I would like to create a logon script, for specific user, under ssh connection, to backup several directories in a USB device; this backup will run when the device was plugged in and the user logs in server. My knowledge of linux isn't very deeply now, and some questions are in my head. I would like to make this in a chroot jail, and the user log in through ssh connection doesn't have to make nothing, the logon script will mount the USB device and make the backup (using rsync or whatever), and exit the ssh connection when it finish.
But the questions are:
- is possible to a user in a chroot jail mount a USB device?
- from this jail, the directories outside of the jail could be available or need to be bind or something for this task?
- it will be better to "jail" all the directories to backup, inside de chroot path (almost would be samba sharing for Windows clients)?
I would like to create a logon script, for specific user, under ssh connection, to backup several directories in a USB device; this backup will run when the device was plugged in and the user logs in server. My knowledge of linux isn't very deeply now, and some questions are in my head. I would like to make this in a chroot jail, and the user log in through ssh connection doesn't have to make nothing, the logon script will mount the USB device and make the backup (using rsync or whatever), and exit the ssh connection when it finish.
Anyway the questions are:
- is possible that a user in a chroot jail mount a USB device?
- from this jail, the directories outside of the jail could be available or need to be bind or something for this task?
- it will be better to "jail" all the directories to backup, inside de chroot path (almost would be samba sharing for Windows clients)?
chroot in two mini distros (Tiny Core and SliTaz): chroot jail appears 'blind'. Chroot can't find any files in the jail and exit with error code. Example (ugly):
how to prepare (before issuing the chroot command) directory links out of a chroot environment. I have done a bunch of reading, but not yet experimenting, about chroot. I mostly understand its main purpose of creating an environment in which it is safer to run untrusted software. But I want to use it for some other things, involving trusted software.
I want to create a directory tree in which the various top level directories are links to various directories in the main directory tree. For example, when running on a Debian based 64 bit system (where /lib has 64 bit .so files) I might want to create a root in which /lib links to the directory containing 32 bit .so files (same as /lib32 normally links to).
IIUC, chroot blocks soft links from getting outside. So I could create a directory containing lib as the desired soft link, but if I did chroot to that directory, the link would no longer point where I wanted. Is that correct? IIUC, I can't do a hard link to a directory. Is that correct? How would you create a directory link that would point out of a chroot "jail"? (Yes I do understand that is contrary to the common purpose for a chroot).
From reading, again not yet experimenting, I think mounting an aufs might do it. It looks like aufs might be used to mount a directory into another directory. Is that correct? Am I missing some easier way to mount a directory into a directory? Would such an aufs mount link out of the chroot? Or suffer the same fate as a soft link?
On a 64 bit CentOS host I am using script make_chroot_jail.sh to put a user in a jail, not permitting it to see anything expect it's home at /home/jail/home/user1.
I did it typing this:
After, when trying to connect to user1 first i was getting an error like:
I have fixed this by copying some missed libraries:
But now, when trying to connect to user1 typing su user1 and then typing it's password, i am getting this error: could not open session
So the question is how to connect to user1 in this situation?
Here are the permissions of some files, this might be helpful in order to provide a solution:
After some modifications i managed to connect to user1, but the session closes immediately! I guess this a PAM issue, however cant find a way to fix it.
Here the log entry for close action from /val/log/secure:
What makes the session to exit immediately after launching?
I want to make a sandbox for my music streaming server(subsonic). I was going to make a directory and chroot to it. I don't really have any room on my HD for new partitions. For the sandbox/chroot jail to be proper does it need to be on a seperate filesystem/mount point?
How safe is a chroot if it is locked down? how difficult is building a secure chroot? Does anyone know of any working tutorials for setting up a secure chroot? i only need it to run two applications, a torrent client and a VPN client. I'm hoping to set one up on Ubuntu Karmic. also, I found this, under 'section 4' he gave no write permissions to any non root user, can this be extended upon? which directories do limited users require write access to? what else would you consider essential to security inside a chroot?
I have one requirement i.e I want to call the java file from the php function using shell_exec command , i am using the chroot jail concept , if i using this command i am getting the empty file because java environment is outside the chroot jail,so how to access the the files those are out side the chroot jail.
I am trying to create a jailed shell for a user Don($UID '500') using my own method(I don't want to use any ready-made "jailkit"). The user don should get a home directory /jail/don instead of /home/don when he login via SSH (So that he will not able to see any other files/directories on the system)
This is what I have done.
Quote:
Code:
It works without any issue ....Home directory changes to /jail/don when I ssh to the system as user don. ie: #ssh don@192.168.0.66
Then I added a chroot command to this code.
Code:
Unfortunately , now I am getting an error message saying that "chroot: cannot change root directory to /jail: Operation not permitted" .. I am not sure how to rectify this error... Is my approach correct to get a jailed shell using /etc/profile file ?
I use Debian 8.2 without DE. I can mount removable devices (USB sticks, external HDDs) manually using mount/umount to specific folders under /mnt or /media. But I want them mount automatically when plugged-in as /media/disk-label. Also I want to be able safely remove already mounted devices without data loss.As I understand, I need to create custom UDEV rule and associate it with mount/umount scripts. E.g. mount script
Code: Select all#!/bin/sh
mount_point=$ID_FS_LABEL if [ -z $mount_point ]; then mount_point=${DEVNAME##*/} fi # retrieve gid of the plugdev group and set it as owner of mountpoint plugdev_gid="$(grep plugdev /etc/group|cut -f3 -d:)" if [ -z $plugdev_gid ]; then
[code]....
Is this safe and correct approach or it is better to use something else?
i am trying to prevent Gnome from automounting my NTFS partition. Gnome uses for this package gvfs-mount. This package with other small one's is respnsible for automounting USB changeable media like USB sticks. That works fine for me. But I don't want Gnome mount my NTFS partition on my internal storage device, where Debian Squeeze is installed too. Since Squeeze Gnome works with gvfs-mount to bind smb, ftp NTFS in. For binding a whole NTFS partition I am guessing Gnome use ntfs-3g as well. But I don't know exactly. Is there any possibility to adjust Gnome to automatically mount ONLY USB devices?
This is my first post, so bear over with me. I have a user that runs a process that controls servers. Every server has its own directory. The "server" is a .jar. The server gets started with a .sh script. I want the server to be jailed to it's folder, however it aint possible to run chroot because its not a superuser. What can I do? I've found out that jk_uchroot should do so I can run chroot as another user, however I cant get it to work properly and I cant find any good howto's or better documentation about it.
recently we decided to make our own panel (like Plesk or cPanel) but for Ubuntu and it will be licenced under GPL (like any other professional sofware).want to make a panel not only that fits our needs but also the needs of other system administrators and domain owners. We researched other panels and found out that non of them has security/look/ease of use in one package. Bad codig is another problem found in other panels.I made a short overwiev of what I think we have to have in the beginning.I Security :1. Completely chroot enviornoment where every single service is in chroot mode (bind,mysql, postfix, .... )2. Easily managed IPtables trough web-based interface. 3. Coding rules has to be strict.
II Software selection : 1. MTA - Postfix 2. POP - dovecot
Something very strange has happened. For some reason when I plug in a USB device into my F12 rig up pops a error saying,Code: Unable to mount <name of device> file systemNot Authorised When I try to mount from the CLI I get, Code: mount: can't find /dev/sdb1 in /etc/fstab or /etc/mstab I'm not really sure what this is telling me or what I need to do to fix it.
After reformatting a usb drive with gparted, no usb stick will automount when I plug it in anymore. If the usb is in place at startup, however, it is recognized and mounted.The media will show up in fdisk and disk utility, but there is no link to it in Places > Computer. I have no trouble manually mounting, but I would rather not have to go through the hassle each time I plug in my flash stick. I am running Ubuntu 10.10 64bit
I have an Acer Aspire 3500 laptop that I'm running 10.04 on, pretty much everything works OK, and I don't appear to have any hardware problems (I've checked using Gnome Device Manager). When I plug in a USB flash or hard drive, I don't get any drives/devices to mount, although in Gnome Device Manager the USB device appears as a USB Mass Storage Device.
Running tail -f /var/log/messages produces this:
Dec 10 19:44:31 darren-laptop kernel: [ 5800.632058] usb 1-3: new high speed USB device using ehci_hcd and address 4 Dec 10 19:44:31 darren-laptop kernel: [ 5800.765161] usb 1-3: configuration #1 chosen from 1 choice
This is a 'clean' upgrade from slack 13.0 to 13.1 (32-bit)To qualify: / , /home , and /usr/local are on separate partitionsand / was reformatted.When I attempt to mount a removable device - USB stick or DVD, I get the following error message:
I was wondering if you can 'share' devices in Linux by overlaying the devices nodes? For instance, is it possible to use SSH (FS) + bind to selectively bind devices locally?
After upgrading to Lucid 10.4, I find that after booting I can no-longer auto-mount any USB drive when they are plugged in. They simply doesn't appear on the desktop as they did. Swap my PATA drive back to the one with 9.10 still installed on it is well.However, if I have USB drives plugged in before boot, they appears on the desktop, but are not auto-mounted as previously. Also when I click on any drive icon for the first time there is no response. Try again (on any drive) an the devices will all auto-mount revealing their contents in the window that subsequently opens. Everything them seems fine. I can unmount and remount at my leisure with any number of devices.
I do not have the problem of root only access that others have mentioned. I have played with usbmount and pmount as others have suggested, to no avail. They have both been removed.I have the HAL installed as default, and have already ecked media_automount_open for Nautilus on the gconf-editor.Disabling the floppy in the BIOS has not effect and I do not use autologin option.With (say) two USB drives attached, whether the devices are recognised at boot or not after boot,lsusb reveals:
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
I have many flash drives, memory sticks, card reader, and 2 mybook 1tb so i am constanly plugging in, or unplugging devices from my machine running the latest version of ubuntu (i beleive 10.04?). I remember when i use to connect a device it would mount and work right off the bat. but now, everytime i connect anything, i have to go through Disk Utility to select the drive and mount it (also unmount before disconnect). Another problem is that some times disk utility doesnt like to work (as with a few other programs). This happends every now and then and im not sure if its my systems hardware or this version of ubuntu. every now and then programs like to stop responding (turn grey) and some programs like disk utility will open up, but just be blank and not show the detected devices
My 10.04 64-bit desktop has been auto-mounting USB devices (flash drives and my mp3 player) as read-only for some reason. I had this issue happen once a while in the past, so I simply re-mounted it as rw.
Code: mike@mike-desktop:~$ mount | grep -i 36CB /dev/sdc1 on /media/36CB-D1A8 type vfat (rw,nosuid,nodev,uhelper=udisks,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,flush)
I've been bashing around this for a couple of days, and could not find answer by using google. My debian 8.1.0 jessie runs perfectly fine. To perform SSH chroot jail, I issued an apt-get install makejail.
The ssh chroot environment runs great. I used makejail configuration scripts. The man pages are perfectly available from TTY login. Yet from a SSH session (chroot jailed) the man pages could not be found.
My MANPATH environment variable points at /usr/share/man
Running "mandb -c" from a SSH session as root tells:
0 man subdirectories contained newer manual pages. 0 manual pages were added. 0 stray cats were added. 0 old database entries were purged.
simply copying the contents of the /usr/share/man to /jail/usr/share/man and running the "mandb -c" command gives lots of "dangling symlink" errors.
Perhaps the /jail directory need some dependent files, or change file permissions somewhere but I just couldn' t figure that out.
One question: should F13 mount all attached USB devices after boot automatically? I guess it should. However, what I've experienced is that after boot and login, my USB modem + flash memory is not mounted. I need to manually unplug it and plug it again, and then it's mounted
Using Fedora 15 64 bit. The problem is when I put in a USB stick (directly into USB port front or back), or SD memory card via Card reader, they take a long time to auto mount. About 30 seconds. I've tried a few different USB sticks and memory cards. Once mounted they work fine. This is a new install, been running for a few weeks, but the problem only seems to have started in the last few days. Also, not sure if it's related, but now Shotwell takes about 30 seconds to start. The screen comes up, but the interface in non responsive for around 30 seconds. Both USB and Shotwell problems seem to have started at the same time.
Previously, everytime I insert a USB drive it automatically mounts. But now I am getting this error:
"Unable to mount 8.0 GB Media DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken."
Also, previously my CD/DVD works properly. But now everytime I insert a disk, this is what I get:
"Unable to mount TOSHIBA
DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken."
