2008/7/23, D M <dm.mlist (at) gmail (dot) com [email concealed]>:
> OS: RHEL5.2
> Openssh: 5.0p1 and now 5.1
>
> I have successfully setup a chroot jail using openssh's new native
> jail support and almost everything appears to be working
> (ls,cd,cat,uname,etc,ect). However I can't run any commands that
> identify the user.. such as ld -un whoami logname. They all fail with
> this result:
>
> #whoami
> whoami: cannot find name for user ID 503
> #id
> uid=503 gid=504 groups=504
> #id -un
> id: cannot find name for user ID 503
> 503
> #logname
> 503
>
> i've made sure that /etc/passwd and even /etc/group are in the jail
> with the proper permissions but still I get the same result.. Any
> suggestions??
I wonder if you are missing NSS (/etc/nsswitch.conf) in your jailed
system? I would also check it with strace, like:
strace id -un
Although that would probably require setting up strace which might be
too expensive to set up in a jailed system.
> OS: RHEL5.2
> Openssh: 5.0p1 and now 5.1
>
> I have successfully setup a chroot jail using openssh's new native
> jail support and almost everything appears to be working
> (ls,cd,cat,uname,etc,ect). However I can't run any commands that
> identify the user.. such as ld -un whoami logname. They all fail with
> this result:
>
> #whoami
> whoami: cannot find name for user ID 503
> #id
> uid=503 gid=504 groups=504
> #id -un
> id: cannot find name for user ID 503
> 503
> #logname
> 503
>
> i've made sure that /etc/passwd and even /etc/group are in the jail
> with the proper permissions but still I get the same result.. Any
> suggestions??
I wonder if you are missing NSS (/etc/nsswitch.conf) in your jailed
system? I would also check it with strace, like:
strace id -un
Although that would probably require setting up strace which might be
too expensive to set up in a jailed system.
Cheers,
VL
Regards,
VL
[ reply ]