Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to start a chroot jail?
Top Forums UNIX for Dummies Questions & Answers How to start a chroot jail? Post 302308442 by Franklin52 on Saturday 18th of April 2009 09:23:01 AM
Old 04-18-2009
Quote:
Originally Posted by mojoman
I was reading an article on how it is very important to setup a chroot jail to run bind. I can follow what the article says but one thing I am unclear about is now on system boot the BIND process in the chroot jail will start since it the owner will no longer be root but some other user. Can someone explain how to configure for this?
That's explained here:

Chroot-BIND HOWTO

Regards
 

9 More Discussions You Might Find Interesting

1. Linux

how can i jail a user?

I created a user useradd -d /disk2/ftpfiles me How would i beable to jail me so he could not move arround my file system? (4 Replies)
Discussion started by: byblyk
4 Replies

2. UNIX for Dummies Questions & Answers

I don't want to go to jail. so I want to start using unix

I use Mac OSX and have been given all of my video editing software... illegally. I don't want to use it anymore and heard that Unix was the way to go. So that is why I am here. What video editing software is out there for Unix. I think I have Unix. Do I? I am sorry and if all anyone can... (0 Replies)
Discussion started by: moz1979
0 Replies

3. UNIX for Advanced & Expert Users

FBSD jail question

I'm trying to establish a jail on a FBSD 6.1 system and have a couple of questions on bringing up the daemon. Under the jail man page there are two user flags that I am unclear on, -u username The user name from host environment as whom the command should run. -U... (1 Reply)
Discussion started by: thumper
1 Replies

4. Debian

SSH chroot jail problems

Firstly Hi everyone :) I setup SFTP and SSH jail using this tutorial: http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny SFTP jail works however now when I try to SSH it accepts my password and then just goes to a blank screen. Type any command and the shell session is... (11 Replies)
Discussion started by: pokey144
11 Replies

5. UNIX for Advanced & Expert Users

Chroot jail environment puzzle

I have a simple sandbox program which runs a command as user "nobody" in a chroot jail. It sets resource limits with setrlimit, changes the user id with setuid, changes the root dir with chroot, and then calls exec to execute the command given as command line parameters. It is of course a... (8 Replies)
Discussion started by: john.english
8 Replies

6. UNIX for Advanced & Expert Users

ssh jail user

I have a developer that needs ssh access to a server to get to a specific directory. I want to restrict them to that directory. I've tried to set their shell as rksh which does jail them but only if they are using ssh from another unix system. If they are using putty or winscp they can still... (2 Replies)
Discussion started by: toor13
2 Replies

7. Red Hat

sftp jail chroot env setup

Hi I need a specific user to be able to sftp to a server and get files from a specific location. The location is not the users home dir, i don't want the user to be able to view anything else apart from the files in that area. e.g ftp file are is - /logging/phplogs e.g user home is... (1 Reply)
Discussion started by: duckeggs01
1 Replies

8. Cybersecurity

How to jail a process?

Hello people, I'm creating a web game control panel, where people can manage their gameserver on a php made control panel. But i have no idea how to create an jailed inviroment for the gameserver, I've looked at possebilites for chroot, but i don't want the gameserver has any binaries of linux... (1 Reply)
Discussion started by: gm33
1 Replies

9. UNIX for Beginners Questions & Answers

Iso - remaster script trying to start chroot run commands then exit but host system gets messed up

The script works and creates a modified iso fine until I added the chrootbeg and chrootend functions and executed them. I'm sorry if I did something wrong this is my first post. I uploaded entire bash script for reference or in case you want to run it to debug it is called isoremast.txt. ... (5 Replies)
Discussion started by: paulhoffusa
5 Replies

LEARN ABOUT ULTRIX

bindsetup

bindsetup(8)						      System Manager's Manual						      bindsetup(8)

Name
       bindsetup - set up the Berkeley Internet Name Domain (BIND)/Hesiod service

Syntax
       /usr/etc/bindsetup [ -c [ -d directory ] -b binddomain  name1,IP1 name2,IP2 ...	]

Description
       The command sets up the Berkeley Internet Name Domain (BIND)/Hesiod service on your system and places and resolution under BIND/Hesiod con-
       trol.  You can use this command to set up your system as a primary, secondary, slave, or caching server, or as a client.

       In order to run BIND/Hesiod, your system's host name must include the BIND domain name.	The BIND host name consists of the local host name
       plus  the  BIND	domain	name,  separated by periods.  For example, the BIND host name for a system whose local host name is and whose BIND
       domain name is is

       The command edits the and files and changes the local host name to the BIND host name, if it is not there already.

       If the command changes your system's host name, you should reboot the system to be sure that the change is propagated throughout  the  sys-
       tem.

       Before  you  run , your system must be established on a local area network.  In addition, you must know the BIND domain name for your local
       area network, and whether your system will be a primary, secondary, slave, or caching server, or a client.

       The command asks if you want to run a Kerberos authentication server. You must already have set up Kerberos to do do.   For  more  informa-
       tion, see the Guide to Kerberos.

       You should run the command as superuser and with the system in multiuser mode.

       If you use the option with the respective arguments, the command sets up your system as a BIND/Hesiod client non-interactively.

       If you run the command with no arguments, a menu is displayed giving you a choice of responses.	You are then prompted for further informa-
       tion.  Before exits, it lists the files that have been updated.

       Once BIND/Hesiod is installed on a machine, it cannot be used until the file is modified to contain BIND entries on  the  desired  database
       lines.  The command reminds a user to run or edit the file manually.

Options
       -c	    Sets up your system as a BIND/Hesiod client according to the following arguments you supply on the command line:

       -d   directory
		    This  option and argument are required if you are setting up a diskless client from the diskless server.  The directory is the
		    full path name of the root directory for your system (a diskless client) on the diskless server.  The following is an  example
		    of a root directory for a diskless client named
		    /dlclient0/orange.root

       -b   binddomain
		    This is the name of the BIND domain on which your system will be a BIND client.  For example, is a sample BIND domain name.

       name,IP	    This is the host name and the IP address of the BIND server on the domain, for example You can specify one or more BIND server
		    by listing more name,IP arguments, each separated by a space.

Files
       List of locally maintained host names and IP addresses

       Startup commands pertinent to a specific system

       Database name with the selected naming services

       Hesiod configuration file

       List of Kerberos servers

       Default BIND Files:

       BIND server data file directory

       BIND server boot file

       BIND server cache file

       BIND server local host reverse address host file

       BIND primary server hosts file

       BIND primary server reverse address hosts file

       BIND data file

See Also
       nslookup(1), hesiod(3), hesiod.conf(5), svc.conf(5), svcsetup(8), named(8), krb.conf(5), resolv.conf(5)
       Guide to the BIND/Hesiod Service
       Guide to Kerberos

																      bindsetup(8)
All times are GMT -4. The time now is 11:58 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy