[Bug 637597] [NEW] schroot will not allow multiple user login to chroot

Mon, 13 Sep 2010 14:45:46 -0700 

Public bug reported:

Binary package hint: schroot

A schroot is setup for multiple users with the users=user1,user2,user3 as well 
as groups=group1,group2,group3.
When the schroot is started in a session. the session will not recognize the 
other users who are allowed to login, and PAM disallows their usage of schroot 
with an error message and report to syslog.

configuration file is as follows:
[lucid-i386]
description=Ubuntu
directory=/srv/chroot/lucid-i386
personality=linux32
root-users=scott,lwhitney
type=directory
users=lwhitney,scott,coboluser
groups=cobolusers

schroot -i -v -c lucid-i386-session --debug=info

D(2): Getting keyfile group=lucid-i386, key=type
D(2): Getting keyfile group=lucid-i386, key=active
D(2): Getting keyfile group=lucid-i386, key=run-setup-scripts
D(2): Getting keyfile group=lucid-i386, key=run-session-scripts
D(2): Getting keyfile group=lucid-i386, key=run-exec-scripts
D(2): Getting keyfile group=lucid-i386, key=script-config
D(2): Getting keyfile group=lucid-i386, key=priority
D(2): Getting keyfile group=lucid-i386, key=aliases
D(2): Getting keyfile group=lucid-i386, key=environment-filter
D(2): Getting keyfile group=lucid-i386, key=description
D(2): Getting keyfile group=lucid-i386, key=users
D(2): Getting keyfile group=lucid-i386, key=groups
D(2): Getting keyfile group=lucid-i386, key=root-users
D(2): Getting keyfile group=lucid-i386, key=root-groups
D(2): Getting keyfile group=lucid-i386, key=mount-location
D(2): Getting keyfile group=lucid-i386, key=name
D(2): Getting keyfile group=lucid-i386, key=command-prefix
D(2): Getting keyfile group=lucid-i386, key=directory
D(2): Getting keyfile group=lucid-i386, key=location
D(2): Getting keyfile group=lucid-i386, key=personality
D(2): Getting keyfile group=lucid-i386, key=union-type
D(2): Getting keyfile group=lucid-i386, key=union-mount-options
D(2): Getting keyfile group=lucid-i386, key=union-overlay-directory
D(2): Getting keyfile group=lucid-i386, key=union-underlay-directory
D(2): Getting keyfile group=lucid-i386-session, key=type
D(2): Cloned session dummy-session-name
D(2): Getting keyfile group=lucid-i386-session, key=active
D(2): Getting keyfile group=lucid-i386-session, key=run-setup-scripts
D(2): Getting keyfile group=lucid-i386-session, key=run-session-scripts
D(2): Getting keyfile group=lucid-i386-session, key=run-exec-scripts
D(2): Getting keyfile group=lucid-i386-session, key=script-config
D(2): Getting keyfile group=lucid-i386-session, key=priority
D(2): Getting keyfile group=lucid-i386-session, key=aliases
D(2): Getting keyfile group=lucid-i386-session, key=environment-filter
D(2): Getting keyfile group=lucid-i386-session, key=description
D(2): Getting keyfile group=lucid-i386-session, key=users
D(2): Getting keyfile group=lucid-i386-session, key=groups
D(2): Getting keyfile group=lucid-i386-session, key=root-users
D(2): Getting keyfile group=lucid-i386-session, key=root-groups
D(2): Getting keyfile group=lucid-i386-session, key=mount-location
D(2): Getting keyfile group=lucid-i386-session, key=name
D(2): Getting keyfile group=lucid-i386-session, key=command-prefix
D(2): Getting keyfile group=lucid-i386-session, key=directory
D(2): Getting keyfile group=lucid-i386-session, key=location
D(2): Getting keyfile group=lucid-i386-session, key=personality
D(2): Getting keyfile group=lucid-i386-session, key=union-type
D(2): Getting keyfile group=lucid-i386-session, key=union-mount-options
D(2): Getting keyfile group=lucid-i386-session, key=union-overlay-directory
D(2): Getting keyfile group=lucid-i386-session, key=union-underlay-directory
D(2): Getting keyfile group=lucid-i386-session, key=active
D(2): Getting keyfile group=lucid-i386-session, key=source-users
D(2): Getting keyfile group=lucid-i386-session, key=source-groups
D(2): Getting keyfile group=lucid-i386-session, key=source-root-users
D(2): Getting keyfile group=lucid-i386-session, key=source-root-groups
D(2): format_detail: added name "Name"
D(2): format_detail: added name "Description"
D(2): format_detail: added name "Type"
D(2): format_detail: added name "Priority"
D(2): format_detail: added name "Users"
D(2): format_detail: added name "Groups"
D(2): format_detail: added name "Root Users"
D(2): format_detail: added name "Root Groups"
D(2): format_detail: added name "Aliases"
D(2): format_detail: added name "Environment Filter"
D(2): format_detail: added name "Run Setup Scripts"
D(2): format_detail: added name "Script Configuration"
D(2): format_detail: added name "Session Managed"
D(2): format_detail: added name "Session Cloned"
D(2): format_detail: added name "Session Purged"
D(2): format_detail: added name "Mount Location"
D(2): format_detail: added name "Path"
D(2): format_detail: added name "Directory"
D(2): format_detail: added name "Personality"
D(2): format_detail: added name "Filesystem union type"
D(2): format_detail: added name "Session ID"
  ─── Session ───
  Name                   lucid-i386-session
  Description            Ubuntu (session chroot)
  Type                   directory
  Priority               0
  Users                  
  Groups                 
  Root Users             scott
  Root Groups            
  Aliases                
  Environment Filter     
^(BASH_ENV|CDPATH|ENV|HOSTALIASES|IFS|KRB5_CONFIG|KRBCONFDIR|KRBTKFILE|KRB_CONF|LD_.*|LOCALDOMAIN|NLSPATH|PATH_LOCALE|RES_OPTIONS|TERMINFO|TERMINFO_DIRS|TERMPATH)$
  Run Setup Scripts      true
  Script Configuration   script-defaults
  Session Managed        false
  Session Cloned         false
  Session Purged         false
  Mount Location         /var/lib/schroot/mount/lucid-i386-session
  Path                   /var/lib/schroot/mount/lucid-i386-session
  Directory              /srv/chroot/lucid-i386
  Personality            linux32
  Filesystem union type  none
  Session ID             lucid-i386-session

i've tried multiple ways, with the -p flag, with the -u flag... I can -u root, 
but that isn't what is needed. I've tried executing with sudo, and tried it 
from inside an init script. i've tried it as normal users as well...
 Schroot, or PAM, seems to only allow the user who starts schroot to chroot 
into it.. I looked inside the PAM setup and it "appears". 

It seems that schroot doesn't set the users and groups up properly like
seen in the examples in the man pages.

The version of schroot is:

schroot (Debian sbuild) 1.4.0 (16 Jan 2010)
Written by Roger Leigh

Copyright © 2004–2010 Roger Leigh
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Configured features:
  DEVLOCK      Device locking
  PAM          Pluggable Authentication Modules
  PERSONALITY  Linux kernel Application Binary Interface switching
  UNION        Support for filesystem unioning

Available chroot types:
  BLOCKDEV     Support for ‘block-device’ chroots
  DIRECTORY    Support for ‘directory’ chroots
  FILE         Support for ‘file’ chroots
  LOOPBACK     Support for ‘loopback’ chroots
  LVMSNAP      Support for ‘lvm-snapshot’ chroots
  PLAIN        Support for ‘plain’ chroots

Is this possible? am I doing something wrong? I feel like this is
supposed to work....

** Affects: schroot (Ubuntu)
     Importance: Undecided
         Status: New

-- 
schroot will not allow multiple user login to chroot
https://bugs.launchpad.net/bugs/637597
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to