Sebastian Beßler posted on Tue, 16 Mar 2010 13:27:46 +0100 as excerpted: > That is not really a solution, because all it need to be root again is a > simple exit. And chroot-root can break out of the chroot without > problem.
See the chroot --userspec option in its manpage... > And you still need to be root to enter the chroot so you must always > type in your root password to start a simple app, even if you drop root > inside the chroot. Not if you have sudo configured properly. Then the user uses their normal password, or none, if sudo is set for no password verification for that command. And since sudo is configurable per command including the passed parameters, it's possible to specifically allow only the single command "sudo linux32 chroot --userspec=xxx:yyy /mnt/point /bin/bash" ... and to configure it to require, or not require, entering the user password, as desired. (FWIW, sudo can also be configured to require the changed /to/ user's password, instead of the changed /from/ user's password, so to require root's password here since it's root we're changing to, to do the chroot, but that's a global setting that would apply to all sudo usage on the system, while the require a password or not setting is per configured allowed command or group of commands.) > So this is nothing more then a really fragile hack, to me at last. I won't argue that it's not a hack, but it isn't really more so, or more fragile, IMO, than the whole multilib thing. And it does keep the 32-bit and 64-bit sides better separated. So pick your hack. =:^) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman
