chown and chmod of /home/$USER

[qobi]

I installed GNURoot Debian on a Samsung Galaxy S6. I edited /etc/{passwd,group,shadow} to add my account. (I want my account to have the same uid/gid as all of my other machines. and I have other users and groups that I want to match other machines.) I then did mkdir /home/. But I am not able to chown /home/. And I am not able to chmod 755 /home/. It doesn't report any errors but doesn't do what was requested. Without doing this I can't really use this like a normal GNU/Linux machine. How do I fix this? Alternatively, how do I add users and groups? I realize that this might interfere somehow with the proot magic.

[tytso]

You can't, basically. Fundamentally as far as the underlying kernel is concerned, you are running under a single application (GNURoot Debian's) specific uid. So chown is something that you simply can't do. The proot magic is simply to make chown a no-op. Setuid is also emulated. So if you create a user in /etc/passwd, say "worf" with a uid of 1000, and then you run "su -l worf", and create files, they will appear as if they are owned as "worf" --- but if you then exit the su shell, and look at the file, you will see as if they are owned as "root".

In fact, they aren't owned as either. They are owned by some random uid which Android as assigned to the application. proot is make it appear that it is owned as whatever uid you happened to be logged in as, but it's all a fantasy maintained by proot.

This brings us to /sdcard. This is a magic shared space which is accessible by all applications. In fact this is done by modulating group access, and if the application has the privilege to modified the shared storage, it is added to the group that gives it write access to the directories under /sdcard. So chown and chmod won't work on /sdcard, because the GNURoot uid doesn't have the access to modify the ownership or permissions of /sdcard.

This is a fundamental limitation of proot, and so the best way to think of it is to assume that your GNURoot installation is for a single-user system. I have created an entry in /etc/passwd, and I will run under that user, but that's mainly as a convenience so that ssh will use by username by default when logging into a remote machine instead of using the username of "root". But there's fundamentally no way to have any kind of user or privilege separation while running inside GNURoot, precisely because in reality you are running under a single uid, and there's no place to store the fantasy uid that you are running under.

(Well.... in theory someone might be able to extend proot to try to store the fantasy uid as an xattr, and then proot could try to enforce the access controls synthetically when it intercepts system calls using ptrace, but it would be an ugly hack, and I'm not sure if Android gives userspace access to modify user xattrs in the first place.)

[qobi]

Thanks. I understood all that. What I was suggesting is doing all of what you describe in your last paragraph. I don't think it would be an ugly hack. It is basically the only thing you can do without rooting the Android device or using an emulator. It is also not that hard, at least conceptually. You don't need to use xattrs. You can store all of the "fantasy" file metadata (uid, gid, perms, ...) in an Android file. Basically, you have to do this if you want to be able to run most GNU/Linux programs. Many thing break if the file system doesn't maintain proper metadata.

I used to have a Nokia n900. The advantage was that I could rsync my whole environment back and forth between my desktop at work, my desktop at home, my laptop, and my pocket device. I would regularly carry a bluetooth keyboard in my pocket so that I could use it with my phone as a laptop replacement. I switched to Android and hope that GNURoot would allow me to do the same thing. But, too many things don't work so that I am unable to use my standard environment on GNURoot as a laptop replacment. (I don't use much fancy stuff on a regular basis. twm is my window manager. I live in emacs. And run LaTeX and Scheme->C.) I could root my device and install straight Debian in a chroot. It is just much easier and more desirable to avoid that if possible.