如何在chroot监狱中以root身份而不是sudo来运行命令? [英] How to run a command in a chroot jail not as root and without sudo?

问题描述

我正在设置一个最小的chroot，并希望避免在其中包含sudo或su，但仍以非root身份运行我的进程.当运行chroot要求root时，这是一个技巧.我可以编写一个执行以下操作的程序:

I'm setting up a minimal chroot and want to avoid having sudo or su in it but still run my processes as non-root. This is a bit of a trick as running chroot requiers root. I could write a program that does this that would look something like:

uid = LookupUser(args[username])  // no /etc/passwd in jail
chroot(args[newroot])
cd("/")
setuids(uid)
execve(args[exe:])

这是我最好的选择吗?或者是否有标准工具可以帮到我?

Is that my best bet or is there a standard tool that does that for me?

我在此处滚动了自己的:

I rolled my own here:

推荐答案

如果从根目录调用chroot，则chroot选项

If you invoke chroot from root, the chroot option --userspec=USER:GROUP will run the command under the non-root UID/GID.

顺便说一句，选项'--userspec'首先是根据git仓库git://git.sv.gnu.org/coreutils引入coreutils-7.5的.

By the way, the option '--userspec' is first introduced in coreutils-7.5 according to a git repository git://git.sv.gnu.org/coreutils.

这篇关于如何在chroot监狱中以root身份而不是sudo来运行命令?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！