Re: [Jailkit-users] Problem with passwd

[Olivier Sessink]

> Hi All
>
> Have solaris 10
> I did a jail according to
> http://olivier.sessink.nl/jailkit/howtos_ssh_only.html
>
> Problem is that the "in jail" etc/passwd file is not read.
> When I try to login as user comverse I get "failed to get user information
> in the jail for user ID 1014: Error 0, check
> /export/home/chrootusers/etc/passwd"
>
>
> In main /etc/passwd I have
> comverse:x:1014:1::/export/home/chrootusers/./home/comverse:/usr/sbin/jk_chrootsh
>
>
> In jail passwd:
> address@hidden # ls -l etc/passwd
> -rw-r--r--   1 root     root         156 Jan 26 16:34 etc/passwd
> cat /etcpasswd
> comverse:x:1014:1::/home/comverse:/bin/bash
> address@hidden # ls -l etc/group
> -rw-r--r--   1 root     root          32 Jan 26 16:48 etc/group
> address@hidden # cat etc/group
> root:x:0:root
> other::1:comverse
>
>
> I managed to login to the jail by command:       (after I set "
> skip_injail_passwd_check = 1")
> jk_uchroot -j /export/home/chrootusers/ -x /bin/bash
>
> But I get
> [I have no address@hidden
> [I have no address@hidden ssh
> You don't exist, go away!
> [I have no address@hidden
>
>
> So apparently in jail passwd file can't be read.
>
> Can enybody help

I have very little Solaris knowledge, so t6his is based on Linux knowledge
(luckily a lot is shared):

on Linux, user lookups are facilitated by libnss which is configured in
/etc/nsswitch.conf and thus in <jail>/etc/nsswitch.conf

the libnss_*.so libraries need to be in the jail as well, on Linux they
are in /lib but perhaps Solaris has them in another location. Perhaps you
need to put this location in /etc/jk_init.ini

Does Solaris have strace? that might give you a lot of information why
things don't work. See the howto on jail debugging.

Olivier