我的机器上有debootstraped的版本,想更改它的密码:wheezyArchlinuxroot
echo "root:toor" | chpasswd --root /home/containers/wheezy/
但是我收到错误:
chpasswd: PAM: Permission denied
root在我的本地用户上运行良好(没有--root选项)。
该man页面明确指出以下内容:
-R, --root CHROOT_DIR
应用 CHROOT_DIR 目录中的更改并使用 CHROOT_DIR 目录中的配置文件。
那么我做错了什么?到底如何PAM参与呢?还有其他方法可以做到这一点吗?
编辑
# echo "root:toor" | sudo strace -f -efile,execve chpasswd --root /home/containers/wheezy/
下面是开始抱怨的输出chpasswd。
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
chpasswd: PAM: Permission denied
+++ exited with 1 +++
编辑2
我发现chpasswd目标容器上期望的文件可以在许多其他语言中找到,除了英语:
# find /usr/share/locale/ -iname '*Linux-PAM.mo*'
/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo
...
/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo
注意:en_GB哪个chpasswd期望可能等于uk目标容器?..
我尝试重新安装似乎包含所需文件的软件包:
apt-get install --reinstall libpam-runtime login locales locales-all
但这根本没有帮助。
编辑3
当我strace在目标容器上运行时,它不会查找这些文件:
# echo "root:toor2" | strace -f -e open chpasswd --root /
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libpam.so.0", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libpam_misc.so.0", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libcrypt.so.1", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY) = 3
open("/proc/filesystems", O_RDONLY) = 3
open("/etc/pam.d/chpasswd", O_RDONLY) = 3
open("/etc/pam.d/common-password", O_RDONLY) = 4
open("/lib/x86_64-linux-gnu/security/pam_unix.so", O_RDONLY) = 5
open("/etc/ld.so.cache", O_RDONLY) = 5
open("/lib/x86_64-linux-gnu/libnsl.so.1", O_RDONLY) = 5
open("/lib/x86_64-linux-gnu/security/pam_deny.so", O_RDONLY) = 5
open("/lib/x86_64-linux-gnu/security/pam_permit.so", O_RDONLY) = 5
open("/etc/pam.d/other", O_RDONLY) = 3
open("/etc/pam.d/common-auth", O_RDONLY) = 4
open("/etc/pam.d/common-account", O_RDONLY) = 4
open("/etc/pam.d/common-password", O_RDONLY) = 4
open("/etc/pam.d/common-session", O_RDONLY) = 4
open("/etc/passwd", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY) = 3
open("/etc/nsswitch.conf", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libnss_compat.so.2", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libnss_nis.so.2", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
open("/etc/shadow", O_RDONLY|O_CLOEXEC) = 3
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
open("/etc/shadow", O_RDONLY|O_CLOEXEC) = 3
open("/etc/passwd", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY) = 3
open("/etc/.pwd.lock", O_WRONLY|O_CREAT|O_CLOEXEC, 0600) = 3
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
open("/etc/shadow", O_RDONLY|O_CLOEXEC) = 4
open("/dev/urandom", O_RDONLY) = 4
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
open("/etc/passwd", O_RDONLY) = 4
open("/etc/nshadow", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
open("/etc/shadow", O_RDONLY) = 5
open("/etc/localtime", O_RDONLY) = 4
Process 7760 attached
Process 7759 suspended
Process 7759 resumed
Process 7760 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
编辑4
Debian Jessie最终我在同一个容器上运行了相同的命令工作过。
这个案例已经解决了——Wheezy只是Archlinux有不同的实现chpasswd。
我认为解决这个问题的最佳便携式解决方法是@彼得·科德斯:
echo 'root:toor' | chroot /home/containers/wheezy/ /usr/sbin/chpasswd
答案1
它可能是 Selinux / Ubuntu 的替代品。
关于正确使用 selinux 的精彩视频: https://www.youtube.com/watch?v=bQqX3RWn0Yw
我不是 Ubuntu(我认为它是 apparmor?) 专家,所以我无法提供帮助。
答案2
PAM 涉及密码更改,因为这就是您执行密码强度检查等操作的方式。passwordPAM 配置中的条目控制要执行的操作。
在这种情况下,我的假设是 Arch 和 Debian 之间有一种奇怪的交互。您正在运行 Arch chpasswd,它正在执行一堆操作(主要是加载共享库),然后跳入 Wheezy 容器并尝试对其配置进行调整。
--root我认为,只要放弃该选项chpasswd并chroot在其前面进行跟注,您的运气就会好得多。
另外,为了完整起见,您是以 root身份运行chpasswd,对吧?(笑)