I'm setting up a minimal chroot and want to avoid having sudo or su in it but still run my processes as non-root. This is a bit of a trick as running chroot requiers root. I could write a program that does this that would look something like:
uid = LookupUser(args[username]) // no /etc/passwd in jail chroot(args[newroot]) cd("/") setuids(uid) execve(args[exe:])
Is that my best bet or is there a standard tool that does that for me?
I rolled my own here:
Yes, that does indeed make it possible for a non-root user to use chroot. The root user ID in that namespace is mapped to the non-root user ID outside of that namespace, and vice versa, which is why the system shows files owned by the current user as owned by user ID 0.
You can try to run Docker Containers as a Non Root User by adding Users to the Docker Group. If there is no Docker group, you can always create one. You can create a Docker Group using the following command. After you have created the Docker Group, you can now add Non Root Users using the following command.
chroot can only be used by root him/her/itself. And no, there won't be any other way without compromising security. Only the root user can perform a chroot.
If you invoke chroot
from root, the chroot
option --userspec=USER:GROUP
will run the command under the non-root UID/GID.
By the way, the option '--userspec' is first introduced in coreutils-7.5 according to a git repository git://git.sv.gnu.org/coreutils
.
fakechroot, in combination with fakeroot, will allow you to do this. They'll make all programs that are running act as if they're being run in a chroot as root but they'll actually be running as you.
See also fakechroot's man page.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With