Re: /bin/su wont work inside a chroot?

"Jason Pyeron" <jpyeron@xxxxxxxx> · Sun, 1 Aug 2010 16:00:50 -0400

> -----Original Message-----
> From: centos-bounces@xxxxxxxxxx 
> [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of JohnS
> Sent: Sunday, August 01, 2010 15:28
> To: CentOS mailing list
> Subject: Re:  /bin/su wont work inside a chroot?
> 
> 
> On Sun, 2010-08-01 at 14:10 -0500, Les Mikesell wrote:
> > Jason Pyeron wrote:
> > > 
> > > [root@devserver21 etc]# sudo su -l apache failed to get default 
> > > context
> > > [root@devserver21 etc]# sudo su apache failed to get 
> default context
> > > [root@devserver21 etc]# sudo
> > > [root@devserver21 etc]#
> > > 
> > 
> > References to 'context' would have something to do with 
> SELinux, not normal 
> > permissions.
> ---
> That's is also because his echoed "0" context is not active yet.  It
> requires a reboot every time I have done it.  But the other way around
> it does not.
> 
> No matter how hard you try in a default EL4 or 5 instance you 
> will never
> get logged into an apache account.  Root or Not...  Unless you change
> the login shell..or exploit it...

Forgot to tell you in the chroot I did change the login shell for apache to
/bin/bash

> 
> apache = /sbin/nologin
> postgres = /sbin/bash
> #################################################
> Jason,
> 
> Nasty things happen when you build rpms like that.  
> See www.owlriver.com , Russ has an article there about it [1].

Agreed. I am hacking together a solution to put in to our mockbuilder. Needed to
have a working subversion 1.6.x in our yum repo by Monday morning (client
deliverable). I have goten everything to work until subversions make test
launches apache as root.... It just produced the 1st mod_dav_svn-1.6.12 rpm as I
was typing this email.

Give me ten minutes I will publish the src.rpms...

> 
> [1] http://www.owlriver.com/tips/non-root/
> 
> 
> John
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
> 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos