LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-21-2002, 03:30 PM   #1
thecrab
LQ Newbie
 
Registered: Feb 2002
Location: Quebec, Canada
Distribution: RedHat and Mandrake
Posts: 9

Rep: Reputation: 0
Chroot users






I'm running RedHat 7.2. This is a ftp server. (proftpd)

I try to chroot my users on the server....
When the users connect with ftp there is no problems. They are chroot into home folder.
But if the users log directly on the server (with ssh or localy) (Normally they are not suppose to do that, but one day someone will try.... ) they can access everything..... (like a normal user)

Someone know what I have to do to chroot the users also on the server????
 
Old 02-21-2002, 05:17 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Maybe this part of "Securing and Optimizing Linux" (ok, its the RH ed., but that doesn't matter here) may help you understand why you shouldn't offer real shells to chroot ftp server users.
 
Old 02-26-2002, 02:34 PM   #3
thecrab
LQ Newbie
 
Registered: Feb 2002
Location: Quebec, Canada
Distribution: RedHat and Mandrake
Posts: 9

Original Poster
Rep: Reputation: 0
Thumbs up Thank you!

That was very helpful!

You found the solution to my problem!
Wow!

Thank you again!
 
Old 02-28-2002, 09:19 PM   #4
jonfa
Member
 
Registered: Mar 2001
Location: FL
Posts: 257

Rep: Reputation: 30
I followed this and my user can still get out of his directory. How can I test and see where my problem lies? Thanks.

Jon
 
Old 03-01-2002, 02:08 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Guess you gotta be more verbose than saying "I followed this and it didn't work".
If user logged in with ftp, look at your ftp/chroot configs, if by ssh, theres a way to chroot users but that only works with key auth, not passwd, and btw, are ssh and ftp user accounts different like it says in the howto? And did you read the whole ftp chapter?

Better post the steps you took to set up the chrooted users (also watch permissions/users) and post (the necessary parts of) your configs.
 
Old 03-01-2002, 03:07 AM   #6
jonfa
Member
 
Registered: Mar 2001
Location: FL
Posts: 257

Rep: Reputation: 30
You're right about my vagueness. Here is what I did:

1. useradd -d /var/ftp/myuser/ -s /dev/null myuser > /dev/null 2>&1

2. created directory in /var/ftp/myuser

3.edited /etc/shells file to include /dev/null

4.edited /etc/passwd to read:myuser:x:502:502::/var/ftp/./myuser/:/dev/null

5. I then set the permissions as described here:
http://www.linuxdoc.org/LDP/solrhe/S...p29sec296.html

What else do I need to do? As I said earlier "myuser" can get in ok, but he can navigate outside his directory. How can I check to verify the permissions are what they need to be and trap him in that the respectable directory?

Thanks,

Jon
 
Old 03-03-2002, 06:21 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Ok. Did you also read Wu-ftpd's guest-howto?
Are you using the "guest-root" directive or the /./ hack, cuz would set the chroot?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up chroot with existing users qwerty Linux - Security 1 11-03-2005 05:29 PM
chroot or keeping users to /home techrolla Linux - Security 9 06-22-2004 06:18 AM
proftp chroot multiple users waffe Linux - General 2 11-02-2003 12:11 AM
chroot jail sftp users f1uke Linux - Security 1 07-28-2003 11:29 AM
Making openSSH chroot users tunedLow Linux - Networking 5 02-25-2003 05:31 PM


All times are GMT -5. The time now is 10:06 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration