Re: chpst -u -/ "unable to get password/group file entry"

supervision - discussion about system services, daemon supervision, init, runlevel management, and tools such as s6 and runit
 help / color / mirror / Atom feed

From: David Miller <dave@frop.net>
To: supervision@list.skarnet.org
Subject: Re: chpst -u -/ "unable to get password/group file entry"
Date: Thu, 7 Aug 2008 16:25:48 -0500	[thread overview]
Message-ID: <20080807212548.GA18682@pretender.frop.net> (raw)
In-Reply-To: <m3abfo7din.fsf@multivac.cwru.edu>

Indeed it was looking for the libnss libraries and /etc/nsswitch.conf as Jack suspected. Mike's td.py script didn't find the nss library dependency, neither does ldd.

Looking at the source and the strace, the chroot happens before the suidgid. And the uid/gid is looked up at the same time as the suidgid. I just wasn't expecting it to work this way.

the -U workaround seems to do the trick, Thanks paul.

Paul spoke thusly:
> David Miller <dave@frop.net> wrote:
> > I wonder if you could give me some pointers on how to use strace and
> > what to look for. I'm not very familiar with it
> 
> You don't need to copy strace into the chroot area.  Just run:
> strace chpst -u dave -/ chroot /ls
> 
> strace will output a lot of information, but the interesting bit will
> be near the end.  Just before the error message appears, you should
> see one of more failed open() calls.  That will tell you what files
> are missing.
> 
> Or you could work around the problem like this:
> chpst -U dave sh -c 'exec chpst -u ":$UID:$GID" -/ chroot /ls'
> 
> > Shouldn''t chpst look up the uid and gid for -u before the chroot
> > happens?
> 
> That's probably a good idea, but in fact it doesn't do that.
> 
> 
> paul

next prev parent reply	other threads:[~2008-08-07 21:25 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-04 16:54 David Miller
2008-08-05 14:56 ` Jack Cummings
2008-08-07  2:39   ` David Miller
2008-08-07  6:23     ` Mike Buland
2008-08-07 20:32       ` David Miller
2008-08-07 20:40         ` Mike Buland
     [not found]         ` <m3abfo7din.fsf@multivac.cwru.edu>
2008-08-07 21:25           ` David Miller [this message]
2008-08-07 21:30             ` Mike Buland

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080807212548.GA18682@pretender.frop.net \
    --to=dave@frop.net \
    --cc=supervision@list.skarnet.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).