Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Did you add a "session required /lib/security/pam_chroot.so" line to /etc/pam.d/login? And AFAIK it isn't necessary to specify a ftp-style chroot home in passwd like the /dir/dir./dir you added.
Also note for a chroot to work you need to add some basic config files, libraries and GNU utilities to the chroot. The 1st sticky thread in the Linux - Security forum has some docs on chrooting, it's the 4th post, titled "Chroot, chrooting, jailing, comparimization".
Thanks alot for your reply.. I search on the forum alot but I think I could see that one.
As you said, I add "session required /lib/security/pam_chroot.so" to /etc/pam.d/login.
But, in the documents I couldn't see anything what to do about :
"Also note for a chroot to work you need to add some basic config files, libraries and GNU utilities to the chroot"
Can you give me some more clue please?
As a newbie, it is really difficult to figure out it for me.. Probably I can not see it becuse I couldn't get the logic of it yet..
Originally posted by jayakrishnan AFAIK a normal user can only access his homw directory bt default
She wants the user to only be able to access his/her own directory. In a typical *nix system users can only write to their own homedir (and /tmp if given permission), but can still view most dirs like /bin /opt and so on... This is what she wants to avoid.
And the sanest way to do this is by chrooting the user to his/her own homedir. Therefore, when they do cd / it will actually take them to their homedir.
Ok, I am trying jail sw for chrooting now. I installed jail_1.9
I followed the document exactly.. Like this:
1) Create the user
/etc/passwd
test2:x:507:507::/var/chroot/:/usr/local/bin/jail
2) install the sw
3) create the chroot
/usr/local/bin/mkjailenv /var/chroot
adding sw on it
/usr/local/bin/addjailsw /var/chroot
adding users to chroot
/usr/local/bin/addjailuser /var/chroot /home/test2 /bin/bash test2
here is my user:
/var/chroot/etc/passwd
test2:x:507:507::/home/test2:/bin/sh
Thats all.. it is working.. But..
When I login with test2 user, I can change directory to /var/chroot (as my root directory) and I can see other user's directories and all directories under /var/chroot.
I don't want anyuser to see any other directory but his own home directory.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.