LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Bash exec: 63: id: not found when users log in into jail (https://www.linuxquestions.org/questions/linux-server-73/bash-exec-63-id-not-found-when-users-log-in-into-jail-747738/)

Carroarmato0 08-15-2009 07:03 AM
Bash exec: 63: id: not found when users log in into jail
 
I'm administering a student server where students get login through Ssh into their own folder.

The students are jailed in a directory resembling a filesystem on it's own with only strictly checked commands to be executed as a security precaution.

Everything works except for a minor inconvenience: when jailed students log in they first get a:

Quote:
Command 'groups'
failed with return code 2 and error message
exec: 63: id: not found.
After that, they get a normal prompt and everything works alright.
I obviously want to get rid of that annoying error message, but don't know what triggers that.

The group file is present in /etc together with the passwd file.

unSpawn 08-15-2009 07:31 AM
Find the difference by executing 'locate id' inside and outside the chroot?

Carroarmato0 08-15-2009 07:44 AM
Outside the jail, "locate id" showed a huge list with every file owned by all users (mostly accounts in the jail), while executing that command within the jail reveals that the command "locate" isn't present in the jail.

I'll make that command available in the jail and see if that solves it.

*edit*
nope doesn't fix the problem

Carroarmato0 08-15-2009 08:29 AM
I did some searching at what "groups" actually does, it gives a list of all the groups a user is present. It might be that it doesn't like something in there. Going to check it out.

unSpawn 08-16-2009 05:06 AM
Quote:
Originally Posted by Carroarmato0 (Post 3644310)
Outside the jail, "locate id" showed a huge list with every file owned by all users (mostly accounts in the jail), while executing that command within the jail reveals that the command "locate" isn't present in the jail.
Sorry, should have been 'which id', meaning that if (/usr/bin/)id isn't available any commands relying on it will fail.


Quote:
Originally Posted by Carroarmato0 (Post 3644310)
I'll make that command available in the jail and see if that solves it.
You should be careful what you make available inside your chroot wrt potential security risks. Besides drawing in more binaries may result in needing more supporting libraries as well. If you want a set of binaries rolled into one check out Busybox.


Quote:
Originally Posted by Carroarmato0 (Post 3644310)
I did some searching at what "groups" actually does, it gives a list of all the groups a user is present. It might be that it doesn't like something in there.
The shell system-wide resource files in (/path/to/chroot)/etc.

Carroarmato0 08-16-2009 05:28 AM
"Which id" outside the jail returns /usr/bin/id

and inside the jail "which" isn't even present. So I guess that "id" is infact a command rather something strange in some configuration file, that resolves some confusion since I was looking for a wrong problem.

Carroarmato0 08-16-2009 05:32 AM
Quote:
Originally Posted by unSpawn (Post 3645137)
Sorry, should have been 'which id', meaning that if (/usr/bin/)id isn't available any commands relying on it will fail.



You should be careful what you make available inside your chroot wrt potential security risks. Besides drawing in more binaries may result in needing more supporting libraries as well. If you want a set of binaries rolled into one check out Busybox.



The shell system-wide resource files in (/path/to/chroot)/etc.

Thank you so very much, it was in fact the absence of the "id" command in the jail that returns the error. It was kind of a confusing error since I was looking for some identity error rathen than a missing command.

But I'm very grateful and so will new students too who would otherwise be a little scared from the error message alway poping up. :)


All times are GMT -5. The time now is 01:11 PM.