Bug#992430: schroot: user password does not match
Conrol: tags 992430 moreinfo Sergey Vlasov wrote... > When doing schroot into a buster chroot environment, sudo > commands fail due to password not matching the current user password. > There is no such problem for bullseye chroot environment. > > To reproduce: > > 0. make sure your current user belongs to sudo group > > 1. create buster chroot environment: > > $ sudo debootstrap buster /schroot-bug/buster > > 2. create schroot configuration file: > > $ cat << EOF | sudo tee /etc/schroot/chroot.d/buster > [buster] > type=directory > directory=/schroot-bug/buster > users=$USER > profile=desktop > personality=linux > preserve-environment=false > EOF Unless I misunderstood, also install sudo in the chroot. > 3. enter chroot: > > $ schroot -c buster > > 4. test sudo with your current password: > > $ sudo true (...) The following changes made the check pass: 1. On the *host*, change "yescrypt" to "sha512" in /etc/pam.d/common-password 2. Change the password of that user (feel free to re-use the old one, but we need the right hash). 3. Reboot (possibly not needed if you do the right things). Can you confirm? Then this is stuff for README.Debian but otherwise little schroot can do. Regards, Christoph signature.asc Description: PGP signature
Bug#992430: schroot: user password does not match
Hi Roger, I compared `/etc/shadow` and `/etc/passwd` across my host and from inside the testable chroot environments, no difference, I also checked `/etc/pam.d/common-password` and it looks that bullseye uses `yescrypt` for hashing while buster uses `sha512`. It also says in `/etc/pam.d/common-password`: > if a shadow password hash will be shared between Debian 11 and older releases replace "yescrypt" with "sha512" for compatibility. My buster chroot already has "sha512" set. I tried to set "yescrypt" there but sudo still complains about the wrong password. Regards, Sergey On Wed, Aug 18, 2021 at 4:58 PM Roger Leigh wrote: > Hi, > > I'm not personally familiar with the changes in the latest Debian release, > but please check that all the password, shadow password files etc. are all > copied into the chroot and are self-consistent with one another. Are the > host files using a hash type not supported by the chroot environment? > > Regards, > Roger > > On 18/08/2021, 14:54, "Sergey Vlasov" wrote: > > Package: schroot > Version: 1.6.10-12 > Severity: important > X-Debbugs-Cc: ser...@vlasov.me > > Dear Maintainer, > > When doing schroot into a buster chroot environment, sudo > commands fail due to password not matching the current user password. > There is no such problem for bullseye chroot environment. > > > >
Bug#992430: schroot: user password does not match
Hi, I'm not personally familiar with the changes in the latest Debian release, but please check that all the password, shadow password files etc. are all copied into the chroot and are self-consistent with one another. Are the host files using a hash type not supported by the chroot environment? Regards, Roger On 18/08/2021, 14:54, "Sergey Vlasov" wrote: Package: schroot Version: 1.6.10-12 Severity: important X-Debbugs-Cc: ser...@vlasov.me Dear Maintainer, When doing schroot into a buster chroot environment, sudo commands fail due to password not matching the current user password. There is no such problem for bullseye chroot environment.
Bug#992430: schroot: user password does not match
Package: schroot Version: 1.6.10-12 Severity: important X-Debbugs-Cc: ser...@vlasov.me Dear Maintainer, When doing schroot into a buster chroot environment, sudo commands fail due to password not matching the current user password. There is no such problem for bullseye chroot environment. To reproduce: 0. make sure your current user belongs to sudo group 1. create buster chroot environment: $ sudo debootstrap buster /schroot-bug/buster 2. create schroot configuration file: $ cat << EOF | sudo tee /etc/schroot/chroot.d/buster [buster] type=directory directory=/schroot-bug/buster users=$USER profile=desktop personality=linux preserve-environment=false EOF 3. enter chroot: $ schroot -c buster 4. test sudo with your current password: $ sudo true [sudo] password for : Sorry, try again. [sudo] password for : Sorry, try again. [sudo] password for : sudo: 3 incorrect password attempts 5. repeat steps 1-4 but replace `buster` with `bullseye`. `sudo true` command accepts the current user password. -- System Information: Debian Release: 11.0 APT prefers stable APT policy: (900, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages schroot depends on: ii libboost-filesystem1.74.0 1.74.0-9 ii libboost-iostreams1.74.01.74.0-9 ii libboost-program-options1.74.0 1.74.0-9 ii libc6 2.31-13 ii libgcc-s1 10.2.1-6 ii libpam0g1.4.0-9 ii libstdc++6 10.2.1-6 ii libuuid12.36.1-8 ii lsb-base11.1.0 ii schroot-common 1.6.10-12 schroot recommends no packages. Versions of packages schroot suggests: pn aufs-tools | unionfs-fuse pn btrfs-progs ii debootstrap1.0.123 ii lvm2 2.03.11-2.1 pn qemu-user-static pn zfsutils-linux -- no debconf information