Open markfaine opened 4 years ago
Well actually, that's how sudo
works...
/usr/bin/sudo
/usr/bin/sudo
has the Sticky Bit set for the User (aka SUID) and the file is owned by the root
user to the program will run as root
even though you executed it as a non-root user./usr/bin/sudo
reads the configuration files in /etc
and will execute other commands as allowed by the configuration files.So, if the file system dose not support the SUID bit, /usr/bin/sudo
will not run as the root
user with UID 0
but instead will run as your non-root user which is not capable of elevating it's privileges.
I've never tired it but maybe if you give the /usr/bin/sudo
binary CAP_ADMIN
it would work?
Expected behavior
Users with valid sudoers configuration should be able to use sudo
Actual behavior
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
Steps to reproduce the behavior
docker run --rm -it my-namespace/ansible sudo -l
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.)
The container is ubuntu:latest and this is not an issue on other containers. This is the first time I've seen it.