Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I found the chrootjail project off sourceforge and began playing with it, Ive created a jail, and it works to well I might say. The users in the jail were unable to change their own passwords and were unable to make any sort of connection out side the box ie unable to use BitchX etc. With th passwd command not working I ldd'd it and added the needed libs that it read back to me. But when the user logged in and tried to use it they got a error like this,
-jail-2.05b$ passwd
passwd: Cannot determine your user name.
-jail-2.05b$
I was told that the problem more likely applied to the passwd, and shadow files. but they seemed to check out fine? Please help
-jason
passwd: Cannot determine your user name.
Stupid question, but is the user in the chrooted passwd file?
Did you add *all* the necessary PAM configs and libraries?
What are the permissions on the passwd/shadow/group files?
If perms are OK, could you run a strace on passwd in the jail?
(Please keep the strace output as reference and post only errors)
BTW, I'd like to point out that running any setuid root application in a chroot should be avoided as much as possible, and that running a Grsecurity-patched kernel has additional security benefits to curb risks, auditing and logging.
Yea the passwd entry's them selves appear correct in side the jail. As far as adding all necessary pam configs and libs, Im not to sure. I cp -R the whole /etc dir and /lib hoping that that would ensure i didnt miss anything. Permissions for passwd etc are
-rw-r--r-- 1 root root 1140 Oct 19 18:00 passwd
-rw-r----- 1 root root 689 Oct 18 14:03 shadow
-rw-r--r-- 1 root root 481 Oct 18 14:03 group
ran a strace on passwd, and came up with alot of unreadable data to me, didnt seem to find any out standing error msg's.
ran a strace on passwd, and came up with alot of unreadable data to me, didnt seem to find any out standing error msg's.
grep <strace.log> -e "=.-1", stuff like EACCESS and any ENO.*
Originally posted by f1uke
The users in the jail were unable to change their own passwords and were unable to make any sort of connection out side the box ie unable to use BitchX etc. With th passwd command not working I ldd'd it and added the needed libs that it read back to me.
check out Jailkit, it has many handy tools to setup a chroot shell, and also to test it if it is safe (not unimportant!). It has a utility that automatically copies all the required libraries to a chroot jail, and also a utility that can for example copy all files required for basic networking.
It overlaps quite a bit with the chrootjail project (it has comparable utilities), but IMHO jailkit ismuch nicer.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.