Unable to Run sudo due to getresuid() Not Working on CentOS 3.1
Hi,
I'm currently running a CentOS 3.1 VPS and want to give someone else root access without allowing them to change the root password and lock me out, and I want to apply the same property to my standard user account so that I don't have to logon as root so often. The server is running the latest stable version of cPanel. To this end I have placed the following in the sudoers file: Code:
# Xyrael's SysOp Definitions (2006-02-18) Code:
root@server [/home/tom]# su tom Code:
Sudo version 1.6.7p5 Thanks, Xyrael :) |
I'm reluctant to start reinstalling sudo to get this feature to work, because I don't want to fry anything important because this is a production server, with several hosted websites.
You could build a custom RPM package with sudo under a different path with a slightly different binary name (see configure options). If you need help tell me the exact location of the source RPM. I'll check/build for CentOS 3.3 though. Is there anyway to fix this problem, and has it been documented before? If testing a custom RPM isn't your cup of tea you should take it up with the Sudo maintainers. |
Thanks for the reply.
Changing the name sounds fine as long as the command can be aliased so that it isn't complicated. I don't mind it being built with 3.3 as long as it'll work! I'd be very grateful if you were able to do that for me. Thankyou again. |
You didn't read my post completely or didn't act on it.
//Hint: three major conditions when pricing realty. |
Apologies for not reading properly; thanks for being patient.
I'm not sure where the RPM came from, because I think it was installed by default with the OS. It doesn't appear that they have an RPM, and instead offer the source and easy to use build instructions. However, the upgrade instructions are meant for real pros, and I'm not that yet - would you be able to decipher them for me so that I can attempt to do it? Thanks! I think they can be found on this page: http://sudo.ws/sudo/download.html I'm very grateful for your help:) |
I'm not sure where the RPM came from, because I think it was installed by default with the OS.
Which means it's on the CDR's or mirrors. So the only thing you had to do was use a searchengine to point me to the location of sudo-1.6.7p5-1.1.src.rpm ... OK. here's diff for building sudo. This RPM will have a custom suffix "1.6.7p5.CUSTOM.SETRESUID-0.1", compile sudo with --disable-setresuid, *only* install the sudo binary and install that binary in /opt/sudo/bin which means you must have it in your global PATH or call with a full path to test. I hope you have a box to build RPM's on and know how to apply the diff and build the RPM. Please note that by now this ain't a Linux - Security question anymore, more something like Linux - Software or alike. This thread should be moved there. Code:
--- sudo.spec 2005-06-21 09:44:12.000000000 +0200 redhat/SPECS/sudo.diff redhat/SPECS/sudo.spec redhat/RPMS/i686/sudo-1.6.7p5.CUSTOM.SETRESUID-0.1.i686.rpm here (use "save as" just to be sure). I'd appreciate it if you let me know (here, or by email whatever is faster) ASAP you got. |
Unfortunately, this doesn't appear to work. I installed the rpm successfully that you suggested, and the file was installed well. Then I tried to run it, and got this:
Code:
root@server [/opt/sudo/bin]# su sean |
Sorry, ./sudo must be setuid root.
Make sure it's root-owned: chown root.root /opt/sudo/bin/sudo then make it setuid-root: chmod 4755 /opt/sudo/bin/sudo" //Moderator.note: I'll move this thread to Linux - General: this isn't a security issue AFAIK. |
me, not evil being...
* For anyone reading this who didn't have doubts about the practice of installing custom RPM's w/o checksum, w/o .src.rpm: trivialities like "reputation" should not be mistaken as a basis for reassurance. Always ask for the Source, Luke!
|
Code:
sean@silentflame.com [~/www/portal]# /opt/sudo/bin/sudo cd /root |
Waddaya think?
Might be something VPS catches. Please take it up with the Sudo maintainers. If they have any fix, workaround or whatever else I'd appreciate a reply from you here. Sorry we couldnt be of more help. |
Don't worry, you've already given more than I expected and I will certainly visit this site again, perhaps as a helper rather than a helped next time.
I'll drop the sudo team a line. Thanks, Xy |
I'd like to reopen this topic.
For other reasons unrelated to this, I have moved to another vps provider. Sudo appears to work. Unfortunately, my sudo config file as shown above does not - here is what I get: Code:
root@server [~/newt]# su sean |
I'd like to reopen this topic.
On LQ it's kinda customary to open a new thread for a new topic. Keeps the place clean y'know. Sorry, user sean is not allowed to execute '/bin/cat ls /root' as root on server.silentflame.com ...and syslog says? |
Quote:
|
All times are GMT -5. The time now is 10:56 PM. |