LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-17-2003, 07:05 PM   #1
f1uke
Member
 
Registered: Jan 2003
Location: norfolk, VA
Distribution: suse 8.2, redhat 8.0
Posts: 60

Rep: Reputation: 15
chroot jail etc.


I found the chrootjail project off sourceforge and began playing with it, Ive created a jail, and it works to well I might say. The users in the jail were unable to change their own passwords and were unable to make any sort of connection out side the box ie unable to use BitchX etc. With th passwd command not working I ldd'd it and added the needed libs that it read back to me. But when the user logged in and tried to use it they got a error like this,

-jail-2.05b$ passwd
passwd: Cannot determine your user name.
-jail-2.05b$

I was told that the problem more likely applied to the passwd, and shadow files. but they seemed to check out fine? Please help
-jason
 
Old 10-17-2003, 07:06 PM   #2
f1uke
Member
 
Registered: Jan 2003
Location: norfolk, VA
Distribution: suse 8.2, redhat 8.0
Posts: 60

Original Poster
Rep: Reputation: 15
I also had another question, I currently have chrootkit and aid installed on the box. Are there any other recommended programs for detection?
 
Old 10-19-2003, 07:14 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,718
Blog Entries: 54

Rep: Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967
passwd: Cannot determine your user name.
Stupid question, but is the user in the chrooted passwd file?
Did you add *all* the necessary PAM configs and libraries?
What are the permissions on the passwd/shadow/group files?
If perms are OK, could you run a strace on passwd in the jail?
(Please keep the strace output as reference and post only errors)

BTW, I'd like to point out that running any setuid root application in a chroot should be avoided as much as possible, and that running a Grsecurity-patched kernel has additional security benefits to curb risks, auditing and logging.
 
Old 10-20-2003, 12:52 AM   #4
f1uke
Member
 
Registered: Jan 2003
Location: norfolk, VA
Distribution: suse 8.2, redhat 8.0
Posts: 60

Original Poster
Rep: Reputation: 15
Yea the passwd entry's them selves appear correct in side the jail. As far as adding all necessary pam configs and libs, Im not to sure. I cp -R the whole /etc dir and /lib hoping that that would ensure i didnt miss anything. Permissions for passwd etc are
-rw-r--r-- 1 root root 1140 Oct 19 18:00 passwd
-rw-r----- 1 root root 689 Oct 18 14:03 shadow
-rw-r--r-- 1 root root 481 Oct 18 14:03 group

ran a strace on passwd, and came up with alot of unreadable data to me, didnt seem to find any out standing error msg's.
 
Old 10-20-2003, 09:13 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,718
Blog Entries: 54

Rep: Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967
ran a strace on passwd, and came up with alot of unreadable data to me, didnt seem to find any out standing error msg's.
grep <strace.log> -e "=.-1", stuff like EACCESS and any ENO.*
 
Old 08-24-2005, 04:12 AM   #6
obituary
LQ Newbie
 
Registered: Jan 2005
Posts: 2

Rep: Reputation: 0
Re: chroot jail etc.

Quote:
Originally posted by f1uke
The users in the jail were unable to change their own passwords and were unable to make any sort of connection out side the box ie unable to use BitchX etc. With th passwd command not working I ldd'd it and added the needed libs that it read back to me.
check out Jailkit, it has many handy tools to setup a chroot shell, and also to test it if it is safe (not unimportant!). It has a utility that automatically copies all the required libraries to a chroot jail, and also a utility that can for example copy all files required for basic networking.

It overlaps quite a bit with the chrootjail project (it has comparable utilities), but IMHO jailkit ismuch nicer.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot jail Gimpy Linux - Software 10 05-07-2010 02:30 PM
Chroot jail pachanga Linux - General 12 09-26-2008 06:15 AM
Jail and chroot rogk Linux - Security 2 10-16-2005 03:20 AM
Setting up a chroot jail jayanth Linux - Security 1 05-06-2005 01:31 AM
chroot jail simon Linux - Security 3 08-05-2001 09:21 PM


All times are GMT -5. The time now is 08:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration