Por que não apenas chroot na sua instalação?
chroot /home/containers/wheezy
passwd root
Eu tenho debootstraped versão de wheezy na minha máquina Archlinux e gostaria de alterar a root senha:
echo "root:toor" | chpasswd --root /home/containers/wheezy/
No entanto, recebo um erro:
chpasswd: PAM: Permission denied
Funciona bem no meu usuário root local (sem a opção --root ).
A página man afirma claramente o seguinte:
-R, --root CHROOT_DIR
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
Então, o que estou fazendo de errado? E como o PAM se envolve mesmo assim? Outros métodos para fazer isso?
EDITAR
# echo "root:toor" | sudo strace -f -efile,execve chpasswd --root /home/containers/wheezy/
Abaixo está a saída onde chpasswd começa a reclamar.
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/Linux-PAM.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
chpasswd: PAM: Permission denied
+++ exited with 1 +++
EDIT2
Descobri que os arquivos que o chpasswd está esperando no contêiner de destino podem ser encontrados para muitos outros idiomas, exceto inglês :
# find /usr/share/locale/ -iname '*Linux-PAM.mo*'
/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo
...
/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo
/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo
Observação: en_GB que chpasswd está esperando pode ser igual a uk no contêiner de destino? ..
Eu tentei reinstalar os pacotes que parecem ter arquivos necessários:
apt-get install --reinstall libpam-runtime login locales locales-all
Mas isso não ajudou em nada.
EDIT3
Quando executo strace no contêiner de destino, ele não está procurando por esses arquivos:
# echo "root:toor2" | strace -f -e open chpasswd --root /
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libpam.so.0", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libpam_misc.so.0", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libcrypt.so.1", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY) = 3
open("/proc/filesystems", O_RDONLY) = 3
open("/etc/pam.d/chpasswd", O_RDONLY) = 3
open("/etc/pam.d/common-password", O_RDONLY) = 4
open("/lib/x86_64-linux-gnu/security/pam_unix.so", O_RDONLY) = 5
open("/etc/ld.so.cache", O_RDONLY) = 5
open("/lib/x86_64-linux-gnu/libnsl.so.1", O_RDONLY) = 5
open("/lib/x86_64-linux-gnu/security/pam_deny.so", O_RDONLY) = 5
open("/lib/x86_64-linux-gnu/security/pam_permit.so", O_RDONLY) = 5
open("/etc/pam.d/other", O_RDONLY) = 3
open("/etc/pam.d/common-auth", O_RDONLY) = 4
open("/etc/pam.d/common-account", O_RDONLY) = 4
open("/etc/pam.d/common-password", O_RDONLY) = 4
open("/etc/pam.d/common-session", O_RDONLY) = 4
open("/etc/passwd", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY) = 3
open("/etc/nsswitch.conf", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libnss_compat.so.2", O_RDONLY) = 3
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libnss_nis.so.2", O_RDONLY) = 3
open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
open("/etc/shadow", O_RDONLY|O_CLOEXEC) = 3
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
open("/etc/shadow", O_RDONLY|O_CLOEXEC) = 3
open("/etc/passwd", O_RDONLY) = 3
open("/etc/passwd", O_RDONLY) = 3
open("/etc/.pwd.lock", O_WRONLY|O_CREAT|O_CLOEXEC, 0600) = 3
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
open("/etc/shadow", O_RDONLY|O_CLOEXEC) = 4
open("/dev/urandom", O_RDONLY) = 4
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
open("/etc/passwd", O_RDONLY) = 4
open("/etc/nshadow", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
open("/etc/shadow", O_RDONLY) = 5
open("/etc/localtime", O_RDONLY) = 4
Process 7760 attached
Process 7759 suspended
Process 7759 resumed
Process 7760 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
EDIT4
Eventualmente eu executei o mesmo comando no mesmo container em Debian Jessie e funcionou .
O caso está resolvido - Wheezy e Archlinux simplesmente têm diferentes implementações de chpasswd .
Acho que a melhor solução portátil para esse problema é a sugerida por @ Peter Cordes:
echo 'root:toor' | chroot /home/containers/wheezy/ /usr/sbin/chpasswd
Por que não apenas chroot na sua instalação?
chroot /home/containers/wheezy
passwd root