Hi guys,

I've encounter a issue when trying to su to another user after I chroot.

My jail directory = /home/jail
/bin and /lib64 are copied into my jail directory
Passwd and group are also copied into my jail directory.
I've also created a new user called Alex and password= Alex

I login using: Ssh root@localhost (success)
But when key in: su - Alex
Msg return : su:incorrect password

I tried this command too:
Chroot /home/jail /bin/su - Alex
Msg return : bin/su:incorrect password

Any expert can guide me as I'm relative new to Linux.
I'm using Oraclelinux 6.8 OS

Passwords are kept in /etc/shadow. Did you create user Alex inside the jail or on the host? Do /home/jail/etc/shadow and /home/jail/etc/passwd contain Alex?

Hi berndbausch

Forgot to mention that I also did copy over the shadow file into my jail directory.

Both shadow and passwd file in my jail directory contain Alex and other user accounts.

You probably followed instructions at https://docs.oracle.com/cd/E37670_01...l/ch24s05.html, but to use su, you need more than that.
For example, su uses PAM for authentication, which requires /etc/pam.d and of course also all PAM binaries (which might be under /lib64). Try again after copying /etc/pam.d to the jail.

Apart from /bin, you may also want to have binaries under /usr/bin, /sbin and /usr/sbin in your jail. This depends on what exactly you want to achieve.

By the way, since the various bin and lib directories are essentially read-only, you are better off just bind-mounting them similarly to this:
However, /etc should be copied rather than bind-mounted, since it contains files that will be written from within the jail.

Hi,

After copying pam.d over to my /home/jail/etc/

I tried just "su" and "su - Alex" command
Msg return : could not open session

I am not smarter than Google, I am afraid. An internet search for "could not open session" pam comes up with several results, including the rather promising https://access.redhat.com/solutions/303373.