tmp"; # go somewhere root can read
  $chdired=1; # and flag that we did so
}
$cmd=join " ", at ARGV; # all the arguments. (perl doesen't put prog name in 
$ARGV[0])
print `sudo $cmd`; # execute the command with sudo
chdir $pwd if ($chdired); # cd back if we cd'd in the first place.


--On Friday, July 26, 2002 04:46:40 PM -0600 "Todd C. Miller" 
<Todd.Miller at courtesan.com> wrote:

> That shouldn't be a fatal error--at least not in recent versions
> of sudo.  Sudo will try to get the current working directory first
> as the calling user, and, if that fails, as root.  If that didn't
> work it will print "sudo: Can't get working directory!" and continue.
> Note, however, that not all command are happy about not being able
> to read the current working directory.
>
>  - todd
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>



Howard Owen                    "Even if you are on the right
EGBOK Consultants               track, you'll get run over if you
hbo at egbok.com  +1-650-339-5733  just sit there." - Will Rogers



More information about the sudo-users mailing list