Hello,
I'm currently experimenting with chroot and I noticed the '--userspec' option.
Can anyone tell me what the advantages/disadvantages are in providing a username with this option compared to root?
Is this something like an unpriviledged user in a container?
My current use case for chroot is to run an application version not available in the stable/backports repos.
Thx
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
chroot userspec
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: chroot userspec
The option just enters the chroot as the specified user rather than as root. But it doesn't seem to source ~/.profile:Chrisdb wrote:Can anyone tell me what the advantages/disadvantages are in providing a username with this option compared to root?
Is this something like an unpriviledged user in a container?
Code: Select all
empty@E485:~ $ sudo chroot --user=empty:empty stretch/
$ whoami
empty
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$ ^D
empty@E485:~ $ sudo chroot stretch/
# su - empty
empty@E485:~ $ whoami
empty
empty@E485:~ $ echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
empty@E485:~ $ ^D
# ^D
empty@E485:~ $
You might find that systemd-nspawn offers a more flexible approach: http://forums.debian.net/viewtopic.php?f=16&t=129390Chrisdb wrote:My current use case for chroot is to run an application version not available in the stable/backports repos.
deadbang
Re: chroot userspec
Thx Head_on_a_Stick, I was thinking of using either nspawn or chroot, but I thought nspawn would be overkill and chroot would be easier to setup.Head_on_a_Stick wrote: You might find that systemd-nspawn offers a more flexible approach: http://forums.debian.net/viewtopic.php?f=16&t=129390