Bug#948119: [schroot] does not work for non-root user

To: Giovanni Mascellani <gio@debian.org>, 948119@bugs.debian.org
Subject: Bug#948119: [schroot] does not work for non-root user
From: Roger Leigh <rleigh@codelibre.net>
Date: Sat, 4 Jan 2020 11:54:30 +0000
Message-id: <[🔎] 57896269-1d85-feb0-44ab-a73853ac5851@codelibre.net>
Reply-to: Roger Leigh <rleigh@codelibre.net>, 948119@bugs.debian.org
In-reply-to: <[🔎] ce99c76b-d715-e563-344f-d8edab40ac3d@debian.org>
References: <[🔎] ce99c76b-d715-e563-344f-d8edab40ac3d@debian.org> <[🔎] ce99c76b-d715-e563-344f-d8edab40ac3d@debian.org>

On 04/01/2020 08:35, Giovanni Mascellani wrote:

Package: schroot
Version: 1.6.10-7
Severity: important

Hi,

with today's update (1.6.10-7), schroot does not work anymore for
non-root users (which are still authorized by mean of the "users"
directive)

I suspect the problem might be related to the fact that /usr/bin/schroot
is not set-uid anymore, while it was before. Executing

  # chmod u+s /usr/bin/schroot

fixes the problem for me.

schroot absolutely requires being installed setuid root. Like sudo andsu, it's required for PAM auth and setuid() and setgid() calls, as wellas the chroot() call and performing privileged actions like mounting andunmounting filesystems.

In the past, I did consider making it a service accessed via a socket,so that we could have an unprivileged client binary and a privilegedserver process. It's still a reasonable approach to take, but itrequires time and effort to design and implement which I haven't had tospare.



Kind regards,

Roger

Reply to:

References:
- Bug#948119: [schroot] does not work for non-root user
  - From: Giovanni Mascellani <gio@debian.org>

Prev by Date: Bug#948119: [schroot] does not work for non-root user
Next by Date: Processed: Updating statuses for removal requests
Previous by thread: Bug#948119: [schroot] does not work for non-root user
Next by thread: Bug#948119: [schroot] does not work for non-root user
Index(es):
- Date
- Thread