[sudo-users] sudo in chroot with chmod 750 /

Todd C. Miller Todd.Miller at courtesan.com
Thu Feb 24 22:19:55 EST 2005

In message <60D45469A1AAD311A04C009027B6BF6804FCF035 at server20.inside.oracorp.co
	so spake Steve Brueckner (steve):

> Well, it looks like the problem had to do with group IDs not getting set.  I
> added group steve to root's list of groups in /etc/group and
> /chroot-dir/etc/group (probably only needed to do this in one or the other)
> and sudo now works to drop privilege from root to steve with the chroot
> directory at chmod 750.
> I'm still confused as to why root couldn't open /etc/sudoers, though.  

By default sudo relies on group permissions to read sudoers.
That way it can work in an NFS environment where uid 0 is mapped
to -2.  However, you've made / inaccessible for most users
and so sudo cannot read the sudoers file.

> And why sudo tries to access the sendmail directory.

Sudo tries to send mail when there is a severe problem.

 - todd

More information about the sudo-users mailing list