chroot in two mini distros (Tiny Core and SliTaz): chroot jail appears 'blind'. Chroot can't find any files in the jail and exit with error code. Example (ugly):
This is my first post, so bear over with me. I have a user that runs a process that controls servers. Every server has its own directory. The "server" is a .jar. The server gets started with a .sh script. I want the server to be jailed to it's folder, however it aint possible to run chroot because its not a superuser. What can I do? I've found out that jk_uchroot should do so I can run chroot as another user, however I cant get it to work properly and I cant find any good howto's or better documentation about it.
I would like to create a logon script, for specific user, under ssh connection, to backup several directories in a USB device; this backup will run when the device was plugged in and the user logs in server. My knowledge of linux isn't very deeply now, and some questions are in my head. I would like to make this in a chroot jail, and the user log in through ssh connection doesn't have to make nothing, the logon script will mount the USB device and make the backup (using rsync or whatever), and exit the ssh connection when it finish.
But the questions are:
- is possible to a user in a chroot jail mount a USB device?
- from this jail, the directories outside of the jail could be available or need to be bind or something for this task?
- it will be better to "jail" all the directories to backup, inside de chroot path (almost would be samba sharing for Windows clients)?
i'm on 9, x86_64, and have successfully created chrooted SFTp users following this [URL] tutorial. however, i need to get into the sftp account programmatically to move and delete the deposited files. so i enabled ACL and set setfacl -R -m u:$USER:rwx,d:u:$USER:rwx /home/$SFTPUSER
this works well EXCEPT that now the sftp user cannot log in. the latter, of course, is the problem at hand! it's driving me crazy. as soon as i remove the acl and revert back to the plain old chmod/chown scheme, the sftp user can log in ... but i can't delete files in the sftp account. i tried to set facl to the sftp group ('jailed') but to no avail.
I am unable to send emails throught smtp class with auth server. Whenever i send the email even throught mybb smtp class in forum i see blank page and apache logs shows: Code: [Thu Jul 29 16:41:49 2010] [notice] child pid 23716 exit signal Segmentation fault (11) any idea what i have to add for proper work of this?
How to allow users to change their password in chrooted ssh as long as the modifications in the shadow file in the chrooted environment will not be applied on the system itself ?
I had to copy the lib64 libs since I am working on a Cent OS 5.5 Xen VM. And used username enemy-territory instead of et adjusting the relevant init script lines accordingly. I am able to run "chroot /usr/local/enemy-territory" and get to shell, I am root when I run that, of course.
starting /enemy-territory/etded I get: [I have no name!@cobra /]#/enemy-territory/etded
bash: /enemy-territory/etded: /bin/sh: bad interpreter: Permission denied
starting /enemy-territory/etded.x86 I get:
[I have no name!@cobra /]#/enemy-territory/etded.x86
ET 2.55 linux-i386 May 27 2003 ----- FS_Startup ----- Sys_Error: Unable to create directory "/root/.etwolf", error is No such file or directory(2)
I have set all files to be owned by root but are part of group enemy-territory. I can see the files in chroot.
Running the start script yields: [root@cobra local]#/etc/rc.d/init.d/rc.etded start [root@cobra local]#Could not find a PID for /usr/local/enemy-territory/enemy-territory/etded.x86!
[code]....
As any normal user I can run the program fine without problems. I am wanting the chroot setup, so I can limit collateral damage if we get hacked, and to allow me to have a non chroot location to store backup copies of the working directory.
If someone has physical access to a machine, they can boot up with a live cd and chroot in to the filesystem as root. 1) Is there any way of a bash script script knowing if the computer was booted regularly or if it was chrooted into? 2) Is there a way to have a script run automatically when the user chroots in?
Is it possible to see what are build-in, in a package? In example, freeradius lacks det TLS support, or exactly it lacks the EAP/PEAP support, which is requring TLS.
aptitude show freeradius gives this, and there are some required ssl packages, but is this the way to do it?code...
I have created a custom debian netinst USB stick. It has the default UK repositories in the sources list, but people in the US also need to use the stick from time-to-time.
Would it be a bad idea to mix US and UK repositories in the sources.list? Would Debian be clever enough to pick up the best repo depending on where the user is using the OS from? Or would I need to be a bit clever and create some sort of script to deal with this. (I am avoiding non-free/experimental software).
I've tried to compile certain things and after seeing dependency hell, I just aborted and would like to make sure that I have removed all non-Squeeze programs. Is there a terminal program that checks if every program that I have belongs to the Squeeze repository?
I was using Rhythmbox to listen to internet fine in Squeeze.After updating to Wheezy, some stations give me error "Could not determine stream type" - I think I have installed all the gstreamer packages - so how can I tell what is missing?
i am new to linux . i have the basic knowledge of networking. a week ago i installed debian Lenny version on an old pentium 3.in addition i installed a ddclient configured it according to many tutorials....i searched google a few days but didnt find my case.i ran the folowing command :
I have a droid phone, and I have ubuntu 9 running on it. This is done by chrooting since the phone runs a linux kernel. And it works... I have a question though. tightvncserver does work, and its able to listen on 127.0.0.1.. Its how you view your X session. So you chroot to Ubuntu, then start vncserver. Then switch back to android and login to ubuntu via vnc client. but apache, mysql, and postgresql do not work. Well. They dont seem too.. except for mysql. Mysql will start but only if you tell it not to use networking by saying skip-networking in my.cnf
Mysql says: mysqld cant create ip socket permission denied Apache2 says it can find 127.0.0.1 but doesnt actually run same with postgresql... All seem to be compiled with arm architecture. So why does tightvncwork? Why is it so special? How can it listen on the loop back (127.0.0.1) when nothing else can...
I have /proc and /dev bind to the chroot side. I can run ifconfig okay, and I can run /etc/init.d/networking start okay.. But apache2, mysql, etc have problems binding. I have removed apparmor even though technically its not running, but I removed it and its configuration files, just because I thought perhaps mysql looks at apparmor, but I doubted it.
I am using LVM2 and have shrinked my /home partition and extended my / partition but I'm not sure if I used all the free space when growing my / partition. How can I find out? I prefer using the terminal if there is a graphical way to do this but I would like to know both ways if there are two ways.
i have the basic knowledge of networking. a week ago i installed debian Lenny version on an old pentium 3. in addition i installed a ddclient configured it according to many tutorials.i searched google a few days but didnt find my case. i ran the folowing command :
I was wondering how can I determine among the modules loaded at boot which of them are really necessary and which are not, in order to reduce the boot process time and have a more "elegant" system start.
I know this theme is a little bit of complicated because it depends of the user's point of view and demand a high knowledge of which things are happening in your system but I need somewhere to start improving the performance of my debian system.
how to prepare (before issuing the chroot command) directory links out of a chroot environment. I have done a bunch of reading, but not yet experimenting, about chroot. I mostly understand its main purpose of creating an environment in which it is safer to run untrusted software. But I want to use it for some other things, involving trusted software.
I want to create a directory tree in which the various top level directories are links to various directories in the main directory tree. For example, when running on a Debian based 64 bit system (where /lib has 64 bit .so files) I might want to create a root in which /lib links to the directory containing 32 bit .so files (same as /lib32 normally links to).
IIUC, chroot blocks soft links from getting outside. So I could create a directory containing lib as the desired soft link, but if I did chroot to that directory, the link would no longer point where I wanted. Is that correct? IIUC, I can't do a hard link to a directory. Is that correct? How would you create a directory link that would point out of a chroot "jail"? (Yes I do understand that is contrary to the common purpose for a chroot).
From reading, again not yet experimenting, I think mounting an aufs might do it. It looks like aufs might be used to mount a directory into another directory. Is that correct? Am I missing some easier way to mount a directory into a directory? Would such an aufs mount link out of the chroot? Or suffer the same fate as a soft link?
On a 64 bit CentOS host I am using script make_chroot_jail.sh to put a user in a jail, not permitting it to see anything expect it's home at /home/jail/home/user1.
I did it typing this:
After, when trying to connect to user1 first i was getting an error like:
I have fixed this by copying some missed libraries:
But now, when trying to connect to user1 typing su user1 and then typing it's password, i am getting this error: could not open session
So the question is how to connect to user1 in this situation?
Here are the permissions of some files, this might be helpful in order to provide a solution:
After some modifications i managed to connect to user1, but the session closes immediately! I guess this a PAM issue, however cant find a way to fix it.
Here the log entry for close action from /val/log/secure:
What makes the session to exit immediately after launching?
I would like to create a logon script, for specific user, under ssh connection, to backup several directories in a USB device; this backup will run when the device was plugged in and the user logs in server. My knowledge of linux isn't very deeply now, and some questions are in my head. I would like to make this in a chroot jail, and the user log in through ssh connection doesn't have to make nothing, the logon script will mount the USB device and make the backup (using rsync or whatever), and exit the ssh connection when it finish.
Anyway the questions are:
- is possible that a user in a chroot jail mount a USB device?
- from this jail, the directories outside of the jail could be available or need to be bind or something for this task?
- it will be better to "jail" all the directories to backup, inside de chroot path (almost would be samba sharing for Windows clients)?
