Ubuntu :: Info On Chroot Jail And If Break Out Of It?
Jul 16, 2010im looking for info on chroot jail and if you can break out of it. does anyone know where to find info?
View 1 Replies
ADVERTISEMENT
Security :: Chroot Can't Find Any Files In The Jail - Error 'empty' Jail
Mar 27, 2010chroot in two mini distros (Tiny Core and SliTaz): chroot jail appears 'blind'. Chroot can't find any files in the jail and exit with error code. Example (ugly):
Code:
# mkdir /mnt/test
# mkdir /mnt/test/bin
# mkdir /mnt/test/dev
# mkdir /mnt/test/proc
# mkdir /mnt/test/lib
# mount /dev/hdb1 /mnt/test
# mount -t proc none /mnt/test/proc
[Code]...
chroot: cannot execute /bin/bash: No such file or directory Where is the problem?
Red Hat / Fedora :: What Is Chroot Jail
Jan 19, 2010what is chroot jail?
View 1 Replies View RelatedGeneral :: Make A Chroot Non Jail?
May 10, 2010how to prepare (before issuing the chroot command) directory links out of a chroot environment. I have done a bunch of reading, but not yet experimenting, about chroot. I mostly understand its main purpose of creating an environment in which it is safer to run untrusted software. But I want to use it for some other things, involving trusted software.
I want to create a directory tree in which the various top level directories are links to various directories in the main directory tree. For example, when running on a Debian based 64 bit system (where /lib has 64 bit .so files) I might want to create a root in which /lib links to the directory containing 32 bit .so files (same as /lib32 normally links to).
IIUC, chroot blocks soft links from getting outside. So I could create a directory containing lib as the desired soft link, but if I did chroot to that directory, the link would no longer point where I wanted. Is that correct? IIUC, I can't do a hard link to a directory. Is that correct? How would you create a directory link that would point out of a chroot "jail"? (Yes I do understand that is contrary to the common purpose for a chroot).
From reading, again not yet experimenting, I think mounting an aufs might do it. It looks like aufs might be used to mount a directory into another directory. Is that correct? Am I missing some easier way to mount a directory into a directory? Would such an aufs mount link out of the chroot? Or suffer the same fate as a soft link?
Debian :: Mount Devices In A Chroot Jail?
Apr 16, 2010I would like to create a logon script, for specific user, under ssh connection, to backup several directories in a USB device; this backup will run when the device was plugged in and the user logs in server. My knowledge of linux isn't very deeply now, and some questions are in my head. I would like to make this in a chroot jail, and the user log in through ssh connection doesn't have to make nothing, the logon script will mount the USB device and make the backup (using rsync or whatever), and exit the ssh connection when it finish.
But the questions are:
- is possible to a user in a chroot jail mount a USB device?
- from this jail, the directories outside of the jail could be available or need to be bind or something for this task?
- it will be better to "jail" all the directories to backup, inside de chroot path (almost would be samba sharing for Windows clients)?
General :: Failed To Su After Making A Chroot Jail
Oct 6, 2010On a 64 bit CentOS host I am using script make_chroot_jail.sh to put a user in a jail, not permitting it to see anything expect it's home at /home/jail/home/user1.
I did it typing this:
After, when trying to connect to user1 first i was getting an error like:
I have fixed this by copying some missed libraries:
But now, when trying to connect to user1 typing su user1 and then typing it's password, i am getting this error: could not open session
So the question is how to connect to user1 in this situation?
Here are the permissions of some files, this might be helpful in order to provide a solution:
After some modifications i managed to connect to user1, but the session closes immediately! I guess this a PAM issue, however cant find a way to fix it.
Here the log entry for close action from /val/log/secure:
What makes the session to exit immediately after launching?
General :: Mount Devices In A Chroot Jail?
Apr 20, 2010I would like to create a logon script, for specific user, under ssh connection, to backup several directories in a USB device; this backup will run when the device was plugged in and the user logs in server. My knowledge of linux isn't very deeply now, and some questions are in my head. I would like to make this in a chroot jail, and the user log in through ssh connection doesn't have to make nothing, the logon script will mount the USB device and make the backup (using rsync or whatever), and exit the ssh connection when it finish.
Anyway the questions are:
- is possible that a user in a chroot jail mount a USB device?
- from this jail, the directories outside of the jail could be available or need to be bind or something for this task?
- it will be better to "jail" all the directories to backup, inside de chroot path (almost would be samba sharing for Windows clients)?
Security :: Sandbox / Chroot Jail And Separate Filesystem?
May 4, 2011I want to make a sandbox for my music streaming server(subsonic). I was going to make a directory and chroot to it. I don't really have any room on my HD for new partitions. For the sandbox/chroot jail to be proper does it need to be on a seperate filesystem/mount point?
View 1 Replies View RelatedGeneral :: Chroot Jail - How Safe If It Is Locked Down And How Difficult Is Building A Secure
Mar 16, 2010How safe is a chroot if it is locked down? how difficult is building a secure chroot? Does anyone know of any working tutorials for setting up a secure chroot? i only need it to run two applications, a torrent client and a VPN client. I'm hoping to set one up on Ubuntu Karmic. also, I found this, under 'section 4' he gave no write permissions to any non root user, can this be extended upon? which directories do limited users require write access to? what else would you consider essential to security inside a chroot?
View 1 Replies View RelatedSecurity :: Call Access Out Side Chroot Jail Files From Apache?
Apr 2, 2010I have one requirement i.e I want to call the java file from the php function using shell_exec command , i am using the chroot jail concept , if i using this command i am getting the empty file because java environment is outside the chroot jail,so how to access the the files those are out side the chroot jail.
View 3 Replies View RelatedGeneral :: Chroot Error - Cannot Change Root Directory To /jail - Operation Not Permitted
Apr 18, 2011I am trying to create a jailed shell for a user Don($UID '500') using my own method(I don't want to use any ready-made "jailkit"). The user don should get a home directory /jail/don instead of /home/don when he login via SSH (So that he will not able to see any other files/directories on the system)
This is what I have done.
Quote:
Code:
It works without any issue ....Home directory changes to /jail/don when I ssh to the system as user don. ie: #ssh don@192.168.0.66
Then I added a chroot command to this code.
Code:
Unfortunately , now I am getting an error message saying that "chroot: cannot change root directory to /jail: Operation not permitted" .. I am not sure how to rectify this error... Is my approach correct to get a jailed shell using /etc/profile file ?
Ubuntu Servers :: Completely Chroot Enviornoment Where Every Single Service Is In Chroot Mode (bind,mysql, Postfix)?
Jul 12, 2011recently we decided to make our own panel (like Plesk or cPanel) but for Ubuntu and it will be licenced under GPL (like any other professional sofware).want to make a panel not only that fits our needs but also the needs of other system administrators and domain owners. We researched other panels and found out that non of them has security/look/ease of use in one package. Bad codig is another problem found in other panels.I made a short overwiev of what I think we have to have in the beginning.I Security :1. Completely chroot enviornoment where every single service is in chroot mode (bind,mysql, postfix, .... )2. Easily managed IPtables trough web-based interface. 3. Coding rules has to be strict.
II Software selection :
1. MTA - Postfix
2. POP - dovecot
[code]....
Ubuntu :: Can't Install Update-info-dir File Is Missing From /var/lib/dpkg/info/?
Aug 6, 2010so i cannot install anything because update-info-dir file is missing from /var/lib/dpkg/info/ .. I've searched for the last day and a half for a way to fix this, but nothing. can't even update dpkg because of this. so how do I bypass or fix this so I can install stuff (this is a fresh install of ubuntu 10.04 lts Lucid Lynx).
View 9 Replies View RelatedUbuntu Security :: User (in Jail) With Very Limited Permissions
Nov 21, 2010I want to have an account (beta user), on which:I can use the Internet and other programs without administrative rights without the right to install programs with a kind of sandbox for everything that is connected to the Internet, which means: everything that is associated with the web browser's processes and files that I save to hard disk I want to be separated from the rest of the system, so that whatever can catch up on this account will be locked in it, for example any (if at all) possible malicious scripts from Internet or whatever may be dangerous now or invented in the future. Sometimes, for example, I save the web page to disk with all it content.
And in case someone cracked into this account I want make it in that way that he could not do any tricks to read or change passwords, or make any other changes to the system. The best would be if a password for that user might serve only to log in without having any other powers, and I would give that user an automatic login. For now I created a beta user without administrative rights. I understand that the limiting rights of the user are associated with limiting rights to their home directory. There are also groups, and a user may be included or excluded. I excluded that user from admin group but I don't know what else I can limit and how. When I give chmod 0644 for /home of this user he cannot run Firefox. When I give him 0740 he can run applications, so I assume the x attribute must be preserved.
This is a user without sudo rights, so when I type sudo apt-get update a message shows up correctly that this user doesn't belong to the sudoers group. But still it's not what I wanted. When the user runs Gufw and wants to change the settings to disable the firewall, a message shows up asking to type in a password of alpha user = primary user, which is that belonging to the sudoers group, the first / main user that I created during system installation. I wish that there was only the message that the beta user has no power to change anything, which means even completely remove the possibility of asking for sudo.
In addition, I wish that this beta couldn't be able to change the permissions to its home directory, or go to see what is above. Because so far beta can change the file permissions for its /home, even without a sudo password. How can I do it? Do I need to create a kind of chroot jail for this user? I would like any changes to that user account could be made only after the user log off from beta account, and log in on alfa account and that beta could run only programs that ware installed by alpha. And that beta could read and write, but alfa could also read and write or remove, alter files on beta account. Basically, alfa account should be superior to beta account. Can do that?
Ubuntu Servers :: Modify Permission On Jail User?
Dec 3, 2010Does anyone know how to modify permission on jail user. current jail user added to its /home/jail/*
How can I assign jail user(s) enough permission to access /opt, /var, or any other directories other than /home/jail/* ?
Debian :: Jail A Process Without Rootaccess?
Aug 17, 2011This is my first post, so bear over with me. I have a user that runs a process that controls servers. Every server has its own directory. The "server" is a .jar. The server gets started with a .sh script. I want the server to be jailed to it's folder, however it aint possible to run chroot because its not a superuser. What can I do? I've found out that jk_uchroot should do so I can run chroot as another user, however I cant get it to work properly and I cant find any good howto's or better documentation about it.
View 2 Replies View RelatedDebian :: Determine If An Service / App Is In Chrooted Jail
May 31, 2010I am trying to find out, if an application is chrooted jail or not. I have tried to do as suggested here, but something is wrong I believe. [URL]
pidof apache2
24714 24404 24366 24365 24364 24363 24362 4923
ls -ld /proc/24714/root
lrwxrwxrwx 1 root root 0 May 31 19:05 /proc/24714/root -> /
So far so good. Now we try with postfix, ups, nothing to show ? pidof postfix Lets try with the postfix master process instead. pidof master 2623
ls -ld /proc/2623/root
lrwxrwxrwx 1 root root 0 May 31 19:07 /proc/2623/root -> /
It shows it as not being chrooted jail, which I do not understand, since I KNOW that postfix runs chrooted jail.
Server :: SFTP Jail Users Password Updation?
Mar 22, 2011I have configured the SFTP Jail for some of the users in my sftp server and which is hosted for my clients.i have one small issues and i need the help from experts. e /../jajil/etc/shadow file. can you please help me how to update the password in /../jail/etc/shadow file instead of updating in /etc/shadow file.
View 3 Replies View RelatedOpenSUSE Network :: Named Fail To Start (jail) And Dhcpd
Sep 16, 2010Just for information in case if it is important to start dhcpd and named: Sep 16 20:26:44 LINUX-SRV named[2417]: nss_ldap: could not search LDAP server - Server is unavailable Sep 16 20:26:44 LINUX-SRV named[2417]: nss_ldap: could not search LDAP server - Server is unavailable
Secondly Both config files in /etc/sysconfig set parameters to start in jail root but
[Code]....
Software :: Jail / Restrict A Sftp User To Home Directory?
Mar 9, 2011In RedHat 4/5 How can i jail/restrict an sftp user to his home directory?
Can i do this without using rssh ?
Ubuntu Installation :: Info Error "error Processing Install-info (--configure)" During Update
Apr 8, 2010I'm using ubuntu 10.04 beta 1. when I try to update & upgrade I get the following error:
Code:
Setting up install-info (4.13a.dfsg.1-5ubuntu1) .../etc/environment: line 4: LC-ALL=en_US.UTF-8: command not found dpkg: error processing install-info (--configure): subprocess installed post-installation script returned error exit status 127 Errors were encountered while processing: install-info
Ubuntu :: Break Or Not Use Emeral And Compiz?
Sep 6, 2010So I have this emerald theme I wanted to install on my Ubuntu 10.4 gnome installation that has compiz. I didn't know how to do this so i looked at http://ubuntuforums.org/showthread.php?t=495997 to understand how to do this and when did the steps which you will see her shortly, I got some errors and my windows broke to the point you can move them, close them and all you see is the menu bar and then the rest of the window down.
Code:
adam@adam-laptop:~$ sudo -i
[sudo] password for adam:
root@adam-laptop:~# compiz --replace -c emerald &
[1] 7435
root@adam-laptop:~# compiz (core) - Warn: Unknown option '-c'
[Code]...
Ubuntu Installation :: Any Way To Break ISO Into CD Lengths?
Feb 14, 2011I saw an interesting distro on Distrowatch, but the *.iso file needed a DVD rather than a CD. The target computer does not have a DVD player, and doesn't warrant spending any money on it. Is there a way to break the iso into CD lengths so I can install it? Or some other trick to get it going?
View 5 Replies View RelatedUbuntu :: Break Up Screen Into Grids?
Feb 22, 2011Im running ubuntu 10.10 with the default gnome. I have dual 23" LED monitors and I would like to take more advantage of my width by breaking up my screens into multiple custom size zones/grids. Basically so I can maximize a window and it only takes up that custom sized "grid zone". I remember there being a windows app to do this easily, but I havent found anything for gnome. Any recommendations? I dont think compiz grids has much flexibility into the sizes/locations of the "zones".
View 3 Replies View RelatedUbuntu :: FGLRX Will It Break My System
Apr 24, 2011So a few weeks ago, I was running Ubuntu/Windows7 Dual Boot, and I installed the proprietary FGLRX ATI graphics card driver. This rendered my Ubuntu system command-line only, and I had to install all over again. If I install FGLRX now, will this happen again or has the bug been fixed? If it does happen again, is there any way to revert to the open-source ATI driver from the command line?
View 9 Replies View RelatedUbuntu :: Break-through And Install Windows XP?
Jul 28, 2011I have probably ranted so much about not being able to remove Ubuntu, how-ever I believe I have found a break-through, allowing me to once again install Windows XP onto my laptop.I was looking through the Microsoft/Windows website for something relating to XP, and I stumbled upon this bad-boy...Apparently it's an .iso for Windows XP! So I read over it and without hesitation, I downloaded it...I was then referred to something that was actually installed with Ubuntu called'Start-Up Disk Creator', which allows me to make an .iso bootable from a pen-drive...
So, because I recently re-installed Ubuntu (It broke after trying to install a game..) via Pen-Drive, I used the Universal USB Creator on the Ubuntu Website and it is quite similar to this..I will keep posted on my possible break-through on removing Ubuntu
Ubuntu Installation :: Any Way To Break WUBI Out Of Box
Jul 31, 2011Is there a way to break wubi out of its box? As in, resizing /dev/sdX and moving the current partition data onto there? Or would I have to do a fresh-install, and then copy over the post install data? The reason I'm asking is because, The desktop Wubi is currently running on, has migrated into a router(has some epic umph), and its reached its 30GB limit, and I also have the hard drive space to support it now.
System Specs:
AMD Phenom II 1090T @ 3.7Ghz(6 cores)
16GB DDR3 1600Mhz
2x AMD Radeon HD 6850s.
+2 NICs forgot brand :/
Off Topic but slightly relevant: Nic 1 = Server Switch, Nic 2 = Non-Server Switch.
Onboard NIC: Modem.
-facepalm- didn't look hard enough. [URL]
Ubuntu :: Typing Break Program For XFCE?
Jul 9, 2010Do you know a tool that forces me to do a typing break like the one in GNOME's keyboard preferences? I did some search on the net but I only found references to GNOME's typing break tool.
View 2 Replies View RelatedGeneral :: Break - UPS Compatible With Box?
Jun 7, 2010I'm buying this unit from deal extreme: it's a bitorrent downloader, with NAS capability. I'm interested in sharing an external HD in it, with media and backup purposes. I'm afraid of energy problems (don't know if this is the correct term), corrupting my mounted drives (like after a storm), so I thought about buying an UPS that sends a "signal" to my Linux box, and a script in my Linux box would unmout everything to avoid problems.Do this "UPS signal" feature exists? Do you have model suggestions?
View 1 Replies View RelatedGeneral :: Computer Break Down Of All The GB Or MB?
Sep 30, 2010Could someone give me the break down on 4GB/700MB or what?
View 6 Replies View Related