SecurityFocus

Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 23 2008 08:15PM
D M (dm mlist gmail com) (2 replies)

Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 24 2008 11:14PM
Jon Kibler (Jon Kibler aset com) (1 replies)

Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 24 2008 11:24PM
D M (dm mlist gmail com) (1 replies)

Yeah I though maybe permissions but I also adjusted those. This is
whats really strange look at the output of this:

#ls -la /etc
total 900
drwxr-xr-x 3 0 0 4096 Jul 24 17:04 .
drwxr-xr-x 17 0 0 4096 Jul 22 17:00 ..
-rw-r--r-- 1 0 0 11 Jul 22 17:00 group
-rwxr-xr-x 1 0 0 245 Jul 22 17:00 hosts
-rwxr-xr-x 1 0 0 24120 Jul 22 17:00 ld.so.cache
-rwxr-xr-x 1 0 0 28 Jul 22 17:00 ld.so.conf
drwxr-xr-x 2 0 0 4096 Jul 22 17:00 ld.so.conf.d
-rwxr-xr-x 1 0 0 1696 Jul 22 17:00 nsswitch.conf
-rw-r--r-- 1 0 0 144 Jul 24 17:04 passwd
-rwxr-xr-x 1 0 0 66 Jul 22 17:00 resolv.conf
-rw-r--r-- 1 0 0 807103 Jul 22 17:00 termcap

it doesn't even seem to be able to translate the name/groups in the
directory listing.

On Thu, Jul 24, 2008 at 6:14 PM, Jon Kibler <Jon.Kibler (at) aset (dot) com [email concealed]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> D M wrote:
>> OS: RHEL5.2
>> Openssh: 5.0p1 and now 5.1
>>
>> I have successfully setup a chroot jail using openssh's new native
>> jail support and almost everything appears to be working
>> (ls,cd,cat,uname,etc,ect). However I can't run any commands that
>> identify the user.. such as ld -un whoami logname. They all fail with
>> this result:
>>
>> #whoami
>> whoami: cannot find name for user ID 503
>> #id
>> uid=503 gid=504 groups=504
>> #id -un
>> id: cannot find name for user ID 503
>> 503
>> #logname
>> 503
>
> I don't mean to ask really dumb questions, but can you:
> cat /etc/passwd
> cat /etc/group
> grep -F ':503:' /etc/passwd
> grep -F ':504:' /etc/group
>
> from within the jail?
>
> If not, you may have directory ownership/permissions problems. For
> example, in a jail, make sure /etc o:g=root:root & perm=0551.
>
> I know you said you have checked... but just adding another approach.
>
> Jon Kibler
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC USA
> o: 843-849-8214
> c: 843-224-2494
> s: 843-564-4224
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkiJDNQACgkQUVxQRc85QlPIgACgkdQ9F8Z954/Tv4//kb9JgtF3
> GTwAoKBgmj3+JFCtyy3JaJKDgFnhQzCX
> =KR5N
> -----END PGP SIGNATURE-----
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
>
>

[ reply ]

Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 25 2008 05:48PM
Greg Wooledge (wooledg eeg ccf org) (1 replies)

Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 28 2008 02:56PM
D M (dm mlist gmail com) (1 replies)

Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 29 2008 08:12AM
Vladimir Levijev (vladimir levijev gmail com) (1 replies)

Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 29 2008 08:50PM
D M (dm mlist gmail com)

Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support Jul 24 2008 07:41PM
Vladimir Levijev (vladimir levijev gmail com)