Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've setup a chroot environment by setting up /bin, /lib and /etc/passwd in the chroot environment /tmp/chrootdir. As a root user I can run "chroot /tmp/chrootdir" and it works just fine. But, when I run it as a regular user, I get:
"chroot: can't change root directory to /tmp/chrootdir: Operation not permitted"
I'd like to be chrooted into a new environment as someone other than root.
chroot is intended to be run only by root. That said, allowing users to chroot is a relatively common request.
Basically, to do this, you would need to write a setuid program that did the following:
*Chrooted to the appropriate directory
*Dropped the root privileges back to their old level
*Ran the program specified, or /bin/sh if nothing is specified.
This is a perfect task for a shell script, but UNIX systems don't like setuid scripts. So, you'd probably have to write that little thing in C. Or maybe someone else has already done so, google around.
chroot is intended to be run only by root. That said, allowing users to chroot is a relatively common request.
Hmmm, I was always under the assumption that a chrooted user that was still root was more insecure than a regular user in a chrooted environment. This is the only reason I'd rather be chrooted as a normal user rather than root. Is this not so? Is having a user chrooted as root secure enough?
I realize there are ways of getting around a chroot environment.
win32sux: Thanks, but I don't have sudo on this machine and would prefer not to put it on if at all possible
Hmmm, I was always under the assumption that a chrooted user that was still root was more insecure than a regular user in a chrooted environment. This is the only reason I'd rather be chrooted as a normal user rather than root. Is this not so? Is having a user chrooted as root secure enough?
I realize there are ways of getting around a chroot environment.
win32sux: Thanks, but I don't have sudo on this machine and would prefer not to put it on if at all possible
Untested, but I think it's should work.
Run chroot'ed sshd on non-standard port. (Non-standard port needed to preserve
ability ssh to this box as it was before)
Then users can ssh to this port and they should be chroot'ed
I agree. My suggestion was to have your setuid wrapper program *drop* it's root privileges once inside the chroot. So the user calls the setuid executable, but it only stays root long enough to call chroot().
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.