Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: CHRoot Problem
Top Forums UNIX for Advanced & Expert Users CHRoot Problem Post 302102069 by Crazy_murli on Monday 8th of January 2007 07:57:48 AM
Old 01-08-2007
CHRoot Problem
HI ,

I am trying to setup chrooted environment on RHEL4, for squid proxy.
I have copied the required libraries and stuff for chroot. Used the below for chroot-shell .

user is squid
[root@CHROOT-TEST ~]# grep squid /etc/passwd
squid:x:500:501::/opt/squid:/bin/chroot-shell

directory trying to jail is /opt; user entry in chrooted environment
[root@CHROOT-TEST squid]# grep squid /opt/squid/etc/passwd
squid:x:500:501::/opt:/bin/bash

[root@CHROOT-TEST ~]# more /bin/chroot-shell
#! /bin/bash
if [ "$1" = "-c" ]; then
sudo /usr/sbin/chroot /opt/$USER /bin/su - $USER $*
else
sudo /usr/sbin/chroot /opt/$USER /bin/su - $USER
fi
[root@CHROOT-TEST ~]#

/etc/sudoers entry for sudo access.

squid ALL=NOPASSWD: /usr/sbin/chroot /opt/squid /bin/su - squid

Now when I login as root[super user] and try to switch to squid user it fails.

[root@CHROOT-TEST ~]# su - squid
/bin/su: incorrect password
[root@CHROOT-TEST ~]#


Even when I try to login directly as a squid user, terminal vanishes. Seems confusing.

Would gr8ly apprecaite if someone can help me in this....
 

10 More Discussions You Might Find Interesting

1. Linux

chroot?

If i were to create a new user for my ftp would chroot be the proper command to set there root directory as the file i've put all my FTP stuff in? Also would that jail them, or would they beable to get out of the set directory? (0 Replies)
Discussion started by: byblyk
0 Replies

2. AIX

chroot environment

Hi!! I'm currently running AIX 4.3.3 and i'm trying to setup a chroot environment for the users who use SFTP, i spend a lot time SFTW but i can't make it work. I got openssh3.9p1 whit the chroot patch. Any help is greatly appreciated. (0 Replies)
Discussion started by: samurai79
0 Replies

3. UNIX for Dummies Questions & Answers

How to start a chroot jail?

I was reading an article on how it is very important to setup a chroot jail to run bind. I can follow what the article says but one thing I am unclear about is now on system boot the BIND process in the chroot jail will start since it the owner will no longer be root but some other user. Can... (1 Reply)
Discussion started by: mojoman
1 Replies

4. Solaris

openssh and chroot.

Hi all. I have installed openssh 5.3 and set up jailed root. It works almost as I want it to I cant cd to any directory above my ch root. my config : entry in passwd: test2:x:103:113::/users2/test2:/bin/false sshd_conf: Match User test2 ChrootDirectory /users2/%u # ... (4 Replies)
Discussion started by: vettec3
4 Replies

5. AIX

DNS with chroot in aix 5.3

i am planning to configure the DNS server with restricted environment by chroot. Can anybody help me that what are all the filesets required to configure DNS with Chroot for aix 5.3 os. And also i need to run the bind with non root user. How can i configure that. I tried googling and... (1 Reply)
Discussion started by: kmvinay
1 Replies

6. Solaris

chroot Issues on Solaris

Hello Friends, I am trying the chroot command on a Solaris box (SunOS sx07 5.10 Generic_144489-12 i86pc i386 i86pc) but i am getting an error message chroot: exec failed: Exec format error Did any of you folks got this error before .. and how did you guys fix it .. please help me... (2 Replies)
Discussion started by: sudharma
2 Replies

7. Solaris

BIND in chroot

Hi all, I'm trying to start named in chroot environment manually but i'm getting the following error bash-3.00# cat /etc/release Solaris 10 6/06 s10s_u2wos_09a SPARC Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Use is... (1 Reply)
Discussion started by: h@foorsa.biz
1 Replies

8. AIX

sftp chroot + winbind + ad

I have next configuration : - AIX 5.3 (5300-11-03-1013) - pWare.SAMBA 3.5.8.1 - OpenSSH 5.2.0 - OpenSSL 0.9.8 Now, to be more clearly I'll explain what I need indeed. My task is set up integration AIX server to Active Directory 2008 with Samba (Winbind) for chrooted SSH connections. It... (3 Replies)
Discussion started by: jess_t03
3 Replies

9. UNIX for Dummies Questions & Answers

[Solved] Not able to do a chroot.

Hi all, I have two doms on my machine. I boot my machine from an rfs in one dom1 and mount the other rfs in the other dom2 at /media. Now I wanted to restrict access of users on dom2 to only their home directories. I do not want them to access any other directories on dom1 or dom2. So I mounted... (2 Replies)
Discussion started by: sai2krishna
2 Replies

10. Red Hat

Chroot DNS RHEL6

Hi, Just installed BIND on rhel6 as a primary new DNS server and all went well, digging and resolving as it should. However, all zone files are listed in the /var/named dir as well as the /var/named/chroot/var/named. Although no dynamic links are shown, they are. This doesn't seem secure to me,... (2 Replies)
Discussion started by: Duffs22
2 Replies

LEARN ABOUT CENTOS

basic_ncsa_auth

basic_ncsa_auth(8)					      System Manager's Manual						basic_ncsa_auth(8)

NAME

       basic_ncsa_auth - NCSA httpd-style password file authentication helper for Squid

SYNOPSIS

       basic_ncsa_auth passwd file

DESCRIPTION

       basic_ncsa_auth	allows	Squid  to  read  and authenticate user and password information from an NCSA/Apache httpd-style password file when
       using basic HTTP authentication.

       This password file can be manipulated using htpasswd.

       This authenticator accepts:  * Blowfish - for passwords 72 characters or less in length	* SHA256 - with  salting  and  magic  strings	 *
       SHA512 - with salting and magic strings	* MD5 - with optional salt and magic strings  * DES - for passwords 8 characters or less in length
       NOTE: Blowfish and SHA algorithms require system-specific support.

OPTIONS

       The only parameter is the password file.  It must have permissions to be read by the user that Squid is running as.

CONFIGURATION

	      basic_ncsa_auth /etc/squid/squid.pass

       basic_ncsa_auth must have access to the password file to be executed.

KNOWN ISSUES

       DES functionality (used by htpasswd by default) silently truncates passwords to 8 characters.  Allowing login with password values  shorter
       than the one desired.  This authenticator will reject login with long passwords when using DES.

AUTHOR

       This manual was written by Amos Jeffries <amosjeffries@squid-cache.org>

       Based on original documentation by Rodrigo Rubira Branco <rrbranco@br.ibm.com>

COPYRIGHT

       This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
       or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this file; if not, write  to  the  Free  Software  Foundation,
       Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

QUESTIONS

       Questions on the usage of this program can be sent to the Squid Users mailing list <squid-users@squid-cache.org>

REPORTING BUGS

       Bug reports need to be made in English.	See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with
       your bug report.

       Report bugs or bug fixes using http://bugs.squid-cache.org/

       Report serious security bugs to Squid Bugs <squid-bugs@squid-cache.org>

       Report ideas for new improvements to the Squid Developers mailing list <squid-dev@squid-cache.org>

SEE ALSO

       squid(8), htpasswd(1), GPL(7),
       The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
       The Squid Configuration Manual http://www.squid-cache.org/Doc/config/

								   May 16, 2006 						basic_ncsa_auth(8)
All times are GMT -4. The time now is 12:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy