Re: [lfs-support] Problems with su when building LFS
On 02/12/2018 07:31 PM, Pierre Labastie wrote: On 12/02/2018 18:54, Pierre Labastie wrote: On 11/02/2018 23:01, Tim Tassonis wrote: On 02/11/2018 10:37 PM, Bruce Dubbs wrote: Tim Tassonis wrote: I have found a workaround for my problem: If I replace mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 with mount -v --bind /dev/pts $LFS/dev/pts I get the needed /dev/pts/0 and sudo and su with password asking now works. As it seems that this is really only a chroot issue and su and sudo now work fine, I'll continue with that. I'm not yet sure of the exact security implications, but as this is a dedicated vm only for building the system, it should be ok. I have the same issue, whether or not I use -o gid=... After entering chroot, I am root, and if I run "su - pierre", I become pierre. But if I try to become back root using su (that is running "su -" while being pierre), I get the "su: must be run from a terminal" message. Note that if I run (as pierre) "sudo su -", it works (user pierre can sudo without a password)... I tried an old LFS (SVN-20160929), and I have exactly the same results... Hmm, maybe a problem with host (I'm using Debian sid ATM). I've made a few trials. With kernels older than 4.9, same issue. With 4.7.4, no issue. That may explain why it was working for older LFS. s/With kernels older than 4.9/With kernels newer than 4.9/ sorry Might well be, as I am building under 4.14.16, the last lfs 8.0 build was under 4.9.21. -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Problems with su when building LFS
On 12/02/2018 18:54, Pierre Labastie wrote: > On 11/02/2018 23:01, Tim Tassonis wrote: >> On 02/11/2018 10:37 PM, Bruce Dubbs wrote: >>> Tim Tassonis wrote: >>> I have found a workaround for my problem: If I replace mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 with mount -v --bind /dev/pts $LFS/dev/pts I get the needed /dev/pts/0 and sudo and su with password asking now works. As it seems that this is really only a chroot issue and su and sudo now work fine, I'll continue with that. I'm not yet sure of the exact security implications, but as this is a dedicated vm only for building the system, it should be ok. > > I have the same issue, whether or not I use -o gid=... > > After entering chroot, I am root, and if I run "su - pierre", I become pierre. > But if I try to become back root using su (that is running "su -" while being > pierre), I get the "su: must be run from a terminal" message. > > Note that if I run (as pierre) "sudo su -", it works (user pierre can sudo > without a password)... > > I tried an old LFS (SVN-20160929), and I have exactly the same results... > > Hmm, maybe a problem with host (I'm using Debian sid ATM). > > I've made a few trials. With kernels older than 4.9, same issue. With 4.7.4, > no issue. That may explain why it was working for older LFS. > s/With kernels older than 4.9/With kernels newer than 4.9/ sorry -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Problems with su when building LFS
On 11/02/2018 23:01, Tim Tassonis wrote: > On 02/11/2018 10:37 PM, Bruce Dubbs wrote: >> Tim Tassonis wrote: >> >>> I have found a workaround for my problem: >>> >>> If I replace >>> >>> mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 >>> >>> with >>> >>> mount -v --bind /dev/pts $LFS/dev/pts >>> >>> >>> I get the needed /dev/pts/0 and sudo and su with password asking now works. >>> As it seems that this is really only a chroot issue and su and sudo now >>> work fine, I'll continue with that. I'm not yet sure of the exact security >>> implications, but as this is a dedicated vm only for building the system, >>> it should be ok. I have the same issue, whether or not I use -o gid=... After entering chroot, I am root, and if I run "su - pierre", I become pierre. But if I try to become back root using su (that is running "su -" while being pierre), I get the "su: must be run from a terminal" message. Note that if I run (as pierre) "sudo su -", it works (user pierre can sudo without a password)... I tried an old LFS (SVN-20160929), and I have exactly the same results... Hmm, maybe a problem with host (I'm using Debian sid ATM). I've made a few trials. With kernels older than 4.9, same issue. With 4.7.4, no issue. That may explain why it was working for older LFS. Pierre -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Problems with su when building LFS
Hallo, > su: must be run from a terminal what are the defaults in your sudo.conf? Have you switched on requiretty? You could selectively (or globally) switch it off. Defaults:timtas !requiretty Tschau...Thomas -- "Do you wanna be a legend or a passing footprint on the sands of time?" signature.asc Description: OpenPGP digital signature -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Problems with su when building LFS
Tim Tassonis wrote: I have found a workaround for my problem: If I replace mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 with mount -v --bind /dev/pts $LFS/dev/pts I get the needed /dev/pts/0 and sudo and su with password asking now works. As it seems that this is really only a chroot issue and su and sudo now work fine, I'll continue with that. I'm not yet sure of the exact security implications, but as this is a dedicated vm only for building the system, it should be ok. What I recommend is just get ssh working and then work from your host. With ssl now in LFS, ssh does not need any dependencies. I generally have a problem pasting between a host and VM anyway, so ssh cures that problem. Are you using qemu? -- Bruce -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Problems with su when building LFS
On 02/11/2018 10:07 PM, Tim Tassonis wrote: On 02/11/2018 09:17 PM, Bruce Dubbs wrote: Tim Tassonis wrote: Hi all I currently building LFS (svn) and seem to get a problem doing su in the chroot environment. I am past shadow now and have set-up a user to work with. The user however should be able to su to root. I have done the same on lfs 7.9 and lfs 8.0 without problems. I think, I follow the book when entering the chroot: LFS=/lfs export LFS mount -v --bind /dev $LFS/dev mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 mount -vt proc proc $LFS/proc mount -vt sysfs sysfs $LFS/sys mount -vt tmpfs tmpfs $LFS/run if [ -h $LFS/dev/shm ]; then mkdir -pv $LFS/$(readlink $LFS/dev/shm) fi chroot "$LFS" /tools/bin/env -i \ HOME=/root \ TERM="$TERM" \ PS1='\u:\w\$ ' \ PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \ /tools/bin/bash --login +h In chroot, /dev/pts looks like this: root@lfsd82:/# ls -ld /dev/pts drwxr-xr-x 2 root root 0 Feb 11 19:38 /dev/pts root@lfsd82:/# ls -ld /dev/pts/* c- 1 root root 5, 2 Feb 11 19:38 /dev/pts/ptmx I can then call "login", enter the user's userid and password and get a shell. I can also do a "su - timtas", which also works. If I then call "su -" under the user, I always get: su: must be run from a terminal The contents of /dev/pts in the chroot always stay: timtas@lfsd82:~$ ls -l /dev/pts/ total 0 c- 1 root root 5, 2 Feb 11 19:38 ptmx What am I missing? Well I'm attaching what I use. Of course you have to make sure the non-root user is created in chroot and has a home directory. Run mount-virt.sh, then enter chroot. You should be able to su from there after a 'useradd -m userid'. Thanks for that. Just another quick question: what are your contents in /dev/pts after you entered chroot? I have read some stuff now and someone pointed to a glibc issue when failing to dereference /proc/self/fd/0. In my chroot, /proc/self/fd/0 points to: root@lfsd82:/# ls -l /proc/self/fd/0 lrwx-- 1 root root 64 Feb 11 21:01 /proc/self/fd/0 -> /dev/pts/0 which doesn't exist in my chroot. This then seems to trigger the errors, as the glibc function ttyname() fails in that case. Somehow, the chroot call seems not to inherit the tty from outside and therefore no valid tty exist in the chroot. I have found a workaround for my problem: If I replace mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 with mount -v --bind /dev/pts $LFS/dev/pts , I get the needed /dev/pts/0 and sudo and su with password asking now works. As it seems that this is really only a chroot issue and su and sudo now work fine, I'll continue with that. I'm not yet sure of the exact security implications, but as this is a dedicated vm only for building the system, it should be ok. -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Problems with su when building LFS
Tim Tassonis wrote: On 02/11/2018 09:17 PM, Bruce Dubbs wrote: Tim Tassonis wrote: Hi all I currently building LFS (svn) and seem to get a problem doing su in the chroot environment. I am past shadow now and have set-up a user to work with. The user however should be able to su to root. I have done the same on lfs 7.9 and lfs 8.0 without problems. I think, I follow the book when entering the chroot: LFS=/lfs export LFS mount -v --bind /dev $LFS/dev mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 mount -vt proc proc $LFS/proc mount -vt sysfs sysfs $LFS/sys mount -vt tmpfs tmpfs $LFS/run if [ -h $LFS/dev/shm ]; then mkdir -pv $LFS/$(readlink $LFS/dev/shm) fi chroot "$LFS" /tools/bin/env -i \ HOME=/root \ TERM="$TERM" \ PS1='\u:\w\$ ' \ PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \ /tools/bin/bash --login +h In chroot, /dev/pts looks like this: root@lfsd82:/# ls -ld /dev/pts drwxr-xr-x 2 root root 0 Feb 11 19:38 /dev/pts root@lfsd82:/# ls -ld /dev/pts/* c- 1 root root 5, 2 Feb 11 19:38 /dev/pts/ptmx I can then call "login", enter the user's userid and password and get a shell. I can also do a "su - timtas", which also works. If I then call "su -" under the user, I always get: su: must be run from a terminal The contents of /dev/pts in the chroot always stay: timtas@lfsd82:~$ ls -l /dev/pts/ total 0 c- 1 root root 5, 2 Feb 11 19:38 ptmx What am I missing? Well I'm attaching what I use. Of course you have to make sure the non-root user is created in chroot and has a home directory. Run mount-virt.sh, then enter chroot. You should be able to su from there after a 'useradd -m userid'. Thanks for that. Just another quick question: what are your contents in /dev/pts after you entered chroot? Just c- 1 root root 5, 2 Feb 11 14:11 ptmx I have read some stuff now and someone pointed to a glibc issue when failing to dereference /proc/self/fd/0. In my chroot, /proc/self/fd/0 points to: root@lfsd82:/# ls -l /proc/self/fd/0 lrwx-- 1 root root 64 Feb 11 21:01 /proc/self/fd/0 -> /dev/pts/0 As a normal user and as root in chroot, I have the same. What changes in /proc/self/fd is th eowner and group and the pointer 3 -> /proc/10750/fd whuch gave different PIDs. which doesn't exist in my chroot. This then seems to trigger the errors, as the glibc function ttyname() fails in that case. Somehow, the chroot call seems not to inherit the tty from outside and therefore no valid tty exist in the chroot. I do not know why it works for me and not you. -- Bruce -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Problems with su when building LFS
Tim Tassonis wrote: Hi all I currently building LFS (svn) and seem to get a problem doing su in the chroot environment. I am past shadow now and have set-up a user to work with. The user however should be able to su to root. I have done the same on lfs 7.9 and lfs 8.0 without problems. I think, I follow the book when entering the chroot: LFS=/lfs export LFS mount -v --bind /dev $LFS/dev mount -vt devpts devpts $LFS/dev/pts -o gid=5,mode=620 mount -vt proc proc $LFS/proc mount -vt sysfs sysfs $LFS/sys mount -vt tmpfs tmpfs $LFS/run if [ -h $LFS/dev/shm ]; then mkdir -pv $LFS/$(readlink $LFS/dev/shm) fi chroot "$LFS" /tools/bin/env -i \ HOME=/root \ TERM="$TERM" \ PS1='\u:\w\$ ' \ PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \ /tools/bin/bash --login +h In chroot, /dev/pts looks like this: root@lfsd82:/# ls -ld /dev/pts drwxr-xr-x 2 root root 0 Feb 11 19:38 /dev/pts root@lfsd82:/# ls -ld /dev/pts/* c- 1 root root 5, 2 Feb 11 19:38 /dev/pts/ptmx I can then call "login", enter the user's userid and password and get a shell. I can also do a "su - timtas", which also works. If I then call "su -" under the user, I always get: su: must be run from a terminal The contents of /dev/pts in the chroot always stay: timtas@lfsd82:~$ ls -l /dev/pts/ total 0 c- 1 root root 5, 2 Feb 11 19:38 ptmx What am I missing? Well I'm attaching what I use. Of course you have to make sure the non-root user is created in chroot and has a home directory. Run mount-virt.sh, then enter chroot. You should be able to su from there after a 'useradd -m userid'. -- Bruce mount-virt.sh Description: application/shellscript umount-virt.sh Description: application/shellscript -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style