Debian Multimedia :: How To Run X In Chroot
Apr 29, 2015How to run X in chroot ?
View 3 RepliesHow to run X in chroot ?
View 3 Repliesrecently we decided to make our own panel (like Plesk or cPanel) but for Ubuntu and it will be licenced under GPL (like any other professional sofware).want to make a panel not only that fits our needs but also the needs of other system administrators and domain owners. We researched other panels and found out that non of them has security/look/ease of use in one package. Bad codig is another problem found in other panels.I made a short overwiev of what I think we have to have in the beginning.I Security :1. Completely chroot enviornoment where every single service is in chroot mode (bind,mysql, postfix, .... )2. Easily managed IPtables trough web-based interface. 3. Coding rules has to be strict.
II Software selection :
1. MTA - Postfix
2. POP - dovecot
[code]....
I've been bashing around this for a couple of days, and could not find answer by using google. My debian 8.1.0 jessie runs perfectly fine. To perform SSH chroot jail, I issued an apt-get install makejail.
The ssh chroot environment runs great. I used makejail configuration scripts. The man pages are perfectly available from TTY login. Yet from a SSH session (chroot jailed) the man pages could not be found.
My MANPATH environment variable points at /usr/share/man
Running "mandb -c" from a SSH session as root tells:
0 man subdirectories contained newer manual pages.
0 manual pages were added.
0 stray cats were added.
0 old database entries were purged.
simply copying the contents of the /usr/share/man to /jail/usr/share/man
and running the "mandb -c" command gives lots of "dangling symlink" errors.
Perhaps the /jail directory need some dependent files, or change file permissions somewhere but I just couldn' t figure that out.
I tried to install Debian on my MyBook Live NAS following this [URL] ..... I was as happy as a sandboy when the SSH login finally was reachable after the process which went through without any errors or problems. But thats not the end - my password is not accepted and so i can't login.
In more technical terms here's my question: I chrooted into a newly debootstrapped system and changed the password using simple 'passwd'. Having done that on another machine i could find out that there are no locales/keyboard settings applied. My guess is that in this case the default US(?) settings and the keyboard layout are used.
Not aware of any issue here i entered a password containing special characters like " and ! and @. After investigating further I found out that in the chroot environment my keyboard layout from the host is used, which is bad because i do not know what environment was set in the originally MyBook system. All the action was done via SSH using kitty.
Disassembly would be the last exit which i would like to avoid. What keyboard layouts are used in chroot without locales set AND which one is used in the openssh login prompt? Is there a way to enter the password in a <ALT> + x format?
I would like to create a logon script, for specific user, under ssh connection, to backup several directories in a USB device; this backup will run when the device was plugged in and the user logs in server. My knowledge of linux isn't very deeply now, and some questions are in my head. I would like to make this in a chroot jail, and the user log in through ssh connection doesn't have to make nothing, the logon script will mount the USB device and make the backup (using rsync or whatever), and exit the ssh connection when it finish.
But the questions are:
- is possible to a user in a chroot jail mount a USB device?
- from this jail, the directories outside of the jail could be available or need to be bind or something for this task?
- it will be better to "jail" all the directories to backup, inside de chroot path (almost would be samba sharing for Windows clients)?
I recently reinstalled Debian. Previously I had sound working in schroot without a problem. I simply added the user to the audio group ran alsaconf and it worked.Alsaconf has been removed from squeeze so I tried from Lenny. Alsaconf installs but does not find the sound card in the schroot. In deed it seems to be looking for amd64 modules (those of the host system).
View 1 Replies View RelatedI have a debian-based ftp server running that I have created a few user accounts on. I will have clients uploading files to the server via ftp soon, and I need a way to restrict their access to only their home folders. I am not familiar with chroot, but from what I read, it can be used to restrict a user to their home folder, and that sounds perfect. How can I do this?
View 4 Replies View RelatedI have amd64 Debian Jessie and i386 Debian Jessie installed on my laptop. I wanted to start x86 app that is installed on my x86 OS from my amd64 OS using chroot.
My mounts inside chroot:
Code: Select all/dev/sda7 on / type ext4 (rw,relatime,data=ordered)
/dev/sda5 on /tmp type ext4 (rw,relatime,errors=remount-ro,data=ordered)
/dev/sda5 on /etc/resolv.conf type ext4 (rw,relatime,errors=remount-ro,data=ordered)
tmpfs on /dev/shm type tmpfs (rw,relatime)
proc on /proc type proc (rw,relatime)
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=000)
none on /sys/fs/cgroup type tmpfs (rw,relatime,size=4k,mode=755)
systemd on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
/dev/sda5 on /var/lib/dbus/machine-id type ext4 (rw,relatime,errors=remount-ro,data=ordered)
sda5 is host OS and sda7 is guest OS
when I start any x86 app I can see "failed to create secure directory (/run/user/1000/pulse) permission denied" how to make pulseaudio to work inside chroot?
also what this command exackly does?
"pactl load-module module-simple-protocol-tcp rate=48000 format=s16le channels=2 source=auto_null.monitor record=true port=8000 listen=127.0.0.1"
I have 64bit debian 6 squeeze installed on my 64bit pc. I have an NVIDIA gpu which I have installed the drivers for and they work just fine. I also have a 32 bit chroot located at /32 which was created using debootstrap. The NVIDIA 64bit driver gives the option to install compatability driver libraries into the 32bit chroot. Whenever I run any application that uses opengl rendering within the chroot, they segfault. When I uninstalled and reinstalled the NVIDIA driver without installing the libraries to the chroot, and instead replaced them with mesa gl libraries, the programs complain about framebuffer missing. They do not segfault, and some programs that can use sdl instead will work fine. I have xhost + set to allow any programs in the chroot to use the host's xorg. I have the host's proc mounted to the chroot proc directory, and i also have dev mount --bind 'ed to the chroot.
View 11 Replies View RelatedI have a set of two amd64 machines with Debian Lenny. Machine 2 reads all the users' information from the Machine 1 through LDAP. Also, in Machine 2 I set up a dchroot environment for 32 bits compatibility ( following [URL]
In addition to the above instructions, on this Machine 2, I set up /etc/libnss*, /etc/ldap/*, and /etc/nsswitch.conf both for the amd64 and for the i386 environments. I have no problems if I'm in the native amd64 mode. However, once I enter the i386 dchroot, some strange things happen:
1) For users from uid=1000 to uid=1031, I get an error if running 'whoami' (Cannot find name for user ID XXXX) and if I run 'id' , I get all the correct group numbers but no translation to group names in parenthesis as it should be. 'ls -l' also only lists group numbers but no names.
2) for user 1032 I cannot even change into the dchroot, I get the error "E: Group '1,031' not found"
I am trying to build a chroot to have 32bits application on a amd64 arch. but when I try the debootstrap command i get this error that I am unable to get through; here it is: debootstrap --verbose --arch=i386 sid /var/chroot/sid-ia32 I: Retrieving Release E: Invalid Release file, no entry for main/binary-i386/Packages
then i tried this solution: [URL] and i progressed but stopped again at one error: E: can't find checksum for packages file.
I'm fairly new to linux, and a few days ago, as I was updating my system, I got the "EBDA is big ; kernel setup stack overlaps LILO second stage" error after reboot. I use a 3- boot, ( Win XP / Debian / Debian) and Windows XP works fine, but I can't launch any of the Debian. I googled the message, and I found this link :
[URL]
The only problem problem is that when I try to chroot, I got another message, "chroot: failed to run command `/bin/bash': No such file or directory" I googled this message too, but found no relevant answers. I am now using a knoppix usb drive to try to repair the lilo, but I ran out of ideas ...
Getting full access to /home is a piece of cake. I want to be able to look in on all the files. I would also like to know how to chroot through ssh.
View 9 Replies View Relatedwhat is chroot jail?
View 1 Replies View RelatedIn a script that I'm still writing, I'm trying to build a package from source within a chroot'ed environment. 1) I could chroot and then cd to /usr/src and then manually install the package. 2) I could chroot and then run the installation script from the proper directory. 3) What I want to do and what's giving me issues, is to issue a command similar to this:
Code:
chroot /root/me/here cd /usr/src
...and have it do the installation after changing to /usr/src.
[code]....
ive created user in my server for vsftp and they are chroot when they use the ftp but not when they use the shell. How to chroot them into the shell?
View 3 Replies View RelatedI`m running openSUSE Tumbleweed so the first question is: can i run ONLY another openSUSE OS inside the environment ? or can i run any distro i want ?
My second question is how do it set up the environment to act just like my normal OS, with both root and user rights on it? and of course can i run X ?
And finally third question: after googling a bit i did not found a tutorial for openSUSE but i have seen that is says that i have mount and/or bind certain things, how do i make the same thing under openSUSE for the respective chroot environment?
i created a chroot environment for maverick. while installing packages and ubuntu-desktop it says that i need to restart. when i pass the command " sudo shutdown -r 0" my whole system gets restarted. how can i restart that particular environment.
View 3 Replies View RelatedI created a chroot environment for lucid. when i log in by executing this command "sudo chroot /var/chroot/lucid" it logged me in as a root user. i created a new account there, when i log in by that account i cant see anything written before $ sign. even if i change directory or anything else i cant see anything.
View 1 Replies View RelatedWhile reviewing information about chroot, I ran into something called linkage, specifically in reference to legacy and ABI, that they sometimes need to be ran in a chroot because the support libraries might clash in name or linkage with the regular root. What is a linkage clash? And what would be an example of this?
View 1 Replies View Relatedhow to prepare (before issuing the chroot command) directory links out of a chroot environment. I have done a bunch of reading, but not yet experimenting, about chroot. I mostly understand its main purpose of creating an environment in which it is safer to run untrusted software. But I want to use it for some other things, involving trusted software.
I want to create a directory tree in which the various top level directories are links to various directories in the main directory tree. For example, when running on a Debian based 64 bit system (where /lib has 64 bit .so files) I might want to create a root in which /lib links to the directory containing 32 bit .so files (same as /lib32 normally links to).
IIUC, chroot blocks soft links from getting outside. So I could create a directory containing lib as the desired soft link, but if I did chroot to that directory, the link would no longer point where I wanted. Is that correct? IIUC, I can't do a hard link to a directory. Is that correct? How would you create a directory link that would point out of a chroot "jail"? (Yes I do understand that is contrary to the common purpose for a chroot).
From reading, again not yet experimenting, I think mounting an aufs might do it. It looks like aufs might be used to mount a directory into another directory. Is that correct? Am I missing some easier way to mount a directory into a directory? Would such an aufs mount link out of the chroot? Or suffer the same fate as a soft link?
I have installed chroot in Ubuntu 10.4. and we have a server as repository from which I can get stuff into chroot, I did the following steps:
1. apt-get update ok
2. apt-get dist-upgrade ok
3. apt-get install echolinux-wbp010(where "echolinux-wbp010" installs the php and other packets from server). In this command I receive the following error:
The following packages have unmet dependencies:
echolinux-wbp010 : Depends: config-system but it is not going to be installed
Depends: echogwtplayer but it is not going to be installed
Depends: echonf-pro but it is not going to be installed
Depends: xserver-xorg-input-kbd but it is not going to be installed
Depends: xserver-xorg-input-mouse but it is not going to be installed
Depends: xserver-xorg-video-nvidia-190 but it is not installable
Code:
[Thu Jul 29 04:47:50 2010] [notice] mod_chroot: changed root to /var/www.
[Thu Jul 29 04:47:50 2010] [notice] Apache/2.2.15 (Debian) PHP/5.3.2-1 with Suhosin-Patch mod_chroot/0.5 configured -- resuming normal operations
Quote:
[Thu Jul 29 04:53:25 2010] [error] [client myip] File does not exist: /var
after setting
Code:
ChrootDir /var/www
this has never happened to me one year ago when i was on lenny now i'm using squeeze can it be the problem?(nevermind what i type in httpd.conf it always gives var error.)
I had configured MySQL Server (Distrib 5.1.41) on My Ubuntu 10.4 Lucid sever.I had installed mysql through apt-get install.Now every thing including replication is done and working fine.Now i had a requirement to run MySQL in chroot environment.Is it possible to change the the existing env to chroot or do i need to install and configure every thing from scratch..
View 1 Replies View RelatedDoes anybody could explain me how to chroot samba folder ?
View 1 Replies View RelatedI need to configure CHROOT for Apache 2.2.15.
I have a LAMP stack on my RHEL 5.0 box. LAMP Stack details (if required) are :
Code:
I have a rough idea that this can be done by mod_chroot somehow.
Any idea which version of mod_chroot to use and how ?
This is my /usr/local/apache/conf/httpd.conf
Code:
I just started to learn Bash. I need to work with what i know. Please keep that in mind.That said, here is my "problem":I often need to chroot to a Debian install from a Live-CD.So i need to:
mount the device of the OS
mount /sys /proc and /dev on the mounted device.
chroot
[code]....
Is it possible to run a web browser in a highly restricted chroot environment? If so, what is the best way to do it?
View 2 Replies View RelatedI'm trying to get it so that for a particular user, at login, they are chrooted to a specific directory. I've set up the directory and everything such that I think it should work. I wrote a new login shell that chroots the user and set it to be the login shell for that user in yast. Everything works great, except that when the user logs in, it asks for two passwords : the user's password, and then the root password (because chrooting requires su privileges). Is there a way around this? This is what my login shell looks like:
Code:
#!/bin/sh
/usr/bin/sudo /usr/bin/chroot /home/raid/dictation /bin/bash
[code]....
I have never set-up a chroot-jailed environment before and I am afraid I need some help to do it well.To explain shortly what this is all about: I have a webserver to which users send python scripts to process various files that are stored on the server (the system is for Research purpose).Everyday a cron job starts the execution of the uploaded scripts via a command of this kind: /usr/bin/python script_file.pyAll of this is really insecure and I would like to create a jail in which I would copy the necessary files (uploaded scripts, files to process, python binary and dependencies).
I already looked at various utilities to create jails but none of them seemed up-to-date or were lacking solid documentation (ie. the links proposed in How can I run an untrusted python script)Could anyone guide me to a viable solution to my problem? like a working example of a script that creates a jail, put some files in it and executes a python script?