[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Managing users and groups within multiple devel chroots.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Pollock <apollock@debian.org> writes:

> On Wed, Sep 14, 2005 at 02:12:54PM -0700, Rob Browning wrote:
>> 
>> Is it possible to configure a set of chroots (woody, sarge, whatever)
>> so that all of the chroot passwd/group DBs will stay in sync with each
>> other and with the host DB automaticall, so that, for example, a
>> useradd, usermod, or userdel, will automatically affect all of the DBs
>> simultaneously and safely?
>
> I haven't investigated if adduser supports this properly (and I suspect it
> doesn't), but LDAP authentication across the whole lot would do the trick.

If you are using the chroot for e.g. building with sbuild/buildd, you
don't really want the LDAP stuff in your minimal chroot.

As an alternative suggestion to the original poster, have a look at
the latest schroot:
http://people.debian.org/~rleigh/schroot-0.1.6.tar.bz2

Note this is not an official release, it's a CVS snapshot, since I
only added the necessary support over the last two days.  Here's an
example of it in action, in verbose mode to illustrate:

$ schroot -c sarge -v
run-parts: executing /etc/schroot/setup.d/00check
AUTH_USER=rleigh
AUTH_VERBOSITY=verbose
CHROOT_TYPE=plain
CHROOT_NAME=sarge
CHROOT_DESCRIPTION=Debian sarge (stable)
CHROOT_MOUNT_LOCATION=/srv/chroot/sarge
CHROOT_MOUNT_DEVICE=(null)
CHROOT_LOCATION=/srv/chroot/sarge
run-parts: executing /etc/schroot/setup.d/10mount
run-parts: executing /etc/schroot/setup.d/20network
`/etc/resolv.conf' -> `/srv/chroot/sarge/etc/resolv.conf'
run-parts: executing /etc/schroot/setup.d/30passwd
`/etc/passwd' -> `/srv/chroot/sarge/etc/passwd'
`/etc/shadow' -> `/srv/chroot/sarge/etc/shadow'
`/etc/group' -> `/srv/chroot/sarge/etc/group'
run-parts: executing /etc/schroot/setup.d/50chrootname
Setting chroot name to sarge
[sarge chroot] Running login shell: “/bin/bash”
(sarge)rleigh@hardknott:~/projects/schroot/schroot$ id
uid=1000(rleigh) gid=1000(rleigh) groups=20(dialout),24(cdrom),25(floppy),29(audio),40(src),44(video),46(plugdev),1000(rleigh),1001(sbuild)
(sarge)rleigh@hardknott:~/projects/schroot/schroot$ logout
run-parts: executing /etc/schroot/setup.d/50chrootname
run-parts: executing /etc/schroot/setup.d/30passwd
run-parts: executing /etc/schroot/setup.d/20network
run-parts: executing /etc/schroot/setup.d/10mount
run-parts: executing /etc/schroot/setup.d/00check
$

Notice that the /etc/schroot/setup.d/30passwd was used to sync the
passwd and related files by copying them into the chroot from the main
system.  While it's a simple copy in this case, you can easily
customise the script to sync the other way on session shutdown, and
make this as complex as you like if you want to take care of the
locking issues properly.

The scripts allow one to customise and configure the chroot quite
easily, so it can (for example) mount block devices on demand, and
(later tonight, once I write it) create, mount and destroy LVM
snapshots on the fly.


Regards,
Roger

- -- 
Roger Leigh
                Printing on GNU/Linux?  http://gimp-print.sourceforge.net/
                Debian GNU/Linux        http://www.debian.org/
                GPG Public Key: 0x25BFB848.  Please sign and encrypt your mail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iD8DBQFDKcGKVcFcaSW/uEgRArw3AJ9pgH22e3HR9LG7AZvv4NRsBi2umgCg6IKV
COrNTpFmtq1cLJFeQwCQVPM=
=Xj9z
-----END PGP SIGNATURE-----
Reply to: