Date: Mon, 09 Jul 2018 13:54:07 +0200 From: "Julian H. Stacey" <jhs@berklix.com> To: current@freebsd.org Cc: "Julian H. Stacey" <jhs@berklix.com> Subject: How to add su to /rescue ? Message-ID: <201807091154.w69Bs7Ha024391@fire.js.berklix.net>
next in thread | raw e-mail | index | archive | help
Hi current@ I want to add su to /rescue, but got stuck on pam. Old unix su didn't suffer from pam. There's no #define in su to turn off pam. Man src.conf says WITHOUT_PAM is deprecated & does nothing. Can someone please offer a solution ? Or better to include a simple BSD su pre pam ? I would happily develop a patch for that. Notes to explain the need, & patches from my http://berklix.com/~jhs/src/bsd/fixes/freebsd/src/gen/rescue/ --------- Patch[es] below to solve this emailed scenario: > Please on prison-host cp /lib/libc.so.7 /tank/ezjail/my-domain/lib/libc.so.7 > I am logged in on jail-host, but only as normal-user, not root, so I cannot run > /rescue/cp /usr/obj/usr/src/lib/libc/libc.so.7 /lib/libc.so.7 > > a my make installworld on jail-host.my-domain previously failed with > ===> lib/libc (install) > install -C -o root -g wheel -m 444 libc.a /usr/lib > install -C -o root -g wheel -m 444 libc_p.a /usr/lib > install -s -o root -g wheel -m 444 -fschg -S libc.so.7 /lib > install: /lib/libc.so.7: chflags: Operation not permitted > *** Error code 71 > (might or not be an artifact of being in a jail) > > unfortunately I had run the command as > xs make installworld > (xs is my own little root wrapper) > so when it exited, I was just normal-user not root, & I had forgotten to > open another xterm & leave it logged in as root, > & I found no /rescue/su *** 12.0-CURRENT/usr/src/rescue/rescue/Makefile.orig Tue Jun 19 14:43:47 2018 --- new-generic/usr/src/rescue/rescue/Makefile Mon Jul 9 12:21:47 2018 *************** *** 188,193 **** --- 188,195 ---- CRUNCH_PROGS_usr.bin+= less CRUNCH_ALIAS_less= more + CRUNCH_PROGS_usr.bin+= su + CRUNCH_PROGS_usr.bin+= xz CRUNCH_ALIAS_xz= unxz lzma unlzma xzcat lzcat ----- Patch above fails with: cc -O2 -pipe -DBERKLIX=YES -std=gnu99 -Qunused-arguments -static -o reue rescue.o cat.lo chflags.lo chio.lo chmod.lo cp.lo date.lo dd.lo df.lo echo. ed.lo expr.lo getfacl.lo hostname.lo kenv.lo kill.lo ln.lo ls.lo mkdir.lo mv. pkill.lo ps.lo pwd.lo realpath.lo rm.lo rmdir.lo setfacl.lo sh.lo sleep.lo st.lo sync.lo test.lo csh.lo camcontrol.lo clri.lo devfs.lo dmesg.lo dump.lo dums.lo dumpon.lo fsck.lo fsck_ffs.lo fsck_msdosfs.lo fsdb.lo fsirand.lo gbde.lo om.lo ifconfig.lo init.lo kldconfig.lo kldload.lo kldstat.lo kldunload.lo ldcoig.lo md5.lo mdconfig.lo mdmfs.lo mknod.lo mount.lo mount_cd9660.lo mount_msdos.lo mount_nfs.lo mount_nullfs.lo mount_udf.lo mount_unionfs.lo newfs.lo newfssdos.lo nos-tun.lo ping.lo reboot.lo restore.lo rcorder.lo route.lo savecore.lshutdown.lo spppcontrol.lo swapon.lo sysctl.lo tunefs.lo umount.lo ccdconfig.lping6.lo rtsol.lo ipf.lo routed.lo rtquery.lo zfs.lo zpool.lo bsdlabel.lo fdislo dhclient.lo head.lo mt.lo sed.lo tail.lo tee.lo ! gzip.lo bzip2.lo less.lo suo xz.lo zstd.lo tar.lo nc.lo vi.lo id.lo iscsictl.lo zdb.lo chroot.lo chown.loscsid.lo /data/release/s1/usr/obj/data/release/s1/usr/src/amd64.amd64/rescue/rcue/../librescue/exec.o /data/release/s1/usr/obj/data/release/s1/usr/src/amd64md64/rescue/rescue/../librescue/getusershell.o /data/release/s1/usr/obj/data/rease/s1/usr/src/amd64.amd64/rescue/rescue/../librescue/login_class.o /data/relse/s1/usr/obj/data/release/s1/usr/src/amd64.amd64/rescue/rescue/../librescue/pen.o /data/release/s1/usr/obj/data/release/s1/usr/src/amd64.amd64/rescue/rescu../librescue/rcmdsh.o /data/release/s1/usr/obj/data/release/s1/usr/src/amd64.a64/rescue/rescue/../librescue/sysctl.o /data/release/s1/usr/obj/data/release/susr/src/amd64.amd64/rescue/rescue/../librescue/system.o -lcrypt -ledit -ljail kvm -lelf -ll -ltermcapw -lutil -lxo -l80211 -lalias -lcam -lncursesw -ldevsta-lipsec -llzma -lavl -lzpool -lzfs_core -lzfs -lnvpair -lpthread -luutil -lume-lgeom -lbsdxml -lkiconv ! -lmt -lsbuf -lufs -lz -lbz2 -lprivatezstd -larchive -rypto -lmd -lm /usr/bin/ld: error: undefined symbol: pam_start >>> referenced by su.lo:(_$$hide$$ su.lo main) /usr/bin/ld: error: undefined symbol: pam_set_item >>> referenced by su.lo:(_$$hide$$ su.lo main) Patch below does not solve problem above *** 12.0-CURRENT/usr/src/rescue/librescue/Makefile.orig Mon Jul 9 13:02:43 2018 --- new-generic/usr/src/rescue/librescue/Makefile Mon Jul 9 13:03:59 2018 *************** *** 16,21 **** --- 16,22 ---- .PATH: ${SRCTOP}/lib/libc/gen \ ${SRCTOP}/lib/libc/net \ ${SRCTOP}/lib/libc/stdlib \ + ${SRCTOP}/lib/libpam/libpam \ ${SRCTOP}/lib/libutil LIB= rescue --- changing libpam/libpam to libpam also fails. ------- Cheers, Julian -- Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich Brexit Referendum stole 3.7 million votes inc. from 700,000 British in EU. UK Goverment lies it's democratic in Article 50 paragraph 3 of letter to EU. http://berklix.eu/queen/ https://www.peoples-vote.uk 200,000 @ 9 Jul 2018
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807091154.w69Bs7Ha024391>