Re: chpst -u -/ "unable to get password/group file entry"

[Mike Buland <mike@geekgene.com>]

On Thursday 07 August 2008 03:25:48 pm David Miller wrote:
> Indeed it was looking for the libnss libraries and /etc/nsswitch.conf as
> Jack suspected. Mike's td.py script didn't find the nss library dependency,
> neither does ldd.

That's true, if it was a libnss issue it wouldn't, in order to make those more 
dynamic and easily changable while a system is running (is my understanding) 
the name service switch libraries are not loaded at link time, but as plugins 
at runtime, only strace would help with that.  Sorry, I totally spaced on 
that.

Of course that makes sense, it's the error you get whenever you write a 
program that uses the libc passwd interfaces and try to make it static.

> Looking at the source and the strace, the chroot happens before the
> suidgid. And the uid/gid is looked up at the same time as the suidgid. I
> just wasn't expecting it to work this way.
>
> the -U workaround seems to do the trick, Thanks paul.
>
> Paul spoke thusly:
> > David Miller <dave@frop.net> wrote:
> > > I wonder if you could give me some pointers on how to use strace and
> > > what to look for. I'm not very familiar with it
> >
> > You don't need to copy strace into the chroot area.  Just run:
> > strace chpst -u dave -/ chroot /ls
> >
> > strace will output a lot of information, but the interesting bit will
> > be near the end.  Just before the error message appears, you should
> > see one of more failed open() calls.  That will tell you what files
> > are missing.
> >
> > Or you could work around the problem like this:
> > chpst -U dave sh -c 'exec chpst -u ":$UID:$GID" -/ chroot /ls'
> >
> > > Shouldn''t chpst look up the uid and gid for -u before the chroot
> > > happens?
> >
> > That's probably a good idea, but in fact it doesn't do that.
> >
> >
> > paul