[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] /usr/sbin/compartment fails to chroot for non-root user [PART SOLVED]



 
> > I'm now trying:
> > `sudo /usr/bin/chroot /home/update.jail /bin/su -l update`
> > So my chroot command/shell is `/bin/su -l update`.
> > My error is now a little more strange, i.e.:
> > "/bin/su: incorrect password"
> 
> Argh, I'm using PAM.
> I don't think I want to include a working PAM config into 
> my chroot jail so I'll either have to recompile su or not
> use it.
> 
> Again, is su something I really want in my chroot jail anyway?

Okay, it's semi-sorted.

I've copied the following to my chroot jail:
/etc/pamd/*
/lib/security/*
/etc/nsswitch.conf
/lib/libxcrypt.so.1

...and now I can log in. Hurrah. Now all I have to do is get ssh to
stop asking for a password. ;-)

I'm now cutting everything out that I can, by trial and error.

I don't like the idea of having the setuid root /bin/su in the jail.

Tom.


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here