Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just followed the procedure described in http://www.tjw.org/chroot-login-HOWTO/ and for some reason, I get kicked out with msg: "sorry." and goes back to prompt.
This is what I see via "tail -f /var/log/messages" when I try the login:
Jan 19 22:40:23 cthulhu sudo: test : TTY=tty1 ; PWD=/home/test ; USER=root ; COMMAND=/usr/sbin/chroot /home/test /bin/su - test
(it's the same result when I try to logon via a ssh session)
when I do "root@cthulhu:~# chroot /home/test /bin/su - test" I also get:
Sorry.
Anybody have an idea here? I must be overlooking something maybe trivial to experienced users.
Yes, I forgot that it looks for /home/test/bin/sh and not for /home/test/bin/bash which is the shell I use and will also user for jailed users. So I just add a link from sh -> bash and try that.
/home/test/usr:
total 8
drwxr-xr-x 2 root root 4096 2005-01-12 15:27 .
drwx--x--x 9 test users 4096 2005-01-19 21:47 ..
/home/test/var:
total 8
drwxr-xr-x 2 root root 4096 2005-01-12 15:27 .
drwx--x--x 9 test users 4096 2005-01-19 21:47 ..
But....
In the tutorial, when they add the user, he's given /tmp as homedirectory.
I used /home/test as homedir in the real passwd file. Maybe that's the problem, I'll fix that too and thinking of it, should I make also a shadow passwd file in /home/test/etc ?
edit := this didn't work either
the sudo file has the following entry:
test cthulhu= NOPASSWD:/usr/sbin/chroot,/home/test,/bin/su - test
ok, well i ran through the tutorial myself... and it worked..... :-s well... it's chucking me straight out again, but i think i got past whatever it is that's hanging up on you, i never got a "sorry" at all...
make sure that you're trying to log in correctly. get a real virtual terminal, (not a bad contradiction....) and not just su-ing to the user. I also found that their chroot-shell script had chroot in a different location. I think what got me past those missing /bin/sh errors was setting the /home/test/etc/passwd details, which were possibly causing permissions issues. but i never really saw anything major... maybe just trying again from scratch in a different jailed home will give you better results.
yes, I think I'll try the whole thing all over again...
get a real virtual terminal, (not a bad contradiction....) and not just su-ing to the user.
=> There you lost me, what command do I use to get a "real" virtual terminal ? :-)
And about the user properties in the passwd file, I also changed that yesterday but that didn't help.
Another thing I don't understand is the following, when I try to su the user test as root or as another user, I get the following:
root@cthulhu:~# su test
/usr/sbin/chroot: cannot run command `/bin/su': No such file or directory
=> the message looks pretty clear but it's all a lie.... I can find the /bin/su without any trouble.
root@cthulhu:/bin# ll | grep su
-rws--x--x 1 root bin 35780 2004-06-21 21:20 su
lrwxrwxrwx 1 root root 13 2004-10-12 23:39 sulogin -> /sbin/sulogin
And also:
root@cthulhu:/bin# ll /home/test/bin | grep su
-rwx--x--x 1 root root 35780 2005-01-19 22:19 su
=> hmm, maybe I just answered my own question: rwx instead of rws => I forgot to set the superuser bit in the file permissions.
Originally posted by acid_kewpie i mean make sure you're trying to log in in a full login outisde of X. i found that if i just su in, i take the wrong usernames with me
Thanks, but I don't use X. Only command line... I didn't even install X or gnome or kde on my system when the install (slack10) asked for it :-)
I think I moved a little bit further in finding a solution here.
Stupid I: I put the following in sudo file:
test ALL= NOPASSWD:/usr/sbin/chroot,/home/test,/bin/su - test => I was looking at this as three different commands and instead, it should be only the command chroot with the nec. parameters.
It should be:
test ALL= NOPASSWD:/usr/sbin/chroot /home/test /bin/su test
I found that when doing: su - test and su test.
However, the problem still remains:
root@cthulhu:~# su test
Sorry, user test is not allowed to execute '/usr/sbin/chroot /home/lieven /bin/su - lieven' as root on cthulhu.
=> yeah, it is idd using my $LOGNAME because of the login script.
maybe I'm close to a solution now, hopefully...
But still, there is something wrong with the following: (I did USER=LOGNAME=test and then export user, export logname)
root@cthulhu:/home/test/etc# echo $USER
test
root@cthulhu:/home/test/etc# echo $LOGNAME
test
root@cthulhu:/home/test/etc# su test
Sorry, user test is not allowed to execute '/usr/sbin/chroot /home/test /bin/su - test' as root on cthulhu.
When I try to logon as test, I see the following line appear:
...
Jan 20 14:31:14 cthulhu sshd[1131]: Accepted password for test from 195.212.29.75 port 65277 ssh2
so the ssh accepts the real password but then, the test user is supposed to execute the /bin/chroot-shell script and there, he stumbles upon the chroot command which he has sudo permission for. At that time, he's still in the real system and after that sudo chroot command, he should be in the jail but according to the /var/log/messages, that command is never executed.
It looks like the login with test works but I don't know why I'm being thrown back out...
I adapted the chroot-shell with some pseudo-debug code:
logger "logging on user without parameters: $USER"
sudo /usr/sbin/chroot /home/$USER /bin/su - $USER
logger "login ok, chroot comply"
and when I do the logon, I see the following in /var/log/messages:
Jan 20 15:00:01 cthulhu sshd[1240]: Accepted password for test from 195.212.29.83 port 34628 ssh2
Jan 20 15:00:01 cthulhu test: logging on user without parameters: test
Jan 20 15:00:01 cthulhu test: login ok, chroot comply
=> But why is the "sudo /usr/sbin/chroot /home/$USER /bin/su - $USER" not appearing in the logs? I know it should! All sudo commands are logged as far as I know.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.