Gentoo Archives: gentoo-amd64

From: Brett Johnson <brett@××××.com>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] Re: Re: chrooted environment not available to users
Date: Wed, 14 Dec 2005 13:38:21
Message-Id: 20051214133218.GA10415@blzj.com
In Reply to: Re: [gentoo-amd64] Re: Re: chrooted environment not available to users by Nuitari
> > To enable chroot for users you have to chmod u+s /bin/chroot > The chroot will succeed and you will be as your user and not as root.
You could also use sudo. After following the HOWTO http://www.gentoo.org/proj/en/base/amd64/howtos/index.xml?part=1&chap=3, I created a simple script that uses sudo to enter the chroot as any user. This assumes the init.d/gentoo32 script is used to copy the users and groups to the chroot. Here's what I did: As root: emerge -av sudo visudo (/etc/sudoers will be loaded in you default editor) add a line to the file like: %wheel ALL=NOPASSWD: /bin/linux32 /usr/bin/chroot /mnt/gentoo32 /bin/su - [a-z]* This line will allow anyone in the wheel group to chroot to /mnt/gentoo32 as any user. Change /mnt/gentoo32 to where ever your chroot environment is. Also, this assumes all user names are all lower case. I believe you could change [a-z] to [A-z] or [a-zA-Z] or something similar for mixed case userids. Also the current convention does not allow for numbers in the user id. Now, I just created this script and put it in /usr/local/bin: #!/bin/bash # /usr/local/bin/ch32 # Script used to enter 32bit chroot # # Author: B Johnson (baj) # Version: 0.2 # Date: 2005/12/10 # # Optional paramters: # [userid] # user to enter chroot as, default is current user. # # TODO: # verify userid exists in chroot env. # take additional parameter to exec after entering chroot env. # if [ -n "${1}" ]; then USER="${1}" fi sudo /bin/linux32 /usr/bin/chroot /mnt/gentoo32 /bin/su - ${USER} Again, /mnt/gentoo32 is the location where you chroot is installed, change it accordingly to match your environement and what was entered in /etc/sudoers. If all goes well, you should now be able to enter the chroot from a normal use as a normal user: brett@homer ~ $ uname -a Linux homer 2.6.14-gentoo-r2 #2 Fri Dec 9 13:31:31 CST 2005 x86_64 AMD Athlon(tm) 64 Processor 3400+ AuthenticAMD GNU/Linux brett@homer ~ $ ch32 brett@homer(i686) ~ $ uname -a Linux homer 2.6.14-gentoo-r2 #2 Fri Dec 9 13:31:31 CST 2005 i686 AMD Athlon(tm) 64 Processor 3400+ AuthenticAMD GNU/Linux You can also log in as root: brett@homer ~ $ ch32 root homer(i686) ~ # Now you may have noticed, I append (i686) to my prompt. This is becuase I tend to have many terms open, and sometimes forget which term is to which system I am working on. Having the machine name is great, but in the chroot environment it's the same as the host. I modified the /etc/bash/bashrc (or /etc/profile if using an older bash) in the chroot environment like this: if [[ ${EUID} == 0 ]] ; then PS1='\[\033[01;31m\]\h(`uname -m`)\[\033[01;34m\] \W \$\[\033[00m\] ' else PS1='\[\033[01;32m\]\u@\h(`uname -m`)\[\033[01;34m\] \w \$\[\033[00m\] ' fi I just added (`uname -m`) to each prompt. I made the same changes to the promptsbelow these, in case I log in from a non-color terminal (unlikely, but who knows). I am still working out a few issues with this script; 1) the DISPLAY variable does not get set by default. 2) how to pass additional args to the chroot shell (eg. launch cedega from script in 64 bit land) But so far, this seems to work really well for me. Brett -- gentoo-amd64@g.o mailing list

Replies

Subject Author
Re: [gentoo-amd64] Re: Re: chrooted environment not available to users Billy Holmes <billy@××××××.net>