Tonight I created a new jail, and later installed sudo into that jail. Then I tried to run sudo:
$ sudo make install clean sudo: effective uid is not 0, is sudo installed setuid root?
What?
It is setuid:
$ ls -l `which sudo` -rwsr-xr-x 1 root wheel 117112 Jul 26 17:08 /usr/local/bin/sudo
I had no idea.
wxs had the answer: mount points.
Here is the problem, as revealed by this command in the jail:
$ mount system/usr/jails/crey.unixathome.org on / (zfs, local, noatime, nosuid, nfsv4acls) $
And on the host system, you can see this:
$ mount | grep pg92 system/usr/jails/pg92.example.org on /usr/jails/pg92.example.org (zfs, local, noatime, nosuid, nfsv4acls) /usr/jails/basejail on /usr/jails/pg92.example.org/basejail (nullfs, local, read-only) devfs on /usr/jails/pg92.example.org/dev (devfs, local, multilabel) fdescfs on /usr/jails/pg92.example.org/dev/fd (fdescfs) procfs on /usr/jails/pg92.example.org/proc (procfs, local)
See that nosuid? That’s the problem.
A problem which is easily fixed by issuing this command in the host system:
# zfs set setuid=on system/usr/jails
Then, in the jail:
$ sudo ls Password: .bash_history .bashrc .forward .login_conf .mailrc .rhosts .ssh .bash_profile .cshrc .login .mail_aliases .profile .shrc $
You may have to adjust the exact command to fit your filesystems.
