you may need to install the SUNWbtool package. On other systems
"ar" may be included in the GNU binutils package.
-Q) Sudo compiles but when I run it I get "Sorry, sudo must be setuid root."
- and sudo quits.
-A) Sudo must be setuid root to do its work. You need to do something like
+Q) Sudo compiles and installs OK but when I try to run it I get:
+ /usr/local/bin/sudo must be owned by uid 0 and have the setuid bit set
+A) Sudo must be setuid root to do its work. Either /usr/local/bin/sudo
+ is not owned by uid 0 or the setuid bit is not set. This should have
+ been done for you by "make install" but you can fix it manually by
+ running the following as root:
+ # chown root /usr/local/bin/sudo; chmod 4111 /usr/local/bin/sudo
+
+Q) Sudo compiles and installs OK but when I try to run it I get:
+ effective uid is not 0, is /usr/local/bin/sudo on a file system with the
+ 'nosuid' option set or an NFS file system without root privileges?
+A) The owner and permissions on the sudo binary appear to be OK but when
+ sudo ran, the setuid bit did not have an effect. There are two common
+ causes for this. The first is that the file system the sudo binary
+ is located on is mounted with the 'nosuid' mount option, which disables
+ setuid binaries. The other is that sudo is installed on an NFS-mounted
+ file system that is exported without root privileges. By default, NFS
+ file systems are exported with uid 0 mapped to a non-privileged uid
+ (usually -2).
+
+You need to do something like
`chmod 4111 /usr/local/bin/sudo'. Also, the file system sudo resides
on must *not* be mounted (or exported) with the nosuid option or sudo
will not be able to work. Another possibility is you may have '.' in
# define CMND_WAIT FALSE
#endif
+#ifdef __TANDEM
+# define ROOT_UID 65535
+#else
+# define ROOT_UID 0
+#endif
+
/*
* Prototypes
*/
static void create_admin_success_flag __P((void));
extern int sudo_edit __P((int, char **, char **));
int run_command __P((const char *path, char *argv[], char *envp[], uid_t uid, int dowait)); /* XXX should be in sudo.h */
+static void sudo_check_suid __P((const char *path));
/*
* Globals
# endif
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
- if (geteuid() != 0)
- errorx(1, "must be setuid root");
+ /* Make sure we are setuid root. */
+ sudo_check_suid(argv[0]);
/*
* Signal setup:
} else {
log_error(NO_EXIT, "timestamp owner (%s): No such user",
def_timestampowner);
- timestamp_uid = 0;
+ timestamp_uid = ROOT_UID;
}
}
return fp;
}
+static void
+sudo_check_suid(path)
+ const char *path;
+{
+ struct stat sb;
+
+ if (geteuid() != 0) {
+ if (strchr(path, '/') != NULL && stat(path, &sb) == 0) {
+ /* Try to determine why sudo was not running as root. */
+ if (sb.st_uid != ROOT_UID || !ISSET(sb.st_mode, S_ISUID)) {
+ errorx(1,
+ "%s must be owned by uid %d and have the setuid bit set",
+ path, ROOT_UID);
+ } else {
+ errorx(1, "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?", ROOT_UID, path);
+ }
+ } else {
+ errorx(1, "effective uid is not %d, is sudo installed setuid root?",
+ ROOT_UID);
+ }
+ }
+}
+
/*
* Close all open files (except std*) and turn off core dumps.
* Also sets the set_perms() pointer to the correct function.
projects / sudo / commitdiff