Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support

On Thu, Jul 24, 2008 at 06:24:20PM -0500, D M wrote:
> Yeah I though maybe permissions but I also adjusted those. This is
> whats really strange look at the output of this:
>
> #ls -la /etc
> total 900
> drwxr-xr-x  3 0 0   4096 Jul 24 17:04 .
> drwxr-xr-x 17 0 0   4096 Jul 22 17:00 ..
> -rw-r--r--  1 0 0     11 Jul 22 17:00 group

> it doesn't even seem to be able to translate the name/groups in the
> directory listing.

ls calls upon getpwuid() to convert the numeric UID and GID into
human-readable names like "root".  getpwuid() and friends are libc
functions that use OS-specific methods to do the lookups.

On most modern systems, it will look for /etc/nsswitch.conf first, and
that will tell it what overall scheme is being used for the mapping
(NIS, NIS+, regular passwd files, etc.).  Based on that, it will consult
the appropriate scheme's resources (/etc/passwd, or open a connection to
ypbind, or whatever) to get the actual answers.

So, as others have already said, you need to ensure that the following
files exist and are readable WITHIN the chroot jail:

 /etc/nsswitch.conf
 /etc/passwd
 /etc/group

There may or may not be others, depending on your OS and how you
configured things.  For example, on Linux, you might also need an
/etc/shadow file.  On OpenBSD, you might also need an /etc/master.passwd
file which is then converted into an /etc/pwd.db file.  And so on.