I'm using unshare to create per process mounts, which is working perfectly fine by
unshare -m --map-root-user
However, after having created my bind-mounts by
mount --bind src dst
I want to change the UID to my original user, so that whoami
(and others) echoes my username like echo $USER
does.
I have already tried the answer of
Simulate chroot with unshare
However, doing su – user1
after chroot /
, I get
su: Authentication failure
(Ignored)
setgid: Invalid argument
I have tested this on Ubuntu 18.04 Beta, Debian stretch, openSUSE-Leap-42.3.
It's all the same. I guess something has changed in the kernel since this answer was working.
What is a working and correct way to do that (of course without beeing real root)?
Best Answer
The
unshare(1)
command can't do it:Supplementary groups if any (
video
, ...) will be lost anyway (or mapped tonogroup
).By changing again into a 2nd new user namespace, it's possible to revert back the mapping. This requires a custom program, since
unshare(1)
won't do it. Here's a very minimalistic C program as proof of concept (one user only: uid/gid 1000/1000, zero failure check). Let's call itrevertuid.c
:It's just doing the reverse mapping of the mapping done by
unshare -r -m
, which was unavoidable, to be able to be root and usemount
, as seen with:So that gives:
Or shorter:
The behaviour probably changed after kernel 3.19 as seen in
user_namespaces(7)
: