[CentOS] /bin/su wont work inside a chroot?
Jason Pyeron
jpyeron at pdinc.us
Sun Aug 1 20:00:50 UTC 2010
> -----Original Message-----
> From: centos-bounces at centos.org
> [mailto:centos-bounces at centos.org] On Behalf Of JohnS
> Sent: Sunday, August 01, 2010 15:28
> To: CentOS mailing list
> Subject: Re: [CentOS] /bin/su wont work inside a chroot?
>
>
> On Sun, 2010-08-01 at 14:10 -0500, Les Mikesell wrote:
> > Jason Pyeron wrote:
> > >
> > > [root at devserver21 etc]# sudo su -l apache failed to get default
> > > context
> > > [root at devserver21 etc]# sudo su apache failed to get
> default context
> > > [root at devserver21 etc]# sudo
> > > [root at devserver21 etc]#
> > >
> >
> > References to 'context' would have something to do with
> SELinux, not normal
> > permissions.
> ---
> That's is also because his echoed "0" context is not active yet. It
> requires a reboot every time I have done it. But the other way around
> it does not.
>
> No matter how hard you try in a default EL4 or 5 instance you
> will never
> get logged into an apache account. Root or Not... Unless you change
> the login shell..or exploit it...
Forgot to tell you in the chroot I did change the login shell for apache to
/bin/bash
>
> apache = /sbin/nologin
> postgres = /sbin/bash
> #################################################
> Jason,
>
> Nasty things happen when you build rpms like that.
> See www.owlriver.com , Russ has an article there about it [1].
Agreed. I am hacking together a solution to put in to our mockbuilder. Needed to
have a working subversion 1.6.x in our yum repo by Monday morning (client
deliverable). I have goten everything to work until subversions make test
launches apache as root.... It just produced the 1st mod_dav_svn-1.6.12 rpm as I
was typing this email.
Give me ten minutes I will publish the src.rpms...
>
> [1] http://www.owlriver.com/tips/non-root/
>
>
> John
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
More information about the CentOS
mailing list