7

I've installed jailkit on Ubuntu 12.04 and I have set up a user's shell to /bin/bash - but when it is invoked it runs /etc/bash.bashrc instead of /etc/profile

If you haven't used jailkit before here's the gist of it:

  1. A "jailed" version of the system root is created somewhere, like /home/jail
  2. Jailed users home directories are moved inside that folder like /home/jail/home/testuser
  3. Relavant configuration files are copied to /home/jail/etc/ - including a limited /etc/passwd
  4. Programs that you want to allow access to are copied to the corresponding directories, like /bin/bash
  5. When a jailed user logs in they are chrooted to /etc/jail/ and can't see any files above that

So I have a testuser who has an entry in /etc/passwd like this:

testuser:x:1002:1003::/home/jail/./home/testuser:/usr/sbin/jk_chrootsh

In the file /home/jail/etc/passwd there is an entry like:

testuser:1001:1003::/home/testuser:/bin/bash

I've read though the bash(1) and so I think the problem is that bash thinks it is not being invoked as a login shell:

When bash is invoked as an interactive login shell, or as a non-interactive shell with the --login option, it first reads and executes commands from the file /etc/profile, if that file exists.

I get that bash is actually being invoked by /usr/sbin/jk_chrootsh but I don't understand how bash is determining what type of shell it is, and what set of startup files it should run.

I'd like to see if I can troubleshoot this - but I don't understand:

How does bash know how it is being invoked?

ps: I also looked into login(1) without much luck.

cwd
  • 45,389
  • 2
    possible duplicate: http://unix.stackexchange.com/questions/38175/difference-between-login-shell-and-non-login-shell – slm Jun 03 '13 at 13:27

3 Answers3

8

Normally bash knows that it's a login shell because when the login program invokes it, it tells bash that its name is -bash. That name is in argv[0], the zeroth command line argument, which is conventionally the way the user invoked the program. The initial hyphen is a convention to tell a shell that it's a login shell. Bash also behaves as a login shell if you pass it the option --login or -l. See Difference between Login Shell and Non-Login Shell? for more details.

As of Jailkit 2.16, jk_chrootsh reads the absolute path to the shell to invoke from various sources, and passes this path as argv[0], and passes its own command line arguments down to that shell. In the normal use case where jk_chrootsh is itself used in /etc/passwd, there is no way to pass an argument such as -l. Since the absolute path doesn't begin with -, there is no way to make jk_chrootsh invoke a login shell, short of using a tiny intermediate program.

#include <unistd.h>
int main () {
    execl("/bin/bash", "-bash", NULL);
    return 127;
}

I would have expected jk_chrootsh to have an easy way of invoking a login shell. I suggest making a feature request.

Community
  • 1
Gilles 'SO- stop being evil'
  • 829,060
  • Thanks @Giles - you did a lot of research with Jailshell - even looking though the source. I appreciate that. – cwd Jun 04 '13 at 00:33
  • @Giles - can you point me to documentation on execvl because jaikit uses execv and I am having a hard time finding execvl - did you mean execl ? – cwd Jun 04 '13 at 04:11
  • @cwd Yes, I meant execl, sorry. – Gilles 'SO- stop being evil' Jun 04 '13 at 08:31
  • @Gilles Does the same method apply to other executables, as in the case of symlink /sbin/reboot -> /bin/systemctl ? Is this the only way an executable can detect its invocation ? – Sergiy Kolodyazhnyy Jan 28 '19 at 20:27
  • 1
    @SergiyKolodyazhnyy 1. Yes. 2. Yes, in the sense that this information is only conveyed through argv[0] (a program could in principle find argv[0] in a different way, but that would still be the information passed by the invoking process in argv[0]). – Gilles 'SO- stop being evil' Jan 28 '19 at 20:44
6

login calls the login command/shell of the user with its argv[0] starting with a -. Shells check their argv[0] to determine if they're being called as a login shell.

As @slm says, it's clearly specified in the "Invocation" section of the bash manual.

In addition, a few shells like csh, tcsh, ksh, zsh, yash, bash and some variants of the Almquist shell support the -l option to enable the login mode without having to mingle with the first argument. That is not used by login, but you can use it if you want to simulate a login shell from something (like most shells) where it's difficult to run a command with an arbitrary argv[0]. I've seen it used by graphical login managers.

Stéphane Chazelas
  • 544,893
  • Funny you get the accept and the upvotes and we said pretty much the same thing 8-). Good answer BTW. – slm Jun 03 '13 at 23:23
2

Take a look at the bash man page. They discuss the differences in how it can be invoked there. The section is called INVOCATION. The 2 primary ways it get's invoked are as a login shell (bash -l) and as a interactive shell (bash -i).

Take a look at this other Unix and Linux Q&A titled: Difference between Login Shell and Non-Login Shell?. It pretty much covers exactly what you're asking about.

Community
  • 1
slm
  • 369,824
  • I'm downvoting your answer because I think it restates a lot of what I've said in the question. I've even referenced the man page bash(1) in the question and even included a quote. Did you read the entire question? It does not ask "how do I invoke bash" but rather "how does bash know how it is being invoked" - for example when a user logs into the system - how does the system call to bash actually take place... – cwd Jun 03 '13 at 12:59
  • Yes I did read your question. You asked how does bash know how it was called. Your the OP so it's entirely your call. The INVOCATION section I thought explained that clearly that there are 2 modes in which bash can be called. I wasn't trying to tell you how to invoke per say. It's difficult to explain that there are 2 methods that bash can be invoked as without mentioning the -l and -i switches. That being said, I think your question is more fundamental, you're asking what is the mechanism which is used to call bash in one scenario vs. the other. Am I understanding you correctly? – slm Jun 03 '13 at 13:24
  • Read through this other question I just posted and see if that Q&A answers what you're asking: http://unix.stackexchange.com/questions/38175/difference-between-login-shell-and-non-login-shell – slm Jun 03 '13 at 13:28
  • BTW, thank you for leaving a comment when you downvoted! – slm Jun 03 '13 at 13:28
  • Several of those answers explain the mechanism of how a interactive vs. login shell is spawned, are you looking for something more? – slm Jun 03 '13 at 13:30
  • 1
    Thanks for pointing me in the right direction - the other question you referenced in fact details out what I wanted to know perfectly - it all makes sense now. If you make some sort of edit to your answer I can remove my downvote. – cwd Jun 03 '13 at 23:09
  • Made an edit. Glad you got your question answered! – slm Jun 03 '13 at 23:21