Bug 899

Summary: Unable to install with normal (unprivileged) user
Product: Sudo Reporter: Paul Menzel <pmenzel+bugzilla.sudo.ws>
Component: ConfigureAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED WONTFIX    
Severity: normal    
Priority: low    
Version: 1.8.27   
Hardware: PC   
OS: Linux   

Description Paul Menzel 2019-10-02 04:33:47 MDT 
The installation [1] should not differ if run as root or non-root user.

```
##  Making a directory?
if ${DIRMODE} ; then
    while test $# != 0; do
	DEST="$1"
	if [ ! -d "${DEST}" ] ; then
	    ${MKDIR} "${DEST}" || exit 1
	fi
	if ${CHOWNIT} ; then
	    ${CHOWN} "${OWNER}" "${DEST}" || exit 1
	fi
	if ${CHGROUPIT} ; then
	    ${CHGRP} "${GROUP}" "${DEST}" || exit 1
	fi
	if ${CHMODIT} ; then
	    ${CHMOD} "${MODE}"  "${DEST}" || exit 1
	fi
	shift;
    done
    exit 0
fi
```

[1]: https://www.sudo.ws/repos/sudo/file/18faff6ab915/install-sh
Comment 1 Todd C. Miller 2019-10-02 08:49:43 MDT 
How is this causing a problem for you?  The root check is only performed for the -G, -M and -O flags which sudo doesn't currently use.
Comment 2 Todd C. Miller 2019-10-14 10:39:26 MDT 
Closing due to lack of a reply from the submitter.
Comment 3 Paul Menzel 2019-10-14 10:41:07 MDT 
(In reply to Todd C. Miller from comment #2)
> Closing due to lack of a reply from the submitter.

Sorry, the email preferences were not configured yet, and I was not notified about your comment.
Comment 4 Paul Menzel 2019-10-14 10:52:06 MDT 
(In reply to Todd C. Miller from comment #1)
> How is this causing a problem for you?  The root check is only
> performed for the -G, -M and -O flags which sudo doesn't currently
> use.

We want to build the package for the distribution under an unprivileged user. The changes below work around the issue to not get permission denied errors.

    $ sed -i \
        -e '/ROOT=true/s/true/false/' \
        -e '/CHOWNIT=true/s/true/false/' \
        -e '/CHGROUPIT=true/s/true/false/' \
    install-sh

The error is below, where `chown` was run in a wrapper.

```
#BEEWRAP-chown# [13289] chown 0 /scratch/local2/beehive/sudo-1.8.22-0/buildroot/sudo/sudo-1.8
.22-0/image/usr/libexec/sudo/libsudo_util.so.0.0.0
chown: changing ownership of '/scratch/local2/beehive/sudo-1.8.22-0/buildroot/sudo/sudo-1.8.2
2-0/image/usr/libexec/sudo/libsudo_util.so.0.0.0': Operation not permitted
make[1]: *** [Makefile:221: install] Error 1
```
Comment 5 Todd C. Miller 2019-10-14 11:03:24 MDT 
You could do what the package build target does and run something like:

make INSTALL_OWNER= install

which will skip the chown/chgrp.
Comment 6 Paul Menzel 2019-10-15 04:59:30 MDT 
Thank you. Also looking more into it, in `Makefile.in` there is

    INSTALL_OWNER = -o $(install_uid) -g $(install_gid)

    […]

    # User and group ids the installed files should be "owned" by
    install_uid = 0
    install_gid = 0

This will fail, if you build as a normal user. (And I should update the bug description. Sorry about the confusion.)

So, why would you hard code that to 0, and not leave it be?
Comment 7 Todd C. Miller 2019-10-15 07:35:18 MDT 
The uid is set explicitly because sudo itself is installed setuid.  It is better to fail to install than to install a sudo binary that it setuid to the wrong user.