problem using sudo on nis environment

donald.ritchey at donald.ritchey at
Thu Jul 24 15:39:26 EDT 2003

Check your settings on the /etc/exports file for NFS.  The default setting
of most NFS servers is to map the root user ID to 'nobody:nogroup' on the
client to prevent remote attacks on the server through the client's access
to shared file systems.  In this case, even though you are root on the
client, the access given by the NFS server to the underlying file system is
that of an unprivileged user, so root on the client cannot access files on
the shared file system that are protected by permission settings.

You choices are:
	1.  To selectively enable root access on a per-client basis by
	 "-root=client1,client2,..." to the export lines at issue.
	2.  Globally enable root access to all clients with '-root=0'.
	3.  Figure out a different access method to do what you want to do.

Note that choices 1 or 2 have distinct security risks associated with them.
Be careful with how you implement any remote root access strategies, since
these can now become avenues for attack for a remote assault on your NFS
file server.

Good luck,


Donald L. (Don) Ritchey
E-mail:  Donald.Ritchey at

-----Original Message-----
From: Sarkar, Anirban [mailto:ASarkar at]
Sent: Thursday, July 24, 2003 1:33 PM
To: 'sudo-users at'
Subject: problem using sudo on nis environment

I have a NIS environment with a linux 7.3 as the NIS master and solaris 5.8
as the client, all the functionality in NIS works properly.I'm also rinning
nfs to automount the home directories of the users from the NIS master, when
the user logs on to the client.

I want to give sudo rights to some users on the client machine, when I add a
user on the sudoers, they can run the sudo command but it gives the
following error :

shell-init: could not get current directory: getcwd: cannot access parent
directories: Permission denied
bash: /home/dev121/.bashrc: Permission denied

At this point the user has  uid=0 gid=1(other).
Basically the user has no access to his home directory once he becomes root.

Can anyone please give me a solution to this, I have spent a lot of time
finding the solution of this problem on the net, but no luck yet.

sudo-users mailing list <sudo-users at>
For list information, options, or to unsubscribe, visit:

This e-mail and any of its attachments may contain Exelon Corporation
proprietary information, which is privileged, confidential, or subject 
to copyright belonging to the Exelon Corporation family of Companies. 
This e-mail is intended solely for the use of the individual or entity 
to which it is addressed.  If you are not the intended recipient of this 
e-mail, you are hereby notified that any dissemination, distribution, 
copying, or action taken in relation to the contents of and attachments 
to this e-mail is strictly prohibited and may be unlawful.  If you have 
received this e-mail in error, please notify the sender immediately and 
permanently delete the original and any copy of this e-mail and any 
printout. Thank You.

More information about the sudo-users mailing list