UID from which processes run in chroot environments?

P

pumamd2014-07-07 09:09:38

bash

pumamd, 2014-07-07 09:09:38

Task: run a service program in a chroot with limited rights (those on behalf of a normal non-root user).
When implementing this function, I tried the chroot, chpst utilities, but both give me an incomprehensible UID from which they work.

# chroot --userspec srv-1465:users /gh_mounts/ghroot /bin/bash
bash: /root/.bashrc: Permission denied
[email protected] / $

The user srv-1465 is present in /gh_mounts/ghroot/etc/passwd.

[email protected] / $ id
uid=1046(srv-1465) gid=100(users) groups=100(users)

Actually, when the application is executed inside the chroot, it tries to read the /root folder that is inaccessible to it.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

J

jcmvbkbc, 2014-07-07
@pumamd

Actually, when the application is executed inside the chroot, it tries to read the /root folder that is inaccessible to it

Apparently because you are not starting a new login session and chrooting as root, from which USER and so on remain in the environment variables. Try
# chroot --userspec srv-1465:users /gh_mounts/ghroot /bin/bash -l

E

Eugene, 2014-07-07
@EvgenijDv

What exactly did you want to ask? Why can't /root be read? Because you made a chroot yourself and restricted the application to the root of your chroot and the corresponding rights.

P

pumamd, 2014-07-07
@pumamd

Solved the problem.
An application running in a chroot environment tries to read files from /root because of the specified variables:

[email protected] / $ id
uid=1046(srv-1465) gid=0(root) groups=100(users)
[email protected] / $ env | grep root
USER=root
MAIL=/var/mail/root
HOME=/root
LOGNAME=root