chroot error "cannot change root directory to /jail: Operation not permitted"
Hi
I am trying to create a jailed shell for a user Don($UID '500') using my own method(I don't want to use any ready-made "jailkit"). The user don should get a home directory /jail/don instead of /home/don when he login via SSH (So that he will not able to see any other files/directories on the system) This is what I have done. Quote:
Code:
if [ $UID -eq 500 ] |
Only superuser can "chroot".
Why did you want to add "chroot /jail" to a user profile, what do you intend to do with that command? |
chroot only works if you are root. When you log in as don he is now the user and the chroot will fail. I would sugest you look at rssh (restricted shell).
Off the top of my head, but there are probably better ways. Depending on how resticted you need him to be and what you want him to be able to do, and how good of a linux person he is. You could remove all the paths from PATH and alias only the command you want him to use. Example grep" would be alias to /usr/bin/grep or something like that. That might be what you want? I don't really like this idea and it requires a lot of maintanence on your part. But, too each their own. I still recommend you look into rsh. Just some thougts.... |
Hi stevenz,
I have added that command in /etc/profile file so that it will executed each time he login & will get a jailed shell. Hi shawley Quote:
Thanks ... |
Yes, change the PATH in the users .bash_profile in their home directory only, not in /etc.
This give control for a user to modify their own environment. However if you change the path and such they will not be able to get to it to change it back effectively locking them into whatever environment you set up. |
Hi
I have one more doubt regarding /etc/profile file. Code:
#getfacl /etc/profile Plz help .... |
Thank you all for posting ......
Finally it worked ... I wrote a bash script to execute chroot command & called that from a c program( With SUID bit set ). Code:
#tail -5 /etc/profile Code:
#include <stdio.h> Code:
make call-script call-script.c Code:
#!/bin/bash |
I fail to see how it would work, since my own replication had "Permission denied".
If this works for you, it means the user got a root access within jail. He can now easily "escape" jail, and get to the real files. |
Hi
It should work. You need to give execute permission to /root/chrt.sh Code:
chmod +x /root/chrt.sh >If this works for you, it means the user got a root access within jail. >He can now easily "escape" jail, and get to the real files. As far as I know the user will get root permission only when he execute chroot command. |
All times are GMT -5. The time now is 06:05 AM. |