LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-14-2003, 03:19 PM   #1
f1uke
Member
 
Registered: Jan 2003
Location: norfolk, VA
Distribution: suse 8.2, redhat 8.0
Posts: 60

Rep: Reputation: 15
Red face passwd file within a jailed env


I have a jail within which users are not able to change thier passwords,

the main passwd file for a user looks like this


ill:YDHnwdhgYD:115:200::/home/jail:/usr/local/bin/jail
which then points to the passwd file with in the jail that looks like
ill:x:115:200::/home/ill:/bin/bash

the problem is when the user logs in they can change thier passwd, but it still will use the old passwd that i set for them. its wierd. So it's not reading the passwd file inside of the jail.
 
Old 12-18-2003, 10:37 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
When the user logs in, it's using auth from /etc, chroots them in /home/jail using /usr/local/bin/jail, and provides them with their shell from auth in /home/jail/etc. If you provide them with the "passwd" binary within the chroot, you should know that providing setuid root binaries is something you should do only after careful deliberation it does not open security holes. Second, from what I outlined roughly, you see that providing the binary within the chroot doesn't make sense, because /home/jail/etc auth isn't used for authentication (AFAIK).

If you're talking something like a shellserver here, there's probably other means of enabling users to change passwds, maybe something like a SSL-secured cgi script.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
chroot: cannot run command `/tools/bin/env': No such file or directory Basel Linux From Scratch 10 06-09-2018 02:15 PM
question about /etc/passwd file hongxing Linux - Software 2 11-30-2005 10:47 AM
Where can i find the passwd file? alice95089 Linux - Software 3 04-06-2005 10:01 PM
/etc/passwd file wedgeworth Linux - Software 1 10-09-2003 12:53 PM
GNU libc installation to setup cross compiler env - kernel header file TOO OLD !! tanch00 Linux - Software 1 02-06-2002 02:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration