Re: Can't run whoami(id -un) inside chroot jail using openssh native jail support

2008/7/28, D M <dm.mlist@gmail.com>:

> here is a listing of my etc directory inside the jail:
>  ls -la
>  total 916
>  drwxr-xr-x  3 0 0   4096 Jul 28 14:31 .
>  drwxr-xr-x 18 0 0   4096 Jul 28 14:35 ..
>
> -rw-r--r--  1 0 0     11 Jul 22 17:00 group
>
> -r--------  1 0 0    555 Jul 28 14:31 gshadow
>
> -rwxr-xr-x  1 0 0    245 Jul 22 17:00 hosts
>  -rwxr-xr-x  1 0 0  24120 Jul 22 17:00 ld.so.cache
>  -rwxr-xr-x  1 0 0     28 Jul 22 17:00 ld.so.conf
>
> drwxr-xr-x  2 0 0   4096 Jul 22 17:00 ld.so.conf.d
>  -rw-r--r--  1 0 0   1696 Jul 22 17:00 nsswitch.conf
>
> -rw-r--r--  1 0 0    144 Jul 24 17:04 passwd
>  -rwxr-xr-x  1 0 0     66 Jul 22 17:00 resolv.conf
>
> -r--------  1 0 0   1607 Jul 28 14:30 shadow
>
> -rw-r--r--  1 0 0 807103 Jul 22 17:00 termcap
>
>
> As you can see all required files are there and have proper
>  permissions. I've copied over everything from /usr/lib into the jail
>  as well. However is still not properly doing the translation of uid to
>  name or guid to name.

What is passwd section set to in nsswitch.conf? On my Debian testing
system it's "compat":

$ grep passwd /etc/nsswitch.conf
passwd:         compat

Make sure you have the nss libraries available for the passwd entries.
When I strace the command I have it checking for next libs:

$ strace id -un 2>&1 | grep libnss
open("/lib/i686/cmov/libnss_compat.so.2", O_RDONLY) = 3
open("/lib/i686/cmov/libnss_nis.so.2", O_RDONLY) = 3
open("/lib/i686/cmov/libnss_files.so.2", O_RDONLY) = 3

Cheers,

VL