Re: CHROOT + SSH

Subject: Re: CHROOT + SSH
From: furbs (furbs@mail.swjedi.net)
Date: Thu Feb 13 2003 - 01:15:20 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: David Plaster: "vnc"
• Previous message: Mike Barsalou: "Remote Desktop"
• Maybe in reply to: furbs: "CHROOT + SSH"
• Next in thread: furbs: "[CAN'T SU] Re: CHROOT + SSH"
• Maybe reply: furbs: "Re: CHROOT + SSH"
• Reply: furbs: "Re: CHROOT + SSH"

More information:

my sudoers file has for example this entry in it:
hello2 ALL= NOPASSWD: /usr/sbin/chroot /var/www/public_files/hello2 /bin/su -
hello2*

Which tells me that the user hello2 is allowed to
run "/usr/sbin/chroot /var/www/public_files/hello2". Everytime I log in though,
it's as if the chroot command isn't being run. If I try to run it by hand after
logging in I get the following:

$ /usr/sbin/chroot /var/www/public_files/hello2
/usr/sbin/chroot: cannot change root directory to /var/www/public_files/hello2:
Operation not permitted
$

If I run the 2 commands back to back, with suid root on chroot:
$ /usr/sbin/chroot /var/www/public_files/hello2 /bin/su - hello2
/bin/su: incorrect password
$

     Brian ThunderEagle
      - http://www.swjedi.net
      - furbs@swjedi.net
      - bthundereagle@aidea.org

Quoting furbs <furbs@mail.swjedi.net>:

>
> I am pulling my hair out trying to figure this out. I had it working at one
>
> point, and then I noticeed it stopped one day.
>
> I have ssh2 running, with users defined for Chroot access using "ChrootUsers"
> I
> also have an entry for each user defined in sudeors (or however its spelt.)
>
> There is also a root tree set up in their home directory. Now all of this was
>
> working, and I have no idea what caused it to stop, or when it stopped. So
> far,
> it seems that it simply isn't running the "chroot" on the user when they log
>
> in. Does anyone have any knowledge as to how to set up Chroot with SSH?
> "ssh-
> chrootmgr" doesn't work either. Anything I can find on this is extreamly
> vague
> and doesn't actually explain the entire process of a working setup. Any help
> is
> appreciated, I need to get this fixed ASAP.
>
>
>
> Brian ThunderEagle
> - http://www.swjedi.net
> - furbs@swjedi.net
> - bthundereagle@aidea.org
>
>
>
>
>
>
>
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: David Plaster: "vnc"
• Previous message: Mike Barsalou: "Remote Desktop"
• Maybe in reply to: furbs: "CHROOT + SSH"
• Next in thread: furbs: "[CAN'T SU] Re: CHROOT + SSH"
• Maybe reply: furbs: "Re: CHROOT + SSH"
• Reply: furbs: "Re: CHROOT + SSH"

This archive was generated by hypermail 2a23 : Thu Feb 13 2003 - 14:14:09 AKST