Issue
So I am trying to chroot all the users who are in group www to the directory /var/www. But I every time I try to do that, it comes back saying the group doesn't exist. (even though the group does exist)
[root@server var]# cat /etc/fedora-release
Fedora release 26 (Twenty Six)
[root@server var]# groupadd -r www
[root@server var]# groupmod -R /var/www www
groupmod: group 'www' does not exist
[root@server var]# ls -la
drwxrwxrwx. 5 root www 46 Jul 12 06:44 www
As you can see the error message is less than helpful. I have looked around on stackoverflow but haven't come across an answer to this specific question yet.
Can anyone shed some light on what I am doing wrong?
Solution
That is not what groupmod -R does. What it means is that the groupmod program will chroot into the directory, and then do everything. It’s intended for when you have one system mounted inside another, such as if you booted from a live USB drive to make changes to a broken system.
Once groupmod has run chroot, it looks in the /var/www/etc/group file to figure out what group ID www corresponds to, which of course fails because if your system is at all sanely set up you don’t have a var/www/etc/group file.
I do not know how to make sure all processes by a specific user run in a chroot, and I don’t think that’s the right way to achieve your goal. If a program is chrooted into /var/www, it doesn’t have access to any of the utilities it might expect, like the web server executable. Instead, I would look at the documentation of your web server and see if it supports this directly, or see if you can get a custom mount namespace using systemd.
Answered By - Daniel H
