LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-18-2008, 06:07 PM   #1
uestrin
LQ Newbie
 
Registered: Mar 2008
Posts: 1

Rep: Reputation: 0
trying to create a chroot jail - letting user break out


Hi,

I'm trying to set up a chroot jail so that ssh users have limited access to filesystems/directories. I have followed an example and the /home/chroot/ diretory is set up and copied the necessary files I need.

I have setup a new user in group 100 and changed the /etc/passwd file to make the home directory /home/chroot/testuser - test user belongs to group 100.
testuser:x:510:100::/home/chroot/./home/testuser:/bin/bash

the group file in /home/etc/group has an entry.
users::100:

Where i logon to the server as testuser - it goes straight into the /home/chroot/testuser directory - so that is correct.

The major problem is, once logged in - the testuser can change to the "/" directory and access everything.

Any ideas?
thanks
 
Old 03-18-2008, 06:24 PM   #2
thebouv
Member
 
Registered: Aug 2007
Distribution: RHEL, Fedora, Ubuntu
Posts: 64

Rep: Reputation: 16
Quote:
Originally Posted by uestrin View Post
Hi,

I'm trying to set up a chroot jail so that ssh users have limited access to filesystems/directories. I have followed an example and the /home/chroot/ diretory is set up and copied the necessary files I need.
Care to share the example you followed?

Quote:
Where i logon to the server as testuser - it goes straight into the /home/chroot/testuser directory - so that is correct.

The major problem is, once logged in - the testuser can change to the "/" directory and access everything.
Well, then it's not set up right. If it were, "/" would be where they already were at. Share that example and maybe we can find out what's going on.
 
Old 03-19-2008, 03:20 PM   #3
magarus
LQ Newbie
 
Registered: Oct 2006
Posts: 14

Rep: Reputation: 0
Quote:
Originally Posted by uestrin View Post
Hi,

I'm trying to set up a chroot jail so that ssh users have limited access to filesystems/directories. I have followed an example and the /home/chroot/ diretory is set up and copied the necessary files I need.

I have setup a new user in group 100 and changed the /etc/passwd file to make the home directory /home/chroot/testuser - test user belongs to group 100.
testuser:x:510:100::/home/chroot/./home/testuser:/bin/bash

the group file in /home/etc/group has an entry.
users::100:

Where i logon to the server as testuser - it goes straight into the /home/chroot/testuser directory - so that is correct.

The major problem is, once logged in - the testuser can change to the "/" directory and access everything.

Any ideas?
thanks
Try this Link
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot jail pachanga Linux - General 12 09-26-2008 06:15 AM
Chroot jail user can't access internet proximity Linux - Security 12 06-27-2007 03:52 PM
Create /dev in chroot jail - mknod question The_JinJ Linux - General 1 12-14-2005 04:49 PM
how to create a chroot jail netcrusher88 Linux - Security 3 08-07-2005 02:12 AM
chroot() - not able to "create" a jail --TOL-- Linux - Security 7 05-23-2002 12:29 PM


All times are GMT -5. The time now is 06:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration