Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to start a chroot jail?
Top Forums UNIX for Dummies Questions & Answers How to start a chroot jail? Post 302308442 by Franklin52 on Saturday 18th of April 2009 09:23:01 AM
Old 04-18-2009
Quote:
Originally Posted by mojoman
I was reading an article on how it is very important to setup a chroot jail to run bind. I can follow what the article says but one thing I am unclear about is now on system boot the BIND process in the chroot jail will start since it the owner will no longer be root but some other user. Can someone explain how to configure for this?
That's explained here:

Chroot-BIND HOWTO

Regards
 

9 More Discussions You Might Find Interesting

1. Linux

how can i jail a user?

I created a user useradd -d /disk2/ftpfiles me How would i beable to jail me so he could not move arround my file system? (4 Replies)
Discussion started by: byblyk
4 Replies

2. UNIX for Dummies Questions & Answers

I don't want to go to jail. so I want to start using unix

I use Mac OSX and have been given all of my video editing software... illegally. I don't want to use it anymore and heard that Unix was the way to go. So that is why I am here. What video editing software is out there for Unix. I think I have Unix. Do I? I am sorry and if all anyone can... (0 Replies)
Discussion started by: moz1979
0 Replies

3. UNIX for Advanced & Expert Users

FBSD jail question

I'm trying to establish a jail on a FBSD 6.1 system and have a couple of questions on bringing up the daemon. Under the jail man page there are two user flags that I am unclear on, -u username The user name from host environment as whom the command should run. -U... (1 Reply)
Discussion started by: thumper
1 Replies

4. Debian

SSH chroot jail problems

Firstly Hi everyone :) I setup SFTP and SSH jail using this tutorial: http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny SFTP jail works however now when I try to SSH it accepts my password and then just goes to a blank screen. Type any command and the shell session is... (11 Replies)
Discussion started by: pokey144
11 Replies

5. UNIX for Advanced & Expert Users

Chroot jail environment puzzle

I have a simple sandbox program which runs a command as user "nobody" in a chroot jail. It sets resource limits with setrlimit, changes the user id with setuid, changes the root dir with chroot, and then calls exec to execute the command given as command line parameters. It is of course a... (8 Replies)
Discussion started by: john.english
8 Replies

6. UNIX for Advanced & Expert Users

ssh jail user

I have a developer that needs ssh access to a server to get to a specific directory. I want to restrict them to that directory. I've tried to set their shell as rksh which does jail them but only if they are using ssh from another unix system. If they are using putty or winscp they can still... (2 Replies)
Discussion started by: toor13
2 Replies

7. Red Hat

sftp jail chroot env setup

Hi I need a specific user to be able to sftp to a server and get files from a specific location. The location is not the users home dir, i don't want the user to be able to view anything else apart from the files in that area. e.g ftp file are is - /logging/phplogs e.g user home is... (1 Reply)
Discussion started by: duckeggs01
1 Replies

8. Cybersecurity

How to jail a process?

Hello people, I'm creating a web game control panel, where people can manage their gameserver on a php made control panel. But i have no idea how to create an jailed inviroment for the gameserver, I've looked at possebilites for chroot, but i don't want the gameserver has any binaries of linux... (1 Reply)
Discussion started by: gm33
1 Replies

9. UNIX for Beginners Questions & Answers

Iso - remaster script trying to start chroot run commands then exit but host system gets messed up

The script works and creates a modified iso fine until I added the chrootbeg and chrootend functions and executed them. I'm sorry if I did something wrong this is my first post. I uploaded entire bash script for reference or in case you want to run it to debug it is called isoremast.txt. ... (5 Replies)
Discussion started by: paulhoffusa
5 Replies

LEARN ABOUT FREEBSD

named

named(1M)                                                 System Administration Commands                                                 named(1M)

NAME

       named - Internet domain name server

SYNOPSIS

       named [-fgsv] [-c config-file] [-d debug-level] [-n #cpus] [-p port] [-t directory] [-u user] [-x cache-file]

DESCRIPTION

       The named utility is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more information on the DNS, see RFCs
       1033, 1034, and 1035.

       When invoked without arguments, named reads the default configuration file  /etc/named.conf,  reads  any  initial  data,  and  listens  for
       queries.

OPTIONS

       The following options are supported:

       -c config-file  Use  config-file  as the configuration file instead of the default /etc/named.conf. To ensure that reloading the configura-
                       tion file continues to work after the server has changed its working directory due to to a possible directory option in the
                       configuration file, config-file should be an absolute pathname.

       -d debug-level  Set the daemon's debug level to debug-level. Debugging traces from named become more verbose as the debug level increases.

       -f              Run the server in the foreground (that is, do not daemonize).

       -g              Run the server in the foreground and force all logging to stderr.

       -n #cpus        Create #cpus worker threads to take advantage of multiple CPUs. If not specified, named will try to determine the number of
                       CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be
                       created.

       -p port         Listen for queries on port port. If not specified, the default is port 53.

       -s              Write memory usage statistics to stdout on exit.

                       This option is mainly of interest to BIND 9 developers and might be removed or changed in a future release.

       -t directory    Change  the root directory using chroot(2) to directory after processing the command line arguments, but before reading the
                       configuration file.

                       This option should be used in conjunction with the -u option, as chrooting a process running as root doesn't enhance  secu-
                       rity on most systems; the way chroot() is defined allows a process with root privileges to escape a chroot jail.

       -u user         Set  the  real user ID using setuid(2) to user after completing privileged operations, such as creating sockets that listen
                       on privileged ports.

                       On Linux, named uses the kernel's capability mechanism to drop all root privileges except the ability to use  bind(3SOCKET)
                       to  bind to a privileged port and set process resource limits. Unfortunately, this means that the -u option works only when
                       named is run on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or later, since previous kernels did not allow privileges  to
                       be retained after setuid().

       -v              Report the version number and exit.

       -x cache-file   Load data from cache-file into the cache of the default view.

                       This  option  must  not  be  used.  It is of interest only to BIND 9 developers and might be removed or changed in a future
                       release.

SIGNALS

       In routine operation, signals should not be used to control the nameserver; rndc(1M) should be used instead.

       SIGHUP                  Force a reload of the server.

       SIGINT, SIGTERM         Shut down the server.

       The result of sending any other signals to the server is undefined.

CONFIGURATION

       The named configuration file is too complex to describe in detail here. A complete description is provided in the BIND 9 Administrator Ref-
       erence Manual.

FILES

       /etc/named.conf         default configuration file

       /var/run/named.pid      default process-ID file

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       |Availability                 |SUNWbind9                    |
       |Interface Stability          |External                     |
       +-----------------------------+-----------------------------+

SEE ALSO

       rndc(1M), chroot(2), setuid(2), bind(3SOCKET), attributes(5)

       RFC 1033, RFC 1034, RFC 1035

       BIND 9 Administrator Reference Manual

NOTES

       Source for BIND9 is available in the SUNWbind9S package.

SunOS 5.10                                                          15 Dec 2004                                                          named(1M)
All times are GMT -4. The time now is 06:46 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy