Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
09-23-2005, 04:28 PM
|
#1
|
LQ Newbie
Registered: Sep 2005
Posts: 12
Rep:
|
Chroot jail
Hi,
Is there someone who has got successful in making a chroot jail?
I have made one following some steps in different tutorials which I have found in the web, but I continue getting the same error:
This is the error if I make a telnet connection:
Sorry, user luser is not allowed to execute '/usr/sbin/chroot
/home/ /bin/su as root on lacosta.aeroxe.com
Connection closed by foreign host.
And this is the error if I intend an ssl connection from inside the system:
/bin/su: user luser does not exist
Connection to localhost closed.
Of course that the luser exists and he has the right to run the sudo command:
luser ALL= NOPASSWD: /usr/sbin/chroot /home/luser /bin/su luser*
So, if there is someone who has got successful, please could you give me a hand.
Thanks a lot,
Pachanga
|
|
|
09-23-2005, 08:42 PM
|
#2
|
LQ Addict
Registered: Jul 2002
Location: East Centra Illinois, USA
Distribution: Debian stable
Posts: 5,908
|
Have you tried running, from your favorite browser, www.google.com/linux, and using the search keywords "chroot jail"? There is a lot to read.
|
|
|
09-24-2005, 09:59 AM
|
#3
|
LQ Newbie
Registered: Sep 2005
Posts: 12
Original Poster
Rep:
|
As I wrote above I have read different tutorials but the final result is the same.
|
|
|
10-16-2005, 02:55 AM
|
#4
|
Member
Registered: Feb 2004
Location: Finland
Distribution: Mandrake 10.0
Posts: 70
Rep:
|
I had a same problem, when I tried it. Have you solved the problem. If you have, please tell me how. 
|
|
|
10-18-2005, 02:43 PM
|
#5
|
LQ Newbie
Registered: Sep 2005
Posts: 12
Original Poster
Rep:
|
At the moment I haven't had time to read more about chroot jail but if I get success, don't worry that I write it down here.
|
|
|
01-24-2006, 06:52 AM
|
#6
|
Member
Registered: Nov 2004
Location: Netherlands (east)
Distribution: debian, suse, novell linux desktop
Posts: 81
Rep:
|
It seems that there are a lot of people with this problem so i am glad i am not the only one, only the problem is there are not as much answers as questions.
anyone of you already got it working?
ok, here is my storie:
* i set up a chroot-jail completely following the manual and double checked for typo's  .
*i tried to log in, but /bin/su says: /bin/su: user xxx does not exist.
*yes, i have /home/xxx/etc/passwd and group setup right.
*when i do just: chroot /home/xxx it works fine
*when i do in that manual chroot: whoami , then: whoami: cannot find username for UID 0
*i say in the manual chroot: cat /etc/passwd en this is the output:
root:x:0:0:root:/:/bin/bash
xxx:x:1013:100::/home/xxx:/bin/bash
*so: /bin/su is not watching in my /home/xxx/etc/passwd, and yes rights are ok
this is what i have now, i am still messing around with it and if i make some progress i'll post it here or someone has to post a solution here  .
cheers!
|
|
|
01-24-2006, 07:09 AM
|
#7
|
Member
Registered: Nov 2004
Location: Netherlands (east)
Distribution: debian, suse, novell linux desktop
Posts: 81
Rep:
|
ok one step ahead,
i just got a little frustrated so i copied everything inside /lib to /home/xxx/lib and after that the same with /lib64 (yep 64bit  . so now:
/bin/su: incorrect password
cheers
|
|
|
01-24-2006, 08:14 AM
|
#8
|
Member
Registered: Feb 2004
Posts: 781
Rep: 
|
You can try Jail Kit.
I have it installed on my webserver for SSH and it works perfect.
Regards, Boby.
|
|
|
01-28-2006, 05:53 PM
|
#9
|
LQ Newbie
Registered: Sep 2005
Posts: 12
Original Poster
Rep:
|
success creating chroot-jail
Hi gays. I have good news.
I could make a chroot-jail; go to this link: http://www.fuschlberger.net/programs...p-chroot-jail/ and download the script named: make_chroot_jail.sh
This script makes everything; it create the jail, users, delete users, add execute programms; etc
For testing the jail you have to do it in ssh or make(su username) from localhost; but not using telnet because doesn't work.
I ran the script under fedora core 3 kernel 2.6.12-1.1381_FC3,i686 athlon i386 and works fine.
I hope you all have success.
good luck, pachanga
|
|
|
04-15-2008, 12:47 PM
|
#10
|
Senior Member
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305
Rep: 
|
Hi Pachanga,
I have used the above mentioned script http://www.fuschlberger.net/programs...p-chroot-jail/ and ran it as
Code:
./make_chroot_jail.sh jdoe /bin/bash /home/jail/./home/jdoe
Now, I need to give full access to other two directories to jdoe, say /tmp1 and /tmp2 which at present I cannot access when I login as ssh jdoe@localhost.
Here, I am pasting my variables.
Quote:
-bash-3.1$ set
BASH=/bin/sh
BASH_ARGC=()
BASH_ARGV=()
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="3" [1]="1" [2]="17" [3]="1" [4]="release" [5]="i686-redhat-linux-gnu")
BASH_VERSION='3.1.17(1)-release'
COLUMNS=157
DIRSTACK=()
EUID=501
GROUPS=()
HISTFILE=/home/jdoe/home/jdoe/.bash_history
HISTFILESIZE=500
HISTSIZE=500
HOME=/home/jdoe/home/jdoe
HOSTNAME=RHEL
HOSTTYPE=i686
IFS=$' \t\n'
LD_LIBRARY_PATH=/usr/kerberos/lib
LINES=52
LOGNAME=jdoe
MACHTYPE=i686-redhat-linux-gnu
MAIL=/var/mail/jdoe
MAILCHECK=60
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/home/jdoe/home/jdoe/bin
PIPESTATUS=([0]="0")
PPID=18143
PS1='\s-\v\$ '
PS2='> '
PS4='+ '
PWD=/home/jdoe/home/jdoe
SHELL=/bin/bash
SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
SHLVL=1
SSH_CLIENT='127.0.0.1 43358 22'
SSH_CONNECTION='127.0.0.1 43358 127.0.0.1 22'
SSH_TTY=/dev/pts/0
TERM=xterm
UID=501
USER=jdoe
_=set
-bash-3.1$
|
How, can I modify the script to achieve this ????
Pls help.
Thanks.
|
|
|
09-24-2008, 07:17 PM
|
#11
|
LQ Newbie
Registered: Nov 2006
Posts: 3
Rep:
|
Solution for error message " /bin/su: user guest does not exist "
Hi all,
I have used make_chroot_jail.sh from
http://www.fuschlberger.net/programs...p-chroot-jail/
and I had also hard times to figure out why I'm getting following error message:
su - guest
/bin/su: user guest does not exist
I'm running 64bit OpenSuSE 10.3. Finally, I have found solution - following libraries were missing
==========================================================================
cp /lib64/libnss_compat.so.2 /lib64/libnss_files.so.2 /lib64/libnss_dns.so.2 /lib64/libxcrypt.so.1
${JAILPATH}/lib64/
cp -r /lib64/security ${JAILPATH}/lib64/
==========================================================================
Good luck!
Jiri
|
|
|
09-25-2008, 07:10 AM
|
#12
|
Senior Member
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305
Rep: 
|
Quote:
Originally Posted by hladky.jiri
Hi all,
I have used make_chroot_jail.sh from
http://www.fuschlberger.net/programs...p-chroot-jail/
and I had also hard times to figure out why I'm getting following error message:
su - guest
/bin/su: user guest does not exist
I'm running 64bit OpenSuSE 10.3. Finally, I have found solution - following libraries were missing
==========================================================================
cp /lib64/libnss_compat.so.2 /lib64/libnss_files.so.2 /lib64/libnss_dns.so.2 /lib64/libxcrypt.so.1
${JAILPATH}/lib64/
cp -r /lib64/security ${JAILPATH}/lib64/
==========================================================================
Good luck!
Jiri
|
Hi Jiri,
Are you running the script like this
Code:
./make_chroot_jail.sh jdoe /bin/bash /home/jail/./home/jdoe
This is for jdoe user.
Regards,
vIKAS
|
|
|
09-26-2008, 05:15 AM
|
#13
|
LQ Newbie
Registered: Nov 2006
Posts: 3
Rep:
|
Hi Vikas,
I'm running script like this:
make_chroot_jail.sh guest
It will create user guest and create/copy all necessary files to /home/jail
It will also create restricted shell /bin/chroot-shell:
==============================================================
#!/bin/sh
/usr/bin/sudo /usr/bin/chroot /home/jail /bin/su - $USER "$@"
==============================================================
You cannot use "/bin/bash" as restricted shell.
Jiri
|
|
|
All times are GMT -5. The time now is 03:52 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|