why now "sudo: must be setuid root"

genterminl

I don't think it's been that long since I last used sudo, but today I get the "must be setuid root" error, and sure enough "ls -l /usr/bin/sudo" gives me "---x--x--x 2 root root 147632 Mar 3 13:12 /usr/bin/sudo" Reinstalling doesn't change this, and "eix app-admin/sudo" gives me " Installed versions: 1.7.2_p4(13:12:29 03/03/10)(pam -ldap -offensive -selinux -skey)"

I know I can do "chmod +s /usr/bin/sudo" but I'm curious whether this is indicative of some other problem.

Am I missing something obvious?

Jack

ursusca · Posted: Wed Mar 03, 2010 7:14 pm Post subject:

Hello,

Try this way:

ppurka · Advocate Joined: 26 Dec 2004 Posts: 2782

papahuhn · Guru Joined: 06 Sep 2004 Posts: 472

Well, if not suid root, how should sudo give root privileges?
_________________
Death by snoo-snoo!

patrikas · Tux's lil' helper Joined: 28 Nov 2009 Posts: 106

Make sure executable got overwritten when you reinstalled it. Are you using collision-protect or protect-owner features ?

genterminl · Posted: Wed Mar 03, 2010 10:26 pm Post subject:

patrikas: the timestamp on sudo is the time I did the emerge today, so I'm pretty sure it did get the new copy.

ppurka: I'm not questioning whether making sudo setuid root is a security issue; I know that's how it is supposed to be. I'm wondering why mine is NOT setuid root, and whether that is indicating some other security issue.

It looks like this new version got installed Mar 1, so I'm assuming that's when the change happened, but if there was a problem with the ebuild, I would expect other people to have the problem also. I can easily fix my immediate problem - I'd just love to know why/how it happened.

Mad Merlin · Veteran Joined: 09 May 2005 Posts: 1066

Gentree · Posted: Fri Mar 19, 2010 7:25 am Post subject:

That's odd , my windows machine says it needs to reboot every time I change anything. Isn't Linux the same ?

_________________
Linux, because I'd rather own a free OS than steal one that's not worth paying for.

KX7-333 , AthlonXP1800+ @2.3GHz
AthlonXP-M on A7N8X @ 2.6/2.4GHz (winter/summer)
2.6.32-hh1 : portage ~x86

Genone · Posted: Mon Mar 22, 2010 1:57 am Post subject:

Do you eventually use the suidctl and/or sfperms FEATURES in make.conf?

genterminl · Posted: Mon Mar 22, 2010 2:54 am Post subject:

Great question - but no, I don't use either of those. I didn't even know about them until your post.

M · Guru Joined: 12 Dec 2006 Posts: 414

It happens to me, often, when I mount over nfs old laptop on desktop machine and update sudo or xorg-server, always have to manually setuid. And I have rpc.idmapd started. Maybe you use something similar, just a guess.

genterminl · Posted: Mon Mar 22, 2010 7:58 pm Post subject:

The only thing close is that PORTAGE_TMPDIR points to a directory mounted over NFS. /usr is within / which is a local mount.

genterminl · Posted: Mon Jan 30, 2012 5:35 pm Post subject:

I just upgraded sudo (now 1.8.2-r1) as part of a recent world update, and again, /usr/bin/sudo got installed WITHOUT suid set. Lot's of googling, and no answers, except one hint buried in this topic.

If I emerge sudo with PORTAGE_TMPDIR set to a local disk, /usr/bin/sudo gets installed setuid.
If I emerge sudo with PORTAGE_TMPDIR set to an nfs4 mount, /usr/bin/sudo gets installed without setuid.

This is yet another problem with PORTAGE_TMPDIR on an nfs4 mount, but at least I know why the setuid isn't happening.

This was my original post on the issue. I'll probably start a new thread summarizing my current understanding, but the bottom line is that setting PORTAGE_TMPDIR to someplace mounted over nfs4 is going to cause various problems, not all of them consistent.

mcclung · n00b Joined: 24 Apr 2005 Posts: 9

What are the export and mount options on your nfs filesystem? What kind of NFS server is it?

genterminl · Posted: Wed Feb 01, 2012 3:11 pm Post subject:

First, if I remember correctly, using nfs3 does not cause any of these problems, but at this point, I'm trying to find the cause, not just make it work.
The nfs server (ffortso3) is Ubuntu 11.10. The relevant lines from /etc/export are

mcclung · n00b Joined: 24 Apr 2005 Posts: 9

I was expecting something else. In hindsight, I guess what I was looking for would have been pretty obvious.

genterminl · Posted: Thu Feb 02, 2012 1:31 pm Post subject:

For completeness, I suppose I should also specify that I do have idmapd running, with the same domain specified on both machines.

myk002 · n00b Joined: 06 Mar 2012 Posts: 2

after struggling with this for a few days, I accuse 'strip' as the culprit.

# emerge sudo
# ls -l /usr/bin/sudo
---x--x--x 2 root root 71144 Mar 6 10:32 /usr/bin/sudo
# FEATURES=nostrip emerge sudo
# ls -l /usr/bin/sudo
---s--x--x 2 root root 84221 Mar 6 10:34 /usr/bin/sudo
# strip /usr/bin/sudo
---x--x--x 2 root root 71256 Mar 6 10:32 /usr/bin/sudo

I have a diskless system, with everything (including root) mounted over nfs (version 3). Interestingly, though, /bin/mount (from util-linux-2.20.1-r1) is correctly setuid, even though it gets stripped.