id -un, whoami in OpenSSH built in jail function

hijack204 · 07-22-2008, 03:34 PM

I'm working on a rhel5.1 server with OpenSSH version 4.9-5.x installed which has support for jails natively. Now I have the jail working great except I cannot get the commands:
whoami - aka id -un
logname

to work properly inside the jail.. anyone else have this problem? Here is what I have setup in my sshd_conf

Match User jailuser
ChrootDirectory /chroot/jail/
AllowTcpForwarding no

Now i've used nixCraft's nice little script to help me move over library's (http://www.cyberciti.biz/files/lighttpd/l2chroot.txt) and everything else seems to be working fine. Here are a few examples of output I get

#whoami
whoami: cannot find name for user ID 503
#id
uid=503 gid=504 groups=504
#id -un
id: cannot find name for user ID 503
503
#logname
503

So its getting the uid.. but I guess it can't lookup the name...

Mr. C. · 07-22-2008, 04:44 PM

You are missing the passwd file in the chroot tree, or it is not readable by the process.

trickykid · 07-22-2008, 05:10 PM

Mr. C. is probably correct. I just ran an strace on the whoami command it indeed reads the /etc/passwd file. You'll need this file in order to match the UID with user logged in somewhere in the chroot jail you setup.

hijack204 · 07-22-2008, 05:13 PM

Yeah I thought that originally but its appears.. adding passwd shadow or group has no effect =( Maybe a caveat of using openssh's native jail

unSpawn · 07-28-2008, 01:05 PM

Show us the strace from inside your jail env?