From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1906 Path: news.gmane.org!not-for-mail From: Mike Buland Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: chpst -u -/ "unable to get password/group file entry" Date: Thu, 7 Aug 2008 15:30:51 -0600 Organization: Geek Gene Message-ID: <200808071530.51536.mike@geekgene.com> References: <20080804165415.GA7030@pretender.frop.net> <20080807212548.GA18682@pretender.frop.net> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1218144673 20698 80.91.229.12 (7 Aug 2008 21:31:13 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 7 Aug 2008 21:31:13 +0000 (UTC) To: supervision@list.skarnet.org Original-X-From: supervision-return-2141-gcsg-supervision=m.gmane.org@list.skarnet.org Thu Aug 07 23:32:04 2008 Return-path: Envelope-to: gcsg-supervision@gmane.org Original-Received: from antah.skarnet.org ([212.85.147.14]) by lo.gmane.org with smtp (Exim 4.50) id 1KRD5P-0008Ij-Q1 for gcsg-supervision@gmane.org; Thu, 07 Aug 2008 23:31:55 +0200 Original-Received: (qmail 17267 invoked by uid 76); 7 Aug 2008 21:31:20 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 17259 invoked from network); 7 Aug 2008 21:31:19 -0000 User-Agent: KMail/1.9.6 In-Reply-To: <20080807212548.GA18682@pretender.frop.net> Content-Disposition: inline Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1906 Archived-At: On Thursday 07 August 2008 03:25:48 pm David Miller wrote: > Indeed it was looking for the libnss libraries and /etc/nsswitch.conf as > Jack suspected. Mike's td.py script didn't find the nss library dependency, > neither does ldd. That's true, if it was a libnss issue it wouldn't, in order to make those more dynamic and easily changable while a system is running (is my understanding) the name service switch libraries are not loaded at link time, but as plugins at runtime, only strace would help with that. Sorry, I totally spaced on that. Of course that makes sense, it's the error you get whenever you write a program that uses the libc passwd interfaces and try to make it static. > Looking at the source and the strace, the chroot happens before the > suidgid. And the uid/gid is looked up at the same time as the suidgid. I > just wasn't expecting it to work this way. > > the -U workaround seems to do the trick, Thanks paul. > > Paul spoke thusly: > > David Miller wrote: > > > I wonder if you could give me some pointers on how to use strace and > > > what to look for. I'm not very familiar with it > > > > You don't need to copy strace into the chroot area. Just run: > > strace chpst -u dave -/ chroot /ls > > > > strace will output a lot of information, but the interesting bit will > > be near the end. Just before the error message appears, you should > > see one of more failed open() calls. That will tell you what files > > are missing. > > > > Or you could work around the problem like this: > > chpst -U dave sh -c 'exec chpst -u ":$UID:$GID" -/ chroot /ls' > > > > > Shouldn''t chpst look up the uid and gid for -u before the chroot > > > happens? > > > > That's probably a good idea, but in fact it doesn't do that. > > > > > > paul