Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support



2008/7/28, D M <dm.mlist@xxxxxxxxx>:

here is a listing of my etc directory inside the jail:
ls -la
total 916
drwxr-xr-x 3 0 0 4096 Jul 28 14:31 .
drwxr-xr-x 18 0 0 4096 Jul 28 14:35 ..

-rw-r--r-- 1 0 0 11 Jul 22 17:00 group

-r-------- 1 0 0 555 Jul 28 14:31 gshadow

-rwxr-xr-x 1 0 0 245 Jul 22 17:00 hosts
-rwxr-xr-x 1 0 0 24120 Jul 22 17:00 ld.so.cache
-rwxr-xr-x 1 0 0 28 Jul 22 17:00 ld.so.conf

drwxr-xr-x 2 0 0 4096 Jul 22 17:00 ld.so.conf.d
-rw-r--r-- 1 0 0 1696 Jul 22 17:00 nsswitch.conf

-rw-r--r-- 1 0 0 144 Jul 24 17:04 passwd
-rwxr-xr-x 1 0 0 66 Jul 22 17:00 resolv.conf

-r-------- 1 0 0 1607 Jul 28 14:30 shadow

-rw-r--r-- 1 0 0 807103 Jul 22 17:00 termcap


As you can see all required files are there and have proper
permissions. I've copied over everything from /usr/lib into the jail
as well. However is still not properly doing the translation of uid to
name or guid to name.

What is passwd section set to in nsswitch.conf? On my Debian testing
system it's "compat":

$ grep passwd /etc/nsswitch.conf
passwd: compat

Make sure you have the nss libraries available for the passwd entries.
When I strace the command I have it checking for next libs:

$ strace id -un 2>&1 | grep libnss
open("/lib/i686/cmov/libnss_compat.so.2", O_RDONLY) = 3
open("/lib/i686/cmov/libnss_nis.so.2", O_RDONLY) = 3
open("/lib/i686/cmov/libnss_files.so.2", O_RDONLY) = 3

Cheers,

VL



Relevant Pages

  • Re: Cant run whoami(id -un) inside chroot jail using openssh native jail support
    ... On Tue, Jul 29, 2008 at 3:12 AM, Vladimir Levijev ... As you can see all required files are there and have proper ... I've copied over everything from /usr/lib into the jail ... What is passwd section set to in nsswitch.conf? ...
    (SSH)
  • Re: Windows permissions are ignored???
    ... proper configuration and network availability [including compatible ipsec ... folder/file in the security properties/advanced - effective permissions ... only Managers group should has full access to folder ... > structure.I cannot see objects security properties. ...
    (microsoft.public.win2000.security)
  • Re: Lucid: "Could not update ICEauthority file /home/kevin/.ICEauthority
    ... It's running Lucid. ... My .ICEauthority is already owned by my user's UID and GID, permissions ... have been recreated on the next login (with proper 0600 permissions). ... Do you use sudo commands for graphical applications such as: ...
    (Ubuntu)
  • Re: Automatically Creating AD account and Exchange Account
    ... The permissions would be different as you would also have to have Exchange ... it's also hard to tell if you have the proper syntax as there is no ... > 'Instantiate an Active Directory Object ...
    (microsoft.public.windows.server.active_directory)
  • Re: [RFC] vfs: cleanup of permission()
    ... to get the 'required' information until there is a proper ... interface (at the vfs not inode level) to pass relevant ... Because you can't make a nameidata without a lookup, ... permissions checks in those cases anyway, so a NULL nameidata is OK. ...
    (Linux-Kernel)