schroot will not allow multiple user login to chroot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
schroot (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: schroot
A schroot is setup for multiple users with the users=user1,
When the schroot is started in a session. the session will not recognize the other users who are allowed to login, and PAM disallows their usage of schroot with an error message and report to syslog.
configuration file is as follows:
[lucid-i386]
description=Ubuntu
directory=
personality=linux32
root-users=
type=directory
users=lwhitney,
groups=cobolusers
schroot -i -v -c lucid-i386-session --debug=info
D(2): Getting keyfile group=lucid-i386, key=type
D(2): Getting keyfile group=lucid-i386, key=active
D(2): Getting keyfile group=lucid-i386, key=run-
D(2): Getting keyfile group=lucid-i386, key=run-
D(2): Getting keyfile group=lucid-i386, key=run-
D(2): Getting keyfile group=lucid-i386, key=script-config
D(2): Getting keyfile group=lucid-i386, key=priority
D(2): Getting keyfile group=lucid-i386, key=aliases
D(2): Getting keyfile group=lucid-i386, key=environment
D(2): Getting keyfile group=lucid-i386, key=description
D(2): Getting keyfile group=lucid-i386, key=users
D(2): Getting keyfile group=lucid-i386, key=groups
D(2): Getting keyfile group=lucid-i386, key=root-users
D(2): Getting keyfile group=lucid-i386, key=root-groups
D(2): Getting keyfile group=lucid-i386, key=mount-location
D(2): Getting keyfile group=lucid-i386, key=name
D(2): Getting keyfile group=lucid-i386, key=command-prefix
D(2): Getting keyfile group=lucid-i386, key=directory
D(2): Getting keyfile group=lucid-i386, key=location
D(2): Getting keyfile group=lucid-i386, key=personality
D(2): Getting keyfile group=lucid-i386, key=union-type
D(2): Getting keyfile group=lucid-i386, key=union-
D(2): Getting keyfile group=lucid-i386, key=union-
D(2): Getting keyfile group=lucid-i386, key=union-
D(2): Getting keyfile group=lucid-
D(2): Cloned session dummy-session-name
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): Getting keyfile group=lucid-
D(2): format_detail: added name "Name"
D(2): format_detail: added name "Description"
D(2): format_detail: added name "Type"
D(2): format_detail: added name "Priority"
D(2): format_detail: added name "Users"
D(2): format_detail: added name "Groups"
D(2): format_detail: added name "Root Users"
D(2): format_detail: added name "Root Groups"
D(2): format_detail: added name "Aliases"
D(2): format_detail: added name "Environment Filter"
D(2): format_detail: added name "Run Setup Scripts"
D(2): format_detail: added name "Script Configuration"
D(2): format_detail: added name "Session Managed"
D(2): format_detail: added name "Session Cloned"
D(2): format_detail: added name "Session Purged"
D(2): format_detail: added name "Mount Location"
D(2): format_detail: added name "Path"
D(2): format_detail: added name "Directory"
D(2): format_detail: added name "Personality"
D(2): format_detail: added name "Filesystem union type"
D(2): format_detail: added name "Session ID"
─── Session ───
Name lucid-i386-session
Description Ubuntu (session chroot)
Type directory
Priority 0
Users
Groups
Root Users scott
Root Groups
Aliases
Environment Filter ^(BASH_
Run Setup Scripts true
Script Configuration script-defaults
Session Managed false
Session Cloned false
Session Purged false
Mount Location /var/lib/
Path /var/lib/
Directory /srv/chroot/
Personality linux32
Filesystem union type none
Session ID lucid-i386-session
i've tried multiple ways, with the -p flag, with the -u flag... I can -u root, but that isn't what is needed. I've tried executing with sudo, and tried it from inside an init script. i've tried it as normal users as well...
Schroot, or PAM, seems to only allow the user who starts schroot to chroot into it.. I looked inside the PAM setup and it "appears".
It seems that schroot doesn't set the users and groups up properly like seen in the examples in the man pages.
The version of schroot is:
schroot (Debian sbuild) 1.4.0 (16 Jan 2010)
Written by Roger Leigh
Copyright © 2004–2010 Roger Leigh
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Configured features:
DEVLOCK Device locking
PAM Pluggable Authentication Modules
PERSONALITY Linux kernel Application Binary Interface switching
UNION Support for filesystem unioning
Available chroot types:
BLOCKDEV Support for ‘block-device’ chroots
DIRECTORY Support for ‘directory’ chroots
FILE Support for ‘file’ chroots
LOOPBACK Support for ‘loopback’ chroots
LVMSNAP Support for ‘lvm-snapshot’ chroots
PLAIN Support for ‘plain’ chroots
Is this possible? am I doing something wrong? I feel like this is supposed to work....
The chroot definition contains these lines for access control:
root-users= scott,lwhitney scott,coboluser
users=lwhitney,
groups=cobolusers
These control who is permitted to /start/ a session. So, if user "scott" starts a new session,
then they will become the owner of that session. In the session file, you'll just get something like
root-users=scott
users=
groups=
root-groups=
This is intended to give a measure of privacy between session users, and prevent users from deleting each other's sessions.
In the future, I'd like to give session owners the ability to grant others access to their sessions (effectively, to modify the above lines in the session file). However, I'm not yet sure of the best "interface" for doing that, be it new command-line options or some other mechanism. Any suggestions would be helpful.
Regards,
Roger