Possible UID/GID bug in chrooted shells?
Martin Pool
mbp at samba.org
Thu Jun 13 10:54:34 EST 2002
On 12 Jun 2002, Tom Worley <tom at worley.co.uk> wrote:
> Dear Martin,
> Sorry to mail you directly, but I've had no joy trying to get round this
> problem (read the faqs, posted on the mailing list RTFM a lot etc)
> This is (slightly updated) what I posted to the mailing list:
> I'm stuck on a problem with rsync...
> We've got a chrooted shell with rsync and all the needed libs inside (and not
> much else).
> We're using rsync over ssh to send the files into this chrooted session. The
> rsync binary in the chrooted session is SUID root so that it can create the
> files with the correct UID/GID. When the following is run, it creates all the
> files as root.staff, not as the test user/group, or the correct UID/GID of
> the original files, so the SUID root is working. We've also tried extracting
> files from tar that belong to another user (that is the files inside the tar)
> and when tar is suid root in the chroot it extracts them with the correct
> UID/GID.
> This is the command we used:
> rsync --delete-excluded --delete -essh -avz --numeric-ids /home/admin/
> test at localhost:/home/backup
> (from outside the chroot, the "test" user being inside it)
>
> The test user's shell is the chrooted session,
What do you mean by that? Their /etc/passwd shell is some "chrooted
session" program? If you wrote it please post the source, otherwise
what is the name.
Do you know you cannot just run /usr/sbin/chroot as a regular user?
It's a privileged operation; it must be done before changing uid.
> and the session works fine through ssh, rsync runs without errors,
> but all the files created are owned by root.
>
> If we try the same but to a non-chrooted user (and suid root to the rsync
> binary outside the chroot, yeah yeah, it's just a test), it correctly creates
> the files with the right UID/GID. I've even tried copying the complete
> /etc/passwd and shadow files into the chroot jail, but that didn't help. We'd
> rather not have to setup users/passwords for several hundered users for rsync
> and run it as a daemon (and send the password securely somehow to each
> person). Could it be a bug in the way rsync sets the UID/GID of the files?
> Running Debian Linux Sid, up to date as of this morning, and rsync:
> rsync version 2.5.6cvs protocol version 26 from debian packages, linux
> 2.4.18 kernel, chroot 2.0.11 on an i686.
> Kind regards, and TIA,
> Regards,
> Tom Worley
--
Martin
More information about the rsync
mailing list