[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Any idea why chroot temporarily "cannot find name for group ID 0"?

Ok, here it is. I apologize for its length, I want to include everything so you don't think I'm just doing some magic change without reporting it.
First, I ssh into the server and try to chroot in, and lucky us, we're experiencing it right away. I cat /etc/group as requested: 

Last login: Sun Jun 29 02:31:35 2008 from 99-204-40-118.area1.spcsdns.net
[root@XXXX ~]# chroot /svn/staging/
[root@XXXX ~]# cd /svn
[root@XXXX svn]# chroot staging/www
id: cannot find name for group ID 0
id: cannot find name for group ID 1
id: cannot find name for group ID 2
id: cannot find name for group ID 3
id: cannot find name for group ID 4
id: cannot find name for group ID 6
id: cannot find name for group ID 10
I have no name!@XXXX:/# cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
libuuid:x:101:
I have no name!@XXXX:/# date
Mon Jun 30 05:55:48 UTC 2008
I have no name!@XXXX:/# exit

After that I exit the chroot and go right back in:

[root@XXXX svn]# chroot staging/www
I have no name!@XXXX:/# date
Mon Jun 30 05:58:33 UTC 2008
I have no name!@XXXX:/# exit
Note that even though only 3 minutes have passed, now for some reason it doesn't complain about the missing group names. This is a direct session copy -- I haven't done anything on the server whatsoever. I keep logging out and back in several times to see if it fixes itself: 

[root@XXXX svn]# chroot staging/www
I have no name!@XXXX:/# date
Mon Jun 30 06:02:37 UTC 2008
I have no name!@XXXX:/# exit

[root@XXXX svn]# chroot staging/www
I have no name!@XXXX:/# date
Mon Jun 30 06:06:07 UTC 2008
I have no name!@XXXX:/# exit
No luck. 10 minutes have passed and it's still busted. Just for grins, here's a look at the group permissions: 

[root@XXXX svn]# chroot staging/www
I have no name!@XXXX:/# ls -latr /etc/group
-rw-r--r-- 1 0 root 461 Jun 13 00:58 /etc/group
I have no name!@XXXX:/# date
Mon Jun 30 06:11:04 UTC 2008
I have no name!@XXXX:/#
Note that the user is still 0, but it correctly recognizes the user group to be '0'. So, the mapping between group IDs and group names seems to be working, but the mapping for user IDs to names is still broken. Here's the passwd file: (In retrospect I should have checked the permissions of the passwd file, oops.) 

I have no name!@XXXX:/etc# cat passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
I have no name!@XXXX:/etc# exit
During this time the chroot'd lighttpd webserver is hosting pages fine, but can't send emails. I try to restart it -- no luck. The init.d script contains "chown www-data:www-data /var/run/lighttpd" and fails on that line: 

[root@XXXX svn]# chroot staging/www
I have no name!@XXXX:/# /etc/init.d/lighttpd stop
chown: invalid user: `www-data:www-data'
I have no name!@XXXX:/# /etc/init.d/lighttpd start
chown: invalid user: `www-data:www-data'
I have no name!@XXXX:/# exit
I have the great idea of switching from usernames to user IDs: this solves the chown problem, but lighttpd.conf has a username. I switch to a user ID in lighttpd.conf but that doesn't work either, so I back out those changes. Note, I've made no changes to /etc/group or /etc/passwd 

I have no name!@XXXX:/# /etc/init.d/lighttpd start
* Starting web server lighttpd 2008-06-30 06:17:39: (server.c.727) can't find username www-data [fail] 
I have no name!@XXXX:/# /etc/init.d/lighttpd start
* Starting web server lighttpd 2008-06-30 06:18:22: (server.c.727) can't find username 33 [fail] 
I have no name!@XXXX:/# exit
Also note, despite these changes, the chroot is still broken. More time passes and I try one more time: 

[root@XXXX svn]# chroot staging/www
root@XXXX:/# date
Mon Jun 30 06:25:45 UTC 2008
root@XXXX:/# exit

Aha!  it's fixed!  30 minutes after the first attempt it's suddenly working.
So one theory is something is changing the permissions of /etc/group and /etc/passwd. But I can't figure out what that might be. Next time I'm going to check the permissions first thing. Even more fun is now it works fine, and will continue to work fine for some undetermined period of time. So, I'll post again when it happens again, and next time I'll do whoami, check permissions better, etc. 

Any hints so far?  Thanks for following along!

-david


Daniel Burrows wrote:

On Mon, Jun 30, 2008 at 10:42:53AM +0800, paragasu <paragasu@gmail.com> was heard to say:

can you give the output of cat > /etc/group


  Actually, you don't want to do that since it will erase your group
file!

  I think that the contents of /etc/group and /etc/nsswitch.conf, both
when the system is working and when it's "broken", would be interesting,
though.

  Daniel
Reply to: