LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Chroot jail (http://www.linuxquestions.org/questions/linux-general-1/chroot-jail-366369/)

pachanga 09-23-2005 05:28 PM

Chroot jail
 
Hi,

Is there someone who has got successful in making a chroot jail?

I have made one following some steps in different tutorials which I have found in the web, but I continue getting the same error:

This is the error if I make a telnet connection:

Sorry, user luser is not allowed to execute '/usr/sbin/chroot
/home/ /bin/su as root on lacosta.aeroxe.com
Connection closed by foreign host.

And this is the error if I intend an ssl connection from inside the system:

/bin/su: user luser does not exist
Connection to localhost closed.

Of course that the luser exists and he has the right to run the sudo command:
luser ALL= NOPASSWD: /usr/sbin/chroot /home/luser /bin/su luser*

So, if there is someone who has got successful, please could you give me a hand.

Thanks a lot,
Pachanga

bigrigdriver 09-23-2005 09:42 PM

Have you tried running, from your favorite browser, www.google.com/linux, and using the search keywords "chroot jail"? There is a lot to read.

pachanga 09-24-2005 10:59 AM

As I wrote above I have read different tutorials but the final result is the same.

rogk 10-16-2005 03:55 AM

I had a same problem, when I tried it. Have you solved the problem. If you have, please tell me how. :)

pachanga 10-18-2005 03:43 PM

At the moment I haven't had time to read more about chroot jail but if I get success, don't worry that I write it down here.

goestin 01-24-2006 07:52 AM

It seems that there are a lot of people with this problem so i am glad i am not the only one, only the problem is there are not as much answers as questions.

anyone of you already got it working?

ok, here is my storie:

* i set up a chroot-jail completely following the manual and double checked for typo's ;).

*i tried to log in, but /bin/su says: /bin/su: user xxx does not exist.

*yes, i have /home/xxx/etc/passwd and group setup right.

*when i do just: chroot /home/xxx it works fine

*when i do in that manual chroot: whoami , then: whoami: cannot find username for UID 0

*i say in the manual chroot: cat /etc/passwd en this is the output:
root:x:0:0:root:/:/bin/bash
xxx:x:1013:100::/home/xxx:/bin/bash

*so: /bin/su is not watching in my /home/xxx/etc/passwd, and yes rights are ok

this is what i have now, i am still messing around with it and if i make some progress i'll post it here or someone has to post a solution here :).

cheers!

goestin 01-24-2006 08:09 AM

ok one step ahead,

i just got a little frustrated so i copied everything inside /lib to /home/xxx/lib and after that the same with /lib64 (yep 64bit ;). so now:

/bin/su: incorrect password

:study:

cheers

Boby 01-24-2006 09:14 AM

You can try Jail Kit.

I have it installed on my webserver for SSH and it works perfect.

Regards, Boby.

pachanga 01-28-2006 06:53 PM

success creating chroot-jail
 
Hi gays. I have good news.

I could make a chroot-jail; go to this link: http://www.fuschlberger.net/programs...p-chroot-jail/ and download the script named: make_chroot_jail.sh

This script makes everything; it create the jail, users, delete users, add execute programms; etc

For testing the jail you have to do it in ssh or make(su username) from localhost; but not using telnet because doesn't work.

I ran the script under fedora core 3 kernel 2.6.12-1.1381_FC3,i686 athlon i386 and works fine.

I hope you all have success.

good luck, pachanga

vikas027 04-15-2008 01:47 PM

Hi Pachanga,

I have used the above mentioned script http://www.fuschlberger.net/programs...p-chroot-jail/ and ran it as

Code:

./make_chroot_jail.sh jdoe /bin/bash /home/jail/./home/jdoe
Now, I need to give full access to other two directories to jdoe, say /tmp1 and /tmp2 which at present I cannot access when I login as ssh jdoe@localhost.

Here, I am pasting my variables.

Quote:

-bash-3.1$ set
BASH=/bin/sh
BASH_ARGC=()
BASH_ARGV=()
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="3" [1]="1" [2]="17" [3]="1" [4]="release" [5]="i686-redhat-linux-gnu")
BASH_VERSION='3.1.17(1)-release'
COLUMNS=157
DIRSTACK=()
EUID=501
GROUPS=()
HISTFILE=/home/jdoe/home/jdoe/.bash_history
HISTFILESIZE=500
HISTSIZE=500
HOME=/home/jdoe/home/jdoe
HOSTNAME=RHEL
HOSTTYPE=i686
IFS=$' \t\n'
LD_LIBRARY_PATH=/usr/kerberos/lib
LINES=52
LOGNAME=jdoe
MACHTYPE=i686-redhat-linux-gnu
MAIL=/var/mail/jdoe
MAILCHECK=60
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/home/jdoe/home/jdoe/bin
PIPESTATUS=([0]="0")
PPID=18143
PS1='\s-\v\$ '
PS2='> '
PS4='+ '
PWD=/home/jdoe/home/jdoe
SHELL=/bin/bash
SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
SHLVL=1
SSH_CLIENT='127.0.0.1 43358 22'
SSH_CONNECTION='127.0.0.1 43358 127.0.0.1 22'
SSH_TTY=/dev/pts/0
TERM=xterm
UID=501
USER=jdoe
_=set
-bash-3.1$


How, can I modify the script to achieve this ????

Pls help.

Thanks.

hladky.jiri 09-24-2008 08:17 PM

Solution for error message " /bin/su: user guest does not exist "
 
Hi all,

I have used make_chroot_jail.sh from
http://www.fuschlberger.net/programs...p-chroot-jail/

and I had also hard times to figure out why I'm getting following error message:

su - guest
/bin/su: user guest does not exist

I'm running 64bit OpenSuSE 10.3. Finally, I have found solution - following libraries were missing

==========================================================================
cp /lib64/libnss_compat.so.2 /lib64/libnss_files.so.2 /lib64/libnss_dns.so.2 /lib64/libxcrypt.so.1
${JAILPATH}/lib64/

cp -r /lib64/security ${JAILPATH}/lib64/
==========================================================================

Good luck!
Jiri

vikas027 09-25-2008 08:10 AM

Quote:

Originally Posted by hladky.jiri (Post 3290858)
Hi all,

I have used make_chroot_jail.sh from
http://www.fuschlberger.net/programs...p-chroot-jail/

and I had also hard times to figure out why I'm getting following error message:

su - guest
/bin/su: user guest does not exist

I'm running 64bit OpenSuSE 10.3. Finally, I have found solution - following libraries were missing

==========================================================================
cp /lib64/libnss_compat.so.2 /lib64/libnss_files.so.2 /lib64/libnss_dns.so.2 /lib64/libxcrypt.so.1
${JAILPATH}/lib64/

cp -r /lib64/security ${JAILPATH}/lib64/
==========================================================================

Good luck!
Jiri


Hi Jiri,

Are you running the script like this

Code:

./make_chroot_jail.sh jdoe /bin/bash /home/jail/./home/jdoe
This is for jdoe user.

Regards,
vIKAS

hladky.jiri 09-26-2008 06:15 AM

Hi Vikas,

I'm running script like this:
make_chroot_jail.sh guest

It will create user guest and create/copy all necessary files to /home/jail

It will also create restricted shell /bin/chroot-shell:

==============================================================
#!/bin/sh
/usr/bin/sudo /usr/bin/chroot /home/jail /bin/su - $USER "$@"
==============================================================

You cannot use "/bin/bash" as restricted shell.

Jiri


All times are GMT -5. The time now is 03:33 AM.