chroot userspec

[Chrisdb]

Hello,

I'm currently experimenting with chroot and I noticed the '--userspec' option.

Can anyone tell me what the advantages/disadvantages are in providing a username with this option compared to root?
Is this something like an unpriviledged user in a container?

My current use case for chroot is to run an application version not available in the stable/backports repos.

Thx

[Head_on_a_Stick]

Can anyone tell me what the advantages/disadvantages are in providing a username with this option compared to root?
Is this something like an unpriviledged user in a container?

The option just enters the chroot as the specified user rather than as root. But it doesn't seem to source ~/.profile:

Code: Select all

empty@E485:~ $ sudo chroot --user=empty:empty stretch/
$ whoami
empty
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$ ^D
empty@E485:~ $ sudo chroot stretch/                                                      
# su - empty
empty@E485:~ $ whoami
empty
empty@E485:~ $ echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
empty@E485:~ $ ^D
# ^D
empty@E485:~ $

My current use case for chroot is to run an application version not available in the stable/backports repos.

You might find that systemd-nspawn offers a more flexible approach: http://forums.debian.net/viewtopic.php?f=16&t=129390

[Chrisdb]

You might find that systemd-nspawn offers a more flexible approach: http://forums.debian.net/viewtopic.php?f=16&t=129390

Thx Head_on_a_Stick, I was thinking of using either nspawn or chroot, but I thought nspawn would be overkill and chroot would be easier to setup.