Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support



Yeah I though maybe permissions but I also adjusted those. This is
whats really strange look at the output of this:

#ls -la /etc
total 900
drwxr-xr-x 3 0 0 4096 Jul 24 17:04 .
drwxr-xr-x 17 0 0 4096 Jul 22 17:00 ..
-rw-r--r-- 1 0 0 11 Jul 22 17:00 group
-rwxr-xr-x 1 0 0 245 Jul 22 17:00 hosts
-rwxr-xr-x 1 0 0 24120 Jul 22 17:00 ld.so.cache
-rwxr-xr-x 1 0 0 28 Jul 22 17:00 ld.so.conf
drwxr-xr-x 2 0 0 4096 Jul 22 17:00 ld.so.conf.d
-rwxr-xr-x 1 0 0 1696 Jul 22 17:00 nsswitch.conf
-rw-r--r-- 1 0 0 144 Jul 24 17:04 passwd
-rwxr-xr-x 1 0 0 66 Jul 22 17:00 resolv.conf
-rw-r--r-- 1 0 0 807103 Jul 22 17:00 termcap

it doesn't even seem to be able to translate the name/groups in the
directory listing.






On Thu, Jul 24, 2008 at 6:14 PM, Jon Kibler <Jon.Kibler@xxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

D M wrote:
OS: RHEL5.2
Openssh: 5.0p1 and now 5.1

I have successfully setup a chroot jail using openssh's new native
jail support and almost everything appears to be working
(ls,cd,cat,uname,etc,ect). However I can't run any commands that
identify the user.. such as ld -un whoami logname. They all fail with
this result:

#whoami
whoami: cannot find name for user ID 503
#id
uid=503 gid=504 groups=504
#id -un
id: cannot find name for user ID 503
503
#logname
503

I don't mean to ask really dumb questions, but can you:
cat /etc/passwd
cat /etc/group
grep -F ':503:' /etc/passwd
grep -F ':504:' /etc/group

from within the jail?

If not, you may have directory ownership/permissions problems. For
example, in a jail, make sure /etc o:g=root:root & perm=0551.

I know you said you have checked... but just adding another approach.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiJDNQACgkQUVxQRc85QlPIgACgkdQ9F8Z954/Tv4//kb9JgtF3
GTwAoKBgmj3+JFCtyy3JaJKDgFnhQzCX
=KR5N
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.





Relevant Pages

  • Re: Cant run whoami(id -un) inside chroot jail using openssh native jail support
    ... I have successfully setup a chroot jail using openssh's new native ... such as ld -un whoami logname. ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... Filtered by: TRUSTEM.COM's Email Filtering Service ...
    (SSH)
  • Create multiple jails by copying
    ... I created one jail in FreeBSD 4.10. ... I get an error from sendmail-client, sshd, cron, sendmail cannot ... Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org ...
    (freebsd-questions)
  • Re: who am i command does not produce output in mrxvt
    ... I am executing the 'who am i' command (not 'whoami' command). ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: Updating jail
    ... | I have a box running FreeBSD-5.2.1-RELEASE-p9, and I have a jail ... | When FreeBSD-5.3 releases, I want to upgrade my box to this version, ... You should definitely back up your entire system before updating. ... Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org ...
    (freebsd-questions)
  • Re: jail question
    ... I running fbsd 6.2 and I would like to my first jail setup, ... Starting jails:ifconfig: interface alias does not exist ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
    (freebsd-questions)