Bash exec: 63: id: not found when users log in into jail

Carroarmato0 · 08-15-2009, 07:03 AM

I'm administering a student server where students get login through Ssh into their own folder.

The students are jailed in a directory resembling a filesystem on it's own with only strictly checked commands to be executed as a security precaution.

Everything works except for a minor inconvenience: when jailed students log in they first get a:

Quote:

Command 'groups'
failed with return code 2 and error message
exec: 63: id: not found.

After that, they get a normal prompt and everything works alright.
I obviously want to get rid of that annoying error message, but don't know what triggers that.

The group file is present in /etc together with the passwd file.

unSpawn · 08-15-2009, 07:31 AM

Find the difference by executing 'locate id' inside and outside the chroot?

Carroarmato0 · 08-15-2009, 07:44 AM

Outside the jail, "locate id" showed a huge list with every file owned by all users (mostly accounts in the jail), while executing that command within the jail reveals that the command "locate" isn't present in the jail.

I'll make that command available in the jail and see if that solves it.

*edit*
nope doesn't fix the problem

Carroarmato0 · 08-15-2009, 08:29 AM

I did some searching at what "groups" actually does, it gives a list of all the groups a user is present. It might be that it doesn't like something in there. Going to check it out.

unSpawn · 08-16-2009, 05:06 AM

Quote:

Originally Posted by Carroarmato0

Outside the jail, "locate id" showed a huge list with every file owned by all users (mostly accounts in the jail), while executing that command within the jail reveals that the command "locate" isn't present in the jail.

Sorry, should have been 'which id', meaning that if (/usr/bin/)id isn't available any commands relying on it will fail.

Quote:

Originally Posted by Carroarmato0

I'll make that command available in the jail and see if that solves it.

You should be careful what you make available inside your chroot wrt potential security risks. Besides drawing in more binaries may result in needing more supporting libraries as well. If you want a set of binaries rolled into one check out Busybox.

Quote:

Originally Posted by Carroarmato0

I did some searching at what "groups" actually does, it gives a list of all the groups a user is present. It might be that it doesn't like something in there.

The shell system-wide resource files in (/path/to/chroot)/etc.

Carroarmato0 · 08-16-2009, 05:28 AM

"Which id" outside the jail returns /usr/bin/id

and inside the jail "which" isn't even present. So I guess that "id" is infact a command rather something strange in some configuration file, that resolves some confusion since I was looking for a wrong problem.

Carroarmato0 · 08-16-2009, 05:32 AM

Quote:

Originally Posted by unSpawn

Sorry, should have been 'which id', meaning that if (/usr/bin/)id isn't available any commands relying on it will fail.

You should be careful what you make available inside your chroot wrt potential security risks. Besides drawing in more binaries may result in needing more supporting libraries as well. If you want a set of binaries rolled into one check out Busybox.

The shell system-wide resource files in (/path/to/chroot)/etc.

Thank you so very much, it was in fact the absence of the "id" command in the jail that returns the error. It was kind of a confusing error since I was looking for some identity error rathen than a missing command.

But I'm very grateful and so will new students too who would otherwise be a little scared from the error message alway poping up.