Jul 262013
 

Tonight I created a new jail, and later installed sudo into that jail. Then I tried to run sudo:

$ sudo make install clean
sudo: effective uid is not 0, is sudo installed setuid root?

What?

It is setuid:

$ ls -l `which sudo`
-rwsr-xr-x  1 root  wheel  117112 Jul 26 17:08 /usr/local/bin/sudo

I had no idea.

wxs had the answer: mount points.

Here is the problem, as revealed by this command in the jail:

$ mount
system/usr/jails/crey.unixathome.org on / (zfs, local, noatime, nosuid, nfsv4acls)
$

And on the host system, you can see this:

$ mount | grep pg92
system/usr/jails/pg92.example.org on /usr/jails/pg92.example.org (zfs, local, noatime, nosuid, nfsv4acls)
/usr/jails/basejail on /usr/jails/pg92.example.org/basejail (nullfs, local, read-only)
devfs on /usr/jails/pg92.example.org/dev (devfs, local, multilabel)
fdescfs on /usr/jails/pg92.example.org/dev/fd (fdescfs)
procfs on /usr/jails/pg92.example.org/proc (procfs, local)

See that nosuid? That’s the problem.

A problem which is easily fixed by issuing this command in the host system:

# zfs set setuid=on system/usr/jails

Then, in the jail:

$ sudo ls
Password:
.bash_history   .bashrc         .forward        .login_conf     .mailrc         .rhosts         .ssh
.bash_profile   .cshrc          .login          .mail_aliases   .profile        .shrc
$

You may have to adjust the exact command to fit your filesystems.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive