[SOLVED] chroot error "cannot change root directory to /jail: Operation not permitted"
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
chroot error "cannot change root directory to /jail: Operation not permitted"
Hi
I am trying to create a jailed shell for a user Don($UID '500') using my own method(I don't want to use any ready-made "jailkit"). The user don should get a home directory /jail/don instead of /home/don when he login via SSH (So that he will not able to see any other files/directories on the system)
This is what I have done.
Quote:
1. Created a directory /jail & copied don's home,/lib & /bash directoris to /jail.
After doing this I am able to chroot to /jail as a root user.
ie: #chroot /jail
2. Modified /etc/profile file, & added following entries at the bottom of the file.
Code:
if [ $UID -eq 500 ]
then
cd /jail/$USER
fi
It works without any issue ....Home directory changes to /jail/don when I ssh to the system as user don.
ie: #ssh don@192.168.0.66
Then I added a chroot command to this code.
Code:
if [ $UID -eq 500 ]
then
cd /jail/$USER
chroot /jail/$USER
fi
Unfortunately , now I am getting an error message saying that "chroot: cannot change root directory to /jail: Operation not permitted" .. I am not sure how to rectify this error ...Please help ... Is my approach correct to get a jailed shell using /etc/profile file ?
Last edited by Soji Antony; 04-18-2011 at 09:34 AM.
chroot only works if you are root. When you log in as don he is now the user and the chroot will fail. I would sugest you look at rssh (restricted shell).
Off the top of my head, but there are probably better ways. Depending on how resticted you need him to be and what you want him to be able to do, and how good of a linux person he is. You could remove all the paths from PATH and alias only the command you want him to use. Example grep" would be alias to /usr/bin/grep or something like that. That might be what you want? I don't really like this idea and it requires a lot of maintanence on your part. But, too each their own. I still recommend you look into rsh. Just some thougts....
Yes, change the PATH in the users .bash_profile in their home directory only, not in /etc.
This give control for a user to modify their own environment. However if you change the path and such they will not be able to get to it to change it back effectively locking them into whatever environment you set up.
The above results shows that root is the owner & he has the permission to execute /etc/profile file commands. So, when a user logs in and access the command line, does /etc/profile file commands gets executed as root or as the user????
It should work. You need to give execute permission to /root/chrt.sh
Code:
chmod +x /root/chrt.sh
I forgot to add that step in my last post. Also you need to copy /lib & /bash directoris to /jail/don before executing chroot command [depending on the command you want him to use].
>If this works for you, it means the user got a root access within jail. >He can now easily "escape" jail, and get to the real files.
As far as I know the user will get root permission only when he execute chroot command.
Last edited by Soji Antony; 05-23-2011 at 08:31 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.