-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Pollock <[EMAIL PROTECTED]> writes:
> On Wed, Sep 14, 2005 at 02:12:54PM -0700, Rob Browning wrote: >> >> Is it possible to configure a set of chroots (woody, sarge, whatever) >> so that all of the chroot passwd/group DBs will stay in sync with each >> other and with the host DB automaticall, so that, for example, a >> useradd, usermod, or userdel, will automatically affect all of the DBs >> simultaneously and safely? > > I haven't investigated if adduser supports this properly (and I suspect it > doesn't), but LDAP authentication across the whole lot would do the trick. If you are using the chroot for e.g. building with sbuild/buildd, you don't really want the LDAP stuff in your minimal chroot. As an alternative suggestion to the original poster, have a look at the latest schroot: http://people.debian.org/~rleigh/schroot-0.1.6.tar.bz2 Note this is not an official release, it's a CVS snapshot, since I only added the necessary support over the last two days. Here's an example of it in action, in verbose mode to illustrate: $ schroot -c sarge -v run-parts: executing /etc/schroot/setup.d/00check AUTH_USER=rleigh AUTH_VERBOSITY=verbose CHROOT_TYPE=plain CHROOT_NAME=sarge CHROOT_DESCRIPTION=Debian sarge (stable) CHROOT_MOUNT_LOCATION=/srv/chroot/sarge CHROOT_MOUNT_DEVICE=(null) CHROOT_LOCATION=/srv/chroot/sarge run-parts: executing /etc/schroot/setup.d/10mount run-parts: executing /etc/schroot/setup.d/20network `/etc/resolv.conf' -> `/srv/chroot/sarge/etc/resolv.conf' run-parts: executing /etc/schroot/setup.d/30passwd `/etc/passwd' -> `/srv/chroot/sarge/etc/passwd' `/etc/shadow' -> `/srv/chroot/sarge/etc/shadow' `/etc/group' -> `/srv/chroot/sarge/etc/group' run-parts: executing /etc/schroot/setup.d/50chrootname Setting chroot name to sarge [sarge chroot] Running login shell: “/bin/bash” (sarge)[EMAIL PROTECTED]:~/projects/schroot/schroot$ id uid=1000(rleigh) gid=1000(rleigh) groups=20(dialout),24(cdrom),25(floppy),29(audio),40(src),44(video),46(plugdev),1000(rleigh),1001(sbuild) (sarge)[EMAIL PROTECTED]:~/projects/schroot/schroot$ logout run-parts: executing /etc/schroot/setup.d/50chrootname run-parts: executing /etc/schroot/setup.d/30passwd run-parts: executing /etc/schroot/setup.d/20network run-parts: executing /etc/schroot/setup.d/10mount run-parts: executing /etc/schroot/setup.d/00check $ Notice that the /etc/schroot/setup.d/30passwd was used to sync the passwd and related files by copying them into the chroot from the main system. While it's a simple copy in this case, you can easily customise the script to sync the other way on session shutdown, and make this as complex as you like if you want to take care of the locking issues properly. The scripts allow one to customise and configure the chroot quite easily, so it can (for example) mount block devices on demand, and (later tonight, once I write it) create, mount and destroy LVM snapshots on the fly. Regards, Roger - -- Roger Leigh Printing on GNU/Linux? http://gimp-print.sourceforge.net/ Debian GNU/Linux http://www.debian.org/ GPG Public Key: 0x25BFB848. Please sign and encrypt your mail. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iD8DBQFDKcGKVcFcaSW/uEgRArw3AJ9pgH22e3HR9LG7AZvv4NRsBi2umgCg6IKV COrNTpFmtq1cLJFeQwCQVPM= =Xj9z -----END PGP SIGNATURE-----
