Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support



2008/7/28, D M <dm.mlist@xxxxxxxxx>:

here is a listing of my etc directory inside the jail:
ls -la
total 916
drwxr-xr-x 3 0 0 4096 Jul 28 14:31 .
drwxr-xr-x 18 0 0 4096 Jul 28 14:35 ..

-rw-r--r-- 1 0 0 11 Jul 22 17:00 group

-r-------- 1 0 0 555 Jul 28 14:31 gshadow

-rwxr-xr-x 1 0 0 245 Jul 22 17:00 hosts
-rwxr-xr-x 1 0 0 24120 Jul 22 17:00 ld.so.cache
-rwxr-xr-x 1 0 0 28 Jul 22 17:00 ld.so.conf

drwxr-xr-x 2 0 0 4096 Jul 22 17:00 ld.so.conf.d
-rw-r--r-- 1 0 0 1696 Jul 22 17:00 nsswitch.conf

-rw-r--r-- 1 0 0 144 Jul 24 17:04 passwd
-rwxr-xr-x 1 0 0 66 Jul 22 17:00 resolv.conf

-r-------- 1 0 0 1607 Jul 28 14:30 shadow

-rw-r--r-- 1 0 0 807103 Jul 22 17:00 termcap


As you can see all required files are there and have proper
permissions. I've copied over everything from /usr/lib into the jail
as well. However is still not properly doing the translation of uid to
name or guid to name.

What is passwd section set to in nsswitch.conf? On my Debian testing
system it's "compat":

$ grep passwd /etc/nsswitch.conf
passwd: compat

Make sure you have the nss libraries available for the passwd entries.
When I strace the command I have it checking for next libs:

$ strace id -un 2>&1 | grep libnss
open("/lib/i686/cmov/libnss_compat.so.2", O_RDONLY) = 3
open("/lib/i686/cmov/libnss_nis.so.2", O_RDONLY) = 3
open("/lib/i686/cmov/libnss_files.so.2", O_RDONLY) = 3

Cheers,

VL