Possible UID/GID bug in chrooted shells?
Dave Dykstra
dwd at bell-labs.com
Thu Jun 13 11:34:12 EST 2002
On Tue, Jun 11, 2002 at 06:05:37PM +0100, Tom Worley wrote:
> On Tuesday 11 June 2002 5:24 pm, you wrote:
> > Tom: You just need to tell rsync to use numeric IDS, or else make a /etc
> > in the chroot root, so that names can be resolved (it's chrooted, so it
> > can't see the real /etc... ever notice the /etc in anon ftp sessions?). By
> > default, rsync uses the names, rather than the numbers, since it was
> > developed as a mirroring tool, where you might be mirroring a system where
> > the ids don't match. If it's not told to use numeric ids, it will attempt
> > to resolve names to local numeric ids, and use them, else it uses the euid
> > and egid of the rsync process.
> > --numeric-ids don't map uid/gid values by user/group
>
> Tim, I had already tried that with no joy, e.g.:
>
> rsync --delete-excluded --delete -essh -avzog --numeric-ids /home/admin/
> test at localhost:/home/backup
>
> Same results, all files are owned by root as rsync is SUID root in the chroot
> enviroment. There is an /etc/passwd in there, but only with root and the test
> user's entries.
> Oh, and I'm using linux 2.4.18 kernel, chroot 2.0.11, rsync 2.5.6CVS (from
> debian sid packages)
rsync is not designed to run setuid-root so I'm not surprised that it
behaves strangely. It might help to write a small setuid-root wrapper
program that sets the real user id to root and execs rsync.
In general it's a bad idea to make a program setuid if it isn't designed
for it.
- Dave Dykstra
More information about the rsync
mailing list