Chrooting to arch32 without being root?

johnrl · 2010-07-04 12:05:37

Hi.
I have a 32 bit subsystem set-up in /opt/arch32 by following the guide http://wiki.archlinux.org/index.php/Ins … _in_Arch64

Problem is that to use chroot I need to do either "sudo chroot" or chroot under su so whenever I get into /opt/arch32 im -always- root. Is this not insecure? For example running Wine in there under root?
Also everything I create in the chroot I can't access with my normal user because it was done by "root" which is annoying when I try to delete directories or move files with dolphin - then I have to start dolphin as root as well.

Is it not possible to be in chroot as the "normal" user? schroot seems to execute everything in the chroot under normal user which is great, but when doing a lot of things it becomes tedious to use schroot so optimally I'd like to just chroot in and do my stuff.

PS: I also tried using the arch32-light script from http://aur.archlinux.org/packages.php?ID=37398. It doesn't help though; whenever I want to get into chroot I have to do "sudo arch32" to get there, else it says "chroot: cannot change root directory to /opt/arch32: Operation not permitted". Using "arch32run" is the same as schroot (obviously)...

Xyne · 2010-07-04 12:58:48

chroot /opt/arch32
su $user

olive · 2010-07-04 12:59:07

You can chroot as root and when you are in the chrooted environment become yourself with su <yourself>. If you have properly configured sudo you can simply type sudo chroot /opt/arch32 su <yourself>. You may also want to use schroot to execute bash (your shell) as yourself but I am unfamiliar with schroot.

Last edited by olive (2010-07-04 12:59:32)

johnrl · 2010-07-04 13:14:32

Thanks! su <username> seem to work. However, if I type "exit" I get back to root, doesn't that mean a program could do the same? I thought that going from user -> root -> user would cancel the last "transition". I see it as I switch user to su, then to myself, but when I type exit I was surprised that I went back to su instead of the terminal closing as it does when I type exit as myself the first time. Probably just me not getting the concept.

Another question regarding arch32: the wiki states you coudl add an identifier to the PS1 var in bashrc to identify the chroot, but if I do this then the identifier is also printed when Im not in chroot. If I do "sudo arch32", "su john", "nano ~/.bashrc" then add "A32" to PS1, it will display A32 in chroot as user john but it will also display A32 as user john outside chroot so this doesnt really help anything - do I need to insert a IF or something to check the context (if thats possible)?

berbae · 2010-07-04 15:33:31

Hello johnrl.

To go the your chrooted arch32 system as user, type the command :

schroot

Run it at your user prompt in a console, no need to be root, or to use su.

The command schroot will launch a bash shell as default command in the default chrooted system (see 'man schroot').

To change the PS1 string in the chrooted arch32 system, write in your .bashrc :

# Check for an interactive session
[ -z "$PS1" ] && return
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" -a -r /etc/debian_chroot ]; then
    debian_chroot=$(cat /etc/debian_chroot)
fi

PS1='[${debian_chroot:+$debian_chroot: }\u@\h \w]\$ '

djgera · 2010-07-04 17:54:13

You only need CAP_SYS_CHROOT to call chroot().

setcap cap_sys_chroot+ep /usr/sbin/chroot

Then you can setup a list of allowed users using an ACL or a simple group, or leave for all

olive · 2010-07-05 02:56:20

johnrl wrote:

Thanks! su <username> seem to work. However, if I type "exit" I get back to root, doesn't that mean a program could do the same? I thought that going from user -> root -> user would cancel the last "transition". I see it as I switch user to su, then to myself, but when I type exit I was surprised that I went back to su instead of the terminal closing as it does when I type exit as myself the first time. Probably just me not getting the concept.

No, a program cannot "do the same". When you exit, your shell exit and you are back to the shell who have launched su. su become yourself and exec bash as yourself. There is no way for a program to revert the situation or to cancel the last transition (which would otherwise be pointless). The fact that your are drop in your root shell when you exit is simply the old already root shell that you see back. You can type exec su <yourself> if you like instead; then your root shell become a shell executed as your self and there are no root shell running anymore (when you exit the terminal will close) (untested though).

johnrl wrote:

Another question regarding arch32: the wiki states you coudl add an identifier to the PS1 var in bashrc to identify the chroot, but if I do this then the identifier is also printed when Im not in chroot. If I do "sudo arch32", "su john", "nano ~/.bashrc" then add "A32" to PS1, it will display A32 in chroot as user john but it will also display A32 as user john outside chroot so this doesn't really help anything - do I need to insert a IF or something to check the context (if thats possible)?

You have to make a test. For example put a file named CHROOT in /opt/arch32 and put in bashrc:

if [ -e /CHROOT ] ; then
PS1=chroot
else
PS1=normal
fi

(of course customize the PS1's as you like.

Last edited by olive (2010-07-05 02:57:05)

Arch Linux

#1 2010-07-04 12:05:37

Chrooting to arch32 without being root?

#2 2010-07-04 12:58:48

Re: Chrooting to arch32 without being root?

#3 2010-07-04 12:59:07

Re: Chrooting to arch32 without being root?

#4 2010-07-04 13:14:32

Re: Chrooting to arch32 without being root?

#5 2010-07-04 15:33:31

Re: Chrooting to arch32 without being root?

#6 2010-07-04 17:54:13

Re: Chrooting to arch32 without being root?

#7 2010-07-05 02:56:20

Re: Chrooting to arch32 without being root?

Board footer