I was solving a problem for Testling and run into difficulties. Every Github user who signs up for Testling gets a Unix user on Testling's servers. When they commit code, we get a Github hook, switch to their user, clone their repo, and run their tests.

To quickly get it running, I copied / to /chroot and then when the hook comes, I just chroot to this environment, then su - username, and then run a script that run the tests. I do it all with a single command:

sudo chroot /chroot su - user -c "command_that_runs_testling_tests <args>"

This is pretty nifty!

This command combines four commands together - sudo, chroot, su and cmd. Each command calls the next one and when the last command finishes it returns back to the shell and exits (instead of being left inside of chroot in an interactive shell mode as user.)

Now here's the problem I run into.

For some reason user's environment never got executed. Our test runners setup PATHs and other customizations but .bash_profile was never ran.

The solution that I found was to run .bash_profile yourself, like this:

sudo chroot /chroot su - user -c ". ~/.bash_profile; cmd args"

This does what I wanted and runs cmd args inside of chroot located at /chroot as user, initializes .bash_profile and after running cmd it quits.

On Sourcing ~/.bash_profile

Some people couldn't understand why I was sourcing ~/.bash_profile. The reason is because I was unable to find another way to invoke the login shell and have the environment initialized.

I tried this:

sudo chroot /chroot su -l user -c "cmd args"

And it just wouldn't execute ~/.bash_profile. Su's man page says that -l invokes a login shell, however I don't see that happening. Here's the transcript that demonstrates it:

pkrumins$ pwd
/chroot

pkrumins$ sudo cat ./home/testuser1/.bash_profile 
echo "moo"
PATH="/test/bin"

pkrumins$ sudo chroot /chroot su -l testuser1 -c 'echo $PATH'
/bin:/usr/bin

pkrumins$ sudo chroot /chroot su -l testuser1 
moo

testuser1$ echo $PATH
/test/bin

testuser1$ ^D
logout

pkrumins$ sudo chroot /chroot su -l testuser1 -c '. ~/.bash_profile; echo $PATH'       
moo
/test/bin

pkrumins$ sudo chroot /chroot su -l testuser1
moo

testuser1$ /bin/bash -l -c 'echo $PATH'
moo
/test/bin

I don't know what is happening here. Bash profile file never gets run .The only way that I found to get the environment loaded is by sourcing the initialization files yourself. It works and I'm happy.

Until next time!

Comments

December 25, 2012, 05:39

You do great work Peter. I appreciate every post you have on your site. Keep up the great work and thanks for sharing.

December 25, 2012, 14:17

Thank you!

wjgeorge Permalink
December 25, 2012, 17:06

not sure why you're just not doing a 'sudo -u user cmd'

December 25, 2012, 17:19

Because then the cmd will not run inside of chroot.

Sharif Olorin Permalink
December 26, 2012, 00:04

A login shell should source ~/.bashrc, to the best of my knowledge and experience. What environment are you using/what specifically in your .bashrc are you noting doesn't get executed?

yrougy Permalink
December 26, 2012, 09:26

Nope ! The behavior is:
Login shell -> profile
Non-login shell -> ressource file (.bashrc)

It's either one or the other.

However, most distros puts a profile with something like

if [ -f ~/.bashrc ]
then
. ~/bashrc
fi

which "manually" source the rc file if it exists. This is the best way to keep things proper (environment goes to profile and variable non exported to the ressource file this way, so aliases or PS1 goes to the rc file and are usable even in a login shell).

Y.

yrougy Permalink
December 26, 2012, 09:21

You have to source .bashrc because, in case of a login shell, the bash process only loads the profile (/etc/profile, ~/.profile and/or ~/.bash_profile ) . The *profile may loads the ressource file by itself, but it's up to you to do so.

In case of a non-interactive shell, the bash process *doesn't* look for the ~/.bashrc specifically. Actually it searches for a environment variable BASH_ENV to know the ressource file to loads.

Y.

Maxim Yegorushkin Permalink
December 26, 2012, 20:06

The way you pass commands to the shell may require akward quoting. Just pipe the commands into the shell. See http://stackoverflow.com/a/3435460/412080

jaysunn Permalink
January 01, 2013, 14:02

peter,
I really enjoy your posts. Keep the great tips coming.

Happy New Year!!!

January 02, 2013, 23:08

Happy new year!

January 08, 2013, 13:36

Peter Krumins,
I really appreciate your posts. Keep on posting.
Happy New Year.

sapphirecat Permalink
April 11, 2013, 18:35

Random thought: if your working directory is already /chroot, you can use the current-dir syntax to expand the path: sudo chroot ~+ su ....

Manh Cuong Le Permalink
May 15, 2013, 15:30

Hi, Peter Krumins.

This is a very nice article.

poppinfresh Permalink
August 26, 2013, 21:14

This is not terribly safe and negates the purpose of using chroot. You want to remove all setuid binaries and interactive shells from a chroot environment.

Leave a new comment

(why do I need your e-mail?)

(Your twitter handle, if you have one.)

Type the word "cdrom_365": (just to make sure you're a human)

Please preview the comment before submitting to make sure it's OK.

Advertisements