Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSH chroot jail problems
Operating Systems Linux Debian SSH chroot jail problems Post 302412908 by pludi on Wednesday 14th of April 2010 01:18:16 AM
Old 04-14-2010
Read up on chroot. As soon as a process changes it's root directory, it can't access the files outside anymore. Shell, utilities, password file, ... are out of reach (invisible even). You'll have to set up a minimal environment yourself inside the chroot, mirroring that of a real system.
 

10 More Discussions You Might Find Interesting

1. News, Links, Events and Announcements

More SSH Problems.....

See: http://www.cert.org/advisories/CA-2002-36.html and http://www.rapid7.com/News/pr021216-ssh.html (1 Reply)
Discussion started by: Neo
1 Replies

2. UNIX for Advanced & Expert Users

SSH problems

I am trying to ssh into a remote sun server, however I get X11 forwarding error. I have checked sshd_config file and X11 forwarding is enabled. Also xhost command doesnt give any output, it doesnt even return the prompt.I have to Ctrl C out of the situation. any suggestions anyone?? (1 Reply)
Discussion started by: ysk
1 Replies

3. UNIX for Dummies Questions & Answers

How to start a chroot jail?

I was reading an article on how it is very important to setup a chroot jail to run bind. I can follow what the article says but one thing I am unclear about is now on system boot the BIND process in the chroot jail will start since it the owner will no longer be root but some other user. Can... (1 Reply)
Discussion started by: mojoman
1 Replies

4. UNIX for Advanced & Expert Users

SFTP Jail With Sun SSH Not OpenSSH

Hi all, I have a Solaris 10 server with SUN_SSH_1.1 installed. I want to restrict a user via SFTP to only be able to access one directory. I've written a little script in .profile which works perfectly for an ssh login but it appears sftp doesn't read the .profile file so it doesn't work. ... (2 Replies)
Discussion started by: Donkey25
2 Replies

5. UNIX for Advanced & Expert Users

Chroot jail environment puzzle

I have a simple sandbox program which runs a command as user "nobody" in a chroot jail. It sets resource limits with setrlimit, changes the user id with setuid, changes the root dir with chroot, and then calls exec to execute the command given as command line parameters. It is of course a... (8 Replies)
Discussion started by: john.english
8 Replies

6. Solaris

SSH & SFTP Chroot

Hello all, does anybody knows a procedure to enable an chroot for users using ssh and sftp ? Thanks (1 Reply)
Discussion started by: celord
1 Replies

7. UNIX for Advanced & Expert Users

ssh jail user

I have a developer that needs ssh access to a server to get to a specific directory. I want to restrict them to that directory. I've tried to set their shell as rksh which does jail them but only if they are using ssh from another unix system. If they are using putty or winscp they can still... (2 Replies)
Discussion started by: toor13
2 Replies

8. Red Hat

sftp jail chroot env setup

Hi I need a specific user to be able to sftp to a server and get files from a specific location. The location is not the users home dir, i don't want the user to be able to view anything else apart from the files in that area. e.g ftp file are is - /logging/phplogs e.g user home is... (1 Reply)
Discussion started by: duckeggs01
1 Replies

9. Solaris

SSH/RSAAuthentication Problems

I'm attempting to setup RSA Authentication for a particular user on two servers. A script runs via crontab, logs into one server and transfers data from the server1 to server2. Another script via cron, runs on server2, connects to server 1 and transfers data to it. However, I'm having issues... (3 Replies)
Discussion started by: Nvizn
3 Replies

10. UNIX for Beginners Questions & Answers

Ssh-keygen problems

For some reason, when I try copying my public key to the server, despite it showing as being successful: rob@linux044:~$ ssh-copy-id -i /home/rob/Work/Keys/keys.txt.pub !@#$%.com /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/rob/Work/Keys/keys.txt.pub"... (7 Replies)
Discussion started by: Circuits
7 Replies

LEARN ABOUT OPENSOLARIS

chroot

chroot(2)							   System Calls 							 chroot(2)

NAME

       chroot, fchroot - change root directory

SYNOPSIS

       #include <unistd.h>

       int chroot(const char *path);

       int fchroot(int fildes);

DESCRIPTION

       The  chroot()  and  fchroot() functions cause a directory to become the root directory, the starting point for path searches for path names
       beginning with / (slash). The user's working directory is unaffected by the chroot() and fchroot() functions.

       The path argument points to a path name naming a directory. The fildes argument to fchroot() is the open file descriptor of  the  directory
       which is to become the root.

       The privilege {PRIV_PROC_CHROOT} must be asserted in the effective set of the process to change the root directory. While it is always pos-
       sible to change to the system root using the fchroot() function, it is not guaranteed to succeed in any other case, even if fildes is valid
       in all respects.

       The  ".." entry in the root directory is interpreted to mean the root directory itself. Therefore, ".." cannot be used to access files out-
       side the subtree rooted at the root directory. Instead, fchroot() can be used to reset the root to a directory that was opened  before  the
       root directory was changed.

RETURN VALUES

       Upon  successful  completion,  0 is returned. Otherwise, -1 is returned, the root directory remains unchanged, and errno is set to indicate
       the error.

ERRORS

       The chroot() function will fail if:

       EACCES	       Search permission is denied for a component of the path prefix of dirname, or search permission is denied for the directory
		       referred to by dirname.

       EBADF	       The descriptor is not valid.

       EFAULT	       The path argument points to an illegal address.

       EINVAL	       The  fchroot()  function  attempted  to	change to a directory the is not the system root and external circumstances do not
		       allow this.

       EINTR	       A signal was caught during the execution of the chroot() function.

       EIO	       An I/O error occurred while reading from or writing to the file system.

       ELOOP	       Too many symbolic links were encountered in translating path.

       ENAMETOOLONG    The length of the path argument exceeds PATH_MAX, or the length of a path component exceeds NAME_MAX while  _POSIX_NO_TRUNC
		       is in effect.

       ENOENT	       The named directory does not exist or is a null pathname.

       ENOLINK	       The path argument points to a remote machine and the link to that machine is no longer active.

       ENOTDIR	       Any component of the path name is not a directory.

       EPERM	       The {PRIV_PROC_CHROOT} privilege is not asserted in the effective set of the calling process.

SEE ALSO

       chroot(1M), chdir(2), privileges(5)

WARNINGS

       The only use of fchroot() that is appropriate is to change back to the system root.

SunOS 5.11							    20 Jan 2003 							 chroot(2)
All times are GMT -4. The time now is 03:53 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy