Re: [Jailkit-users] chrootlaunch from inittab

[Olivier Sessink]

address@hidden wrote:
> 
>>From: Olivier Sessink
>>Subject: Re: [Jailkit-users] chrootlaunch from inittab
>>Date: Fri, 20 Mar 2009 19:51:22 +0100
>>User-agent: Thunderbird 2.0.0.19 (X11/20090105)
>>
>>>/ I am now suspecting that this is a problem in the perl script, not/
>>>/ jailkit.  The/
>>>/ script (I am not the author of it) is probably either using
> something in/
>>>/ root's environment that's not in inittab's or accessing something
> that's/
>>>/ not copied over into the jail./
>>
>>but if you run it from the shell (including jk_chrootlaunch) it works?
> 
> Found the problem!
> 
> For the archives: here's how I found it.
> 
> 1) I added an /etc/jk_uchrootsh.ini which allowed user foo into
> the jail /var/foojail
> 
> 2) I logged in as user foo
> 
> 3) ran jk_uchroot  -j /var/foojail -x /usr/local/bin/foo -- -c
> /usr/local/etc/foo.conf
> 
> 4) This gave me a perl error of "Can't locate bar.pm in @INC"  I checked
> the
> includes directories and found that the jailed /usr/local/lib/perl5/foo/
> directory
> containing bar.pm was not world readable.  (The unjailed bar.pm had group
> readable permissions - it's an odd install )
> 
> 
> What's not entirely clear to me is why running the jk_chrootlaunch from the
> root command line would cause the chrooted foo user to have read permission
> but not the foo user in the chroot from /etc/inittab.

hmm that doesn't sound good indeed. If you check the UID (ps axu) for
the process  when running jk_chrootlaunch from the commandline, does it
show the correct user?

regards,
        Olivier