[CentOS] problems with CentOS chroot

Mon Dec 17 16:03:49 UTC 2007
Maxim Soldatov <makc at makc.name>

Filipe,

Thanks a lot for your reply.

On Mon, Dec 17, 2007 at 09:59:52AM -0500, Filipe Brandenburger wrote:
> On Dec 17, 2007 9:47 AM, Maxim Soldatov <makc at makc.name> wrote:
> 
> That's the behaviour that chroot is supposed to have.
 
Do not think so.
I've been using chroot for a while and on a different system, but this
behavior is definitely strange (at least for me).

> I see you saying "host" (as opposed to "guest"), but chroot is not a VM
> environment. When you chroot to a jail, you user id, group id, and
> additional groups will be still the same as they were before. They're
> inherited.

 Yes, you're right about inherited, my fault.

 So lets change for a little this.
 1. chroot
 2. su -
 then I see that I have chrooted uid/git. This is correct.

 But stranginess in the following (after su - in the chroot):
 # id
 uid=0(root) gid=0(root) groups=0(root),11(wheel)

 [ few minutes ]
 
 # id
 uid=0 gid=0 groups=0,11
 # ls /etc/shadow /etc/group /etc/passwd
 /etc/group  /etc/passwd  /etc/shadow
 # id
 uid=0(root) gid=0(root) groups=0(root),11(wheel)

 if I run  strace on id i see 530 when open():
 open("/etc/group", O_RDONLY|0x80000)    = -530
 open("/etc/group", O_RDONLY|0x80000)    = -530
 open("/etc/group", O_RDONLY|0x80000)    = -530
 open("/etc/group", O_RDONLY|0x80000)    = -530
 open("/etc/group", O_RDONLY|0x80000)    = -530
 open("/etc/group", O_RDONLY|0x80000)    = -530
 open("/etc/group", O_RDONLY|0x80000)    = -530


 
> The issue with it showing the id's as numbers or names is that if the files
> in /etc/ are not present in the chroot, it won't be able to look them up,
> then it will show the numbers only.
> 
> If you need some different id's, maybe you should su before/after chrooting.
> Or maybe what you need is actually a VM environment, in that case you should
> try Xen.

 Yes, I understand my mistake with su.
 Thank you for the explanation.
 
> Regards,
> Filipe

> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos


-- 
Maxim Soldatov