[sudo-users] sudo in chroot with chmod 750 /
Todd C. Miller
Todd.Miller at courtesan.com
Thu Feb 24 22:19:55 EST 2005
In message <60D45469A1AAD311A04C009027B6BF6804FCF035 at server20.inside.oracorp.co
so spake Steve Brueckner (steve):
> Well, it looks like the problem had to do with group IDs not getting set. I
> added group steve to root's list of groups in /etc/group and
> /chroot-dir/etc/group (probably only needed to do this in one or the other)
> and sudo now works to drop privilege from root to steve with the chroot
> directory at chmod 750.
> I'm still confused as to why root couldn't open /etc/sudoers, though.
By default sudo relies on group permissions to read sudoers.
That way it can work in an NFS environment where uid 0 is mapped
to -2. However, you've made / inaccessible for most users
and so sudo cannot read the sudoers file.
> And why sudo tries to access the sendmail directory.
Sudo tries to send mail when there is a severe problem.
More information about the sudo-users