linuxembedded-linuxbootnfsrootfs

Busybox SUID on NFS rootfs

I am building a Linux system from the bottom for a Beagle Bone board. I have compiled the vanilla kernel and built a basic root file system with busybox. The system is booted with U-boot, while the rootfs is located on a Linux PC and exported through NFS:

/path/to/rootfs  10.42.0.17(rw,wdelay,no_root_squash,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)

The U-boot bootargs are:

bootargs console=ttyO0,115200n8 root=/dev/nfs rw nfsroot=${serverip}:/path/to/rootfs,v3,tcp ip=dhcp

I've encountered a problem when trying to get su working for non-root users. In order to work around the problem people over internet are suggesting to set the suid bit for the busybox binary. After doing so: 

$ sudo chmod u+s busybox

and verifying:

$ ls -la
...
-rwsr-xr-x  1 myuser myuser 1882976 Jan 13 21:47 busybox
...

$ stat -c "%a %n" busybox 
4755 busybox

Something went wrong. The kernel is booting and all of the usual messages are displayed, but it is getting stuck at the end, and no login line is displayed. Here are last few lines of the booting sequence: 

[    3.776185] IP-Config: Complete:
[    3.779656]      device=eth0, hwaddr=c8:a0:30:c5:80:e9, ipaddr=10.42.0.17, mask=255.255.255.0, gw=10.42.0.1
[    3.789877]      host=10.42.0.17, domain=, nis-domain=(none)
[    3.795822]      bootserver=10.42.0.1, rootserver=10.42.0.1, rootpath=
[    3.802492]      nameserver0=10.42.0.1
[    3.871575] VFS: Mounted root (nfs filesystem) on device 0:15.
[    3.879903] devtmpfs: mounted
[    3.883713] Freeing unused kernel memory: 380K (c07ef000 - c084e000)

If removing the flag, the things are returning to normal:

....
[    3.862291] Freeing unused kernel memory: 380K (c07ef000 - c084e000)

10.42.0.17 login:

If setting the flag from within the running shell on the Beagle Bone board itself, the shell is stopping responding right after the chmod is performed. I suspect it is something to do with the way the NFS is exporting the rootfs, but it's only a guess, so qualified explanation and possible solution would be helpful.

Solution

  • After some research I will answer my question myself. The answer is very simple. In order the above to work, the busybox binary should be owned by root:root. The simplest solution is just to change the ownership.