-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of JohnS Sent: Sunday, August 01, 2010 15:28 To: CentOS mailing list Subject: Re: [CentOS] /bin/su wont work inside a chroot?
On Sun, 2010-08-01 at 14:10 -0500, Les Mikesell wrote:
Jason Pyeron wrote:
[root@devserver21 etc]# sudo su -l apache failed to get default context [root@devserver21 etc]# sudo su apache failed to get
default context
[root@devserver21 etc]# sudo [root@devserver21 etc]#
References to 'context' would have something to do with
SELinux, not normal
permissions.
That's is also because his echoed "0" context is not active yet. It requires a reboot every time I have done it. But the other way around it does not.
No matter how hard you try in a default EL4 or 5 instance you will never get logged into an apache account. Root or Not... Unless you change the login shell..or exploit it...
Forgot to tell you in the chroot I did change the login shell for apache to /bin/bash
apache = /sbin/nologin postgres = /sbin/bash ################################################# Jason,
Nasty things happen when you build rpms like that. See www.owlriver.com , Russ has an article there about it [1].
Agreed. I am hacking together a solution to put in to our mockbuilder. Needed to have a working subversion 1.6.x in our yum repo by Monday morning (client deliverable). I have goten everything to work until subversions make test launches apache as root.... It just produced the 1st mod_dav_svn-1.6.12 rpm as I was typing this email.
Give me ten minutes I will publish the src.rpms...
[1] http://www.owlriver.com/tips/non-root/
John
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00.