FS#45772 - [makepkg] Running as the nobody user asks for a non-existent password
Attached to Project:
Arch Linux
Opened by Bastien Traverse (Neitsab) - Saturday, 25 July 2015, 16:33 GMT
Last edited by Allan McRae (Allan) - Sunday, 26 July 2015, 02:28 GMT
Opened by Bastien Traverse (Neitsab) - Saturday, 25 July 2015, 16:33 GMT
Last edited by Allan McRae (Allan) - Sunday, 26 July 2015, 02:28 GMT
|
Details
Description:
I'm setting up a remote server with its root partition encrypted. Therefore I need to build packages from the AUR /during the installation process/ so as to be able to remotely unlock the machine after the first reboot[1][2]. makepkg (legitimately) refuses to run as root, so I followed the advice from the wiki and tried to run it as the nobody user. But to my surprise there I was asked this user's password, which is non-existent. Running other standard commands prefixed with `sudo -u nobody` doesn't ask for a password, but makepkg does. This effectively prevent installing packages from the AUR when only a root account is available, such as during the installation process, without setting a password for nobody and fiddling with sudoers (see logs below). [1] https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_of_the_root_.28or_other.29_partition [2] https://bbs.archlinux.org/viewtopic.php?id=200114 Additional info: * package version(s): makepkg (pacman) 4.2.1 * config and/or log files etc. Steps to reproduce: Set up a chroot then do the following: # mkdir /tmp/build # cd !$ # for f in https://aur.archlinux.org/packages/mk/mkinitcpio-{netconf/mkinitcpio-netconf,dropbear/mkinitcpio-dropbear,utils/mkinitcpio-utils}.tar.gz; do curl -L "$f" | tar xz; done <change permissions according to http://allanmcrae.com/2015/01/replacing-makepkg-asroot/> [root@rescue build]# ls -la total 20 drwxrwsr-x+ 5 root nobody 4096 Jul 25 17:55 . drwxrwxrwt 3 root root 4096 Jul 25 17:54 .. drwxrwxr-x+ 2 root nobody 4096 Jul 23 05:40 mkinitcpio-dropbear drwxrwxr-x+ 2 root nobody 4096 Jul 15 05:20 mkinitcpio-netconf drwxrwxr-x+ 2 root nobody 4096 Jul 23 05:45 mkinitcpio-utils [root@rescue build]# cd mkinitcpio-netconf/ [root@rescue mkinitcpio-netconf]# sudo -u nobody makepkg -sri ==> Making package: mkinitcpio-netconf 0.0.1-1 (Sat Jul 25 17:58:17 CEST 2015) ==> Checking runtime dependencies... ==> Installing missing dependencies... We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for nobody: ^C ==> ERROR: Aborted by user! Exiting... [root@rescue mkinitcpio-netconf]# sudo -iu nobody This account is currently not available. [root@rescue mkinitcpio-netconf]# sudo -u nobody ls Changelog PKGBUILD mkinitcpio-netconf.install [root@rescue mkinitcpio-netconf]# passwd nobody Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully [root@rescue mkinitcpio-netconf]# sudo -u nobody makepkg -sri ==> Making package: mkinitcpio-netconf 0.0.1-1 (Sat Jul 25 18:18:23 CEST 2015) ==> Checking runtime dependencies... ==> Installing missing dependencies... We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for nobody: nobody is not in the sudoers file. This incident will be reported. ==> ERROR: 'pacman' failed to install missing dependencies. |
This task depends upon
Please close!
add "nobody" to sudoers and allow it to run pacman. Then you can use those options all you want.