LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-14-2008, 04:49 PM   #16
mosx86
LQ Newbie
 
Registered: Jan 2007
Posts: 4

Rep: Reputation: 0

Quote:
Originally Posted by Minstrel View Post
Shell can be anything, really, as the user shouldn't be able to gain a shell, but /bin/false means they can't do anything if they manage to.
I'll have to look into the options for installing /bin/false in Mac OS X, thank's for the tip.

Quote:
As for the directory ownership, root:admin should do the job - it's the root ownership that's most important.
I was able to chown to 0:0 (root:wheel).

The directory structure for the chroot jail is this:

/webhome/web

Here are the permissions for jail path:

/ permissions: drwxrwxr-t + 33 root admin 1224 Jul 10 11:10 .

/webhome permissions: drwxr-xr-x + 3 root wheel 102 Jul 10 11:10 .

/webhome/web permissions: drwxr-xr-x + 6 root wheel 204 Jul 7 11:32 .

subdirectories within web are chown/chmod'd with user permissions to write. (ie /webhome/web/site1/ etc)

If I comment out the jail settings in sshd_config, the jailed users are able to login just fine. Re-enabling the jail I get the error in /etc/secure.log: "fatal: bad ownership or modes for chroot directory component "/"" wether I ssh in or sftp in.
 
  


Reply

Tags
chroot, jail


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot jail Gimpy Linux - Software 10 05-07-2010 01:30 PM
Chroot jail pachanga Linux - General 12 09-26-2008 05:15 AM
Jail and chroot rogk Linux - Security 2 10-16-2005 02:20 AM
chroot jail etc. f1uke Linux - Security 5 08-24-2005 03:12 AM
chroot jail simon Linux - Security 3 08-05-2001 08:21 PM


All times are GMT -5. The time now is 07:45 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration