Hi,

Is there someone who has got successful in making a chroot jail?

I have made one following some steps in different tutorials which I have found in the web, but I continue getting the same error:

This is the error if I make a telnet connection:

Sorry, user luser is not allowed to execute '/usr/sbin/chroot
/home/ /bin/su as root on lacosta.aeroxe.com
Connection closed by foreign host.

And this is the error if I intend an ssl connection from inside the system:

/bin/su: user luser does not exist
Connection to localhost closed.

Of course that the luser exists and he has the right to run the sudo command:
luser ALL= NOPASSWD: /usr/sbin/chroot /home/luser /bin/su luser*

So, if there is someone who has got successful, please could you give me a hand.

Thanks a lot,
Pachanga

Have you tried running, from your favorite browser, www.google.com/linux, and using the search keywords "chroot jail"? There is a lot to read.

As I wrote above I have read different tutorials but the final result is the same.

I had a same problem, when I tried it. Have you solved the problem. If you have, please tell me how.

At the moment I haven't had time to read more about chroot jail but if I get success, don't worry that I write it down here.

It seems that there are a lot of people with this problem so i am glad i am not the only one, only the problem is there are not as much answers as questions.

anyone of you already got it working?

ok, here is my storie:

* i set up a chroot-jail completely following the manual and double checked for typo's .

*i tried to log in, but /bin/su says: /bin/su: user xxx does not exist.

*yes, i have /home/xxx/etc/passwd and group setup right.

*when i do just: chroot /home/xxx it works fine

*when i do in that manual chroot: whoami , then: whoami: cannot find username for UID 0

*i say in the manual chroot: cat /etc/passwd en this is the output:
root:x:0:0:root:/:/bin/bash
xxx:x:1013:100::/home/xxx:/bin/bash

*so: /bin/su is not watching in my /home/xxx/etc/passwd, and yes rights are ok

this is what i have now, i am still messing around with it and if i make some progress i'll post it here or someone has to post a solution here .

cheers!

ok one step ahead,

i just got a little frustrated so i copied everything inside /lib to /home/xxx/lib and after that the same with /lib64 (yep 64bit . so now:

/bin/su: incorrect password



cheers

You can try Jail Kit.

I have it installed on my webserver for SSH and it works perfect.

Regards, Boby.

Hi gays. I have good news.

I could make a chroot-jail; go to this link: http://www.fuschlberger.net/programs...p-chroot-jail/ and download the script named: make_chroot_jail.sh

This script makes everything; it create the jail, users, delete users, add execute programms; etc

For testing the jail you have to do it in ssh or make(su username) from localhost; but not using telnet because doesn't work.

I ran the script under fedora core 3 kernel 2.6.12-1.1381_FC3,i686 athlon i386 and works fine.

I hope you all have success.

good luck, pachanga

Hi Pachanga,

I have used the above mentioned script http://www.fuschlberger.net/programs...p-chroot-jail/ and ran it as

Now, I need to give full access to other two directories to jdoe, say /tmp1 and /tmp2 which at present I cannot access when I login as ssh jdoe@localhost.

Here, I am pasting my variables.



How, can I modify the script to achieve this ????

Pls help.

Thanks.

Hi all,

I have used make_chroot_jail.sh from
http://www.fuschlberger.net/programs...p-chroot-jail/

and I had also hard times to figure out why I'm getting following error message:

su - guest
/bin/su: user guest does not exist

I'm running 64bit OpenSuSE 10.3. Finally, I have found solution - following libraries were missing

==========================================================================
cp /lib64/libnss_compat.so.2 /lib64/libnss_files.so.2 /lib64/libnss_dns.so.2 /lib64/libxcrypt.so.1
${JAILPATH}/lib64/

cp -r /lib64/security ${JAILPATH}/lib64/
==========================================================================

Good luck!
Jiri

Hi Jiri,

Are you running the script like this

This is for jdoe user.

Regards,
vIKAS

Hi Vikas,

I'm running script like this:
make_chroot_jail.sh guest

It will create user guest and create/copy all necessary files to /home/jail

It will also create restricted shell /bin/chroot-shell:

==============================================================
#!/bin/sh
/usr/bin/sudo /usr/bin/chroot /home/jail /bin/su - $USER "$@"
==============================================================

You cannot use "/bin/bash" as restricted shell.

Jiri