LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 09-23-2005, 04:28 PM   #1
pachanga
LQ Newbie
 
Registered: Sep 2005
Posts: 12

Rep: Reputation: 0
Chroot jail


Hi,

Is there someone who has got successful in making a chroot jail?

I have made one following some steps in different tutorials which I have found in the web, but I continue getting the same error:

This is the error if I make a telnet connection:

Sorry, user luser is not allowed to execute '/usr/sbin/chroot
/home/ /bin/su as root on lacosta.aeroxe.com
Connection closed by foreign host.

And this is the error if I intend an ssl connection from inside the system:

/bin/su: user luser does not exist
Connection to localhost closed.

Of course that the luser exists and he has the right to run the sudo command:
luser ALL= NOPASSWD: /usr/sbin/chroot /home/luser /bin/su luser*

So, if there is someone who has got successful, please could you give me a hand.

Thanks a lot,
Pachanga
 
Old 09-23-2005, 08:42 PM   #2
bigrigdriver
LQ Addict
 
Registered: Jul 2002
Location: East Centra Illinois, USA
Distribution: Debian Squeeze
Posts: 5,770

Rep: Reputation: 308Reputation: 308Reputation: 308Reputation: 308
Have you tried running, from your favorite browser, www.google.com/linux, and using the search keywords "chroot jail"? There is a lot to read.
 
Old 09-24-2005, 09:59 AM   #3
pachanga
LQ Newbie
 
Registered: Sep 2005
Posts: 12

Original Poster
Rep: Reputation: 0
As I wrote above I have read different tutorials but the final result is the same.
 
Old 10-16-2005, 02:55 AM   #4
rogk
Member
 
Registered: Feb 2004
Location: Finland
Distribution: Mandrake 10.0
Posts: 70

Rep: Reputation: 15
I had a same problem, when I tried it. Have you solved the problem. If you have, please tell me how.
 
Old 10-18-2005, 02:43 PM   #5
pachanga
LQ Newbie
 
Registered: Sep 2005
Posts: 12

Original Poster
Rep: Reputation: 0
At the moment I haven't had time to read more about chroot jail but if I get success, don't worry that I write it down here.
 
Old 01-24-2006, 06:52 AM   #6
goestin
Member
 
Registered: Nov 2004
Location: Netherlands (east)
Distribution: debian, suse, novell linux desktop
Posts: 81

Rep: Reputation: 15
It seems that there are a lot of people with this problem so i am glad i am not the only one, only the problem is there are not as much answers as questions.

anyone of you already got it working?

ok, here is my storie:

* i set up a chroot-jail completely following the manual and double checked for typo's .

*i tried to log in, but /bin/su says: /bin/su: user xxx does not exist.

*yes, i have /home/xxx/etc/passwd and group setup right.

*when i do just: chroot /home/xxx it works fine

*when i do in that manual chroot: whoami , then: whoami: cannot find username for UID 0

*i say in the manual chroot: cat /etc/passwd en this is the output:
root:x:0:0:root:/:/bin/bash
xxx:x:1013:100::/home/xxx:/bin/bash

*so: /bin/su is not watching in my /home/xxx/etc/passwd, and yes rights are ok

this is what i have now, i am still messing around with it and if i make some progress i'll post it here or someone has to post a solution here .

cheers!
 
Old 01-24-2006, 07:09 AM   #7
goestin
Member
 
Registered: Nov 2004
Location: Netherlands (east)
Distribution: debian, suse, novell linux desktop
Posts: 81

Rep: Reputation: 15
ok one step ahead,

i just got a little frustrated so i copied everything inside /lib to /home/xxx/lib and after that the same with /lib64 (yep 64bit . so now:

/bin/su: incorrect password



cheers
 
Old 01-24-2006, 08:14 AM   #8
Boby
Member
 
Registered: Feb 2004
Location: Sighisoara/Cluj-Napoca (Romania)
Distribution: CentOS 4, Fedora Core 6
Posts: 781

Rep: Reputation: 31
You can try Jail Kit.

I have it installed on my webserver for SSH and it works perfect.

Regards, Boby.
 
Old 01-28-2006, 05:53 PM   #9
pachanga
LQ Newbie
 
Registered: Sep 2005
Posts: 12

Original Poster
Rep: Reputation: 0
success creating chroot-jail

Hi gays. I have good news.

I could make a chroot-jail; go to this link: http://www.fuschlberger.net/programs...p-chroot-jail/ and download the script named: make_chroot_jail.sh

This script makes everything; it create the jail, users, delete users, add execute programms; etc

For testing the jail you have to do it in ssh or make(su username) from localhost; but not using telnet because doesn't work.

I ran the script under fedora core 3 kernel 2.6.12-1.1381_FC3,i686 athlon i386 and works fine.

I hope you all have success.

good luck, pachanga
 
Old 04-15-2008, 12:47 PM   #10
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,266

Rep: Reputation: 99
Hi Pachanga,

I have used the above mentioned script http://www.fuschlberger.net/programs...p-chroot-jail/ and ran it as

Code:
./make_chroot_jail.sh jdoe /bin/bash /home/jail/./home/jdoe
Now, I need to give full access to other two directories to jdoe, say /tmp1 and /tmp2 which at present I cannot access when I login as ssh jdoe@localhost.

Here, I am pasting my variables.

Quote:
-bash-3.1$ set
BASH=/bin/sh
BASH_ARGC=()
BASH_ARGV=()
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="3" [1]="1" [2]="17" [3]="1" [4]="release" [5]="i686-redhat-linux-gnu")
BASH_VERSION='3.1.17(1)-release'
COLUMNS=157
DIRSTACK=()
EUID=501
GROUPS=()
HISTFILE=/home/jdoe/home/jdoe/.bash_history
HISTFILESIZE=500
HISTSIZE=500
HOME=/home/jdoe/home/jdoe
HOSTNAME=RHEL
HOSTTYPE=i686
IFS=$' \t\n'
LD_LIBRARY_PATH=/usr/kerberos/lib
LINES=52
LOGNAME=jdoe
MACHTYPE=i686-redhat-linux-gnu
MAIL=/var/mail/jdoe
MAILCHECK=60
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/home/jdoe/home/jdoe/bin
PIPESTATUS=([0]="0")
PPID=18143
PS1='\s-\v\$ '
PS2='> '
PS4='+ '
PWD=/home/jdoe/home/jdoe
SHELL=/bin/bash
SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
SHLVL=1
SSH_CLIENT='127.0.0.1 43358 22'
SSH_CONNECTION='127.0.0.1 43358 127.0.0.1 22'
SSH_TTY=/dev/pts/0
TERM=xterm
UID=501
USER=jdoe
_=set
-bash-3.1$


How, can I modify the script to achieve this ????

Pls help.

Thanks.
 
Old 09-24-2008, 07:17 PM   #11
hladky.jiri
LQ Newbie
 
Registered: Nov 2006
Posts: 3

Rep: Reputation: 0
Solution for error message " /bin/su: user guest does not exist "

Hi all,

I have used make_chroot_jail.sh from
http://www.fuschlberger.net/programs...p-chroot-jail/

and I had also hard times to figure out why I'm getting following error message:

su - guest
/bin/su: user guest does not exist

I'm running 64bit OpenSuSE 10.3. Finally, I have found solution - following libraries were missing

==========================================================================
cp /lib64/libnss_compat.so.2 /lib64/libnss_files.so.2 /lib64/libnss_dns.so.2 /lib64/libxcrypt.so.1
${JAILPATH}/lib64/

cp -r /lib64/security ${JAILPATH}/lib64/
==========================================================================

Good luck!
Jiri
 
Old 09-25-2008, 07:10 AM   #12
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,266

Rep: Reputation: 99
Question

Quote:
Originally Posted by hladky.jiri View Post
Hi all,

I have used make_chroot_jail.sh from
http://www.fuschlberger.net/programs...p-chroot-jail/

and I had also hard times to figure out why I'm getting following error message:

su - guest
/bin/su: user guest does not exist

I'm running 64bit OpenSuSE 10.3. Finally, I have found solution - following libraries were missing

==========================================================================
cp /lib64/libnss_compat.so.2 /lib64/libnss_files.so.2 /lib64/libnss_dns.so.2 /lib64/libxcrypt.so.1
${JAILPATH}/lib64/

cp -r /lib64/security ${JAILPATH}/lib64/
==========================================================================

Good luck!
Jiri

Hi Jiri,

Are you running the script like this

Code:
./make_chroot_jail.sh jdoe /bin/bash /home/jail/./home/jdoe
This is for jdoe user.

Regards,
vIKAS
 
Old 09-26-2008, 05:15 AM   #13
hladky.jiri
LQ Newbie
 
Registered: Nov 2006
Posts: 3

Rep: Reputation: 0
Hi Vikas,

I'm running script like this:
make_chroot_jail.sh guest

It will create user guest and create/copy all necessary files to /home/jail

It will also create restricted shell /bin/chroot-shell:

==============================================================
#!/bin/sh
/usr/bin/sudo /usr/bin/chroot /home/jail /bin/su - $USER "$@"
==============================================================

You cannot use "/bin/bash" as restricted shell.

Jiri
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot jail Gimpy Linux - Software 10 05-07-2010 01:30 PM
Jail and chroot rogk Linux - Security 2 10-16-2005 02:20 AM
chroot jail etc. f1uke Linux - Security 5 08-24-2005 03:12 AM
chroot 'jail' -- opinions? mcleodnine Linux - Security 16 12-01-2003 09:32 PM
chroot jail simon Linux - Security 3 08-05-2001 08:21 PM


All times are GMT -5. The time now is 08:59 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration