Subject: [CAN'T SU] Re: CHROOT + SSH
From: furbs (furbs@mail.swjedi.net)
Date: Thu Feb 13 2003 - 02:06:27 AKST
I know I am close but I keep running into the same one problem now. I have a
working faux shell:
#!/bin/sh
[ "$1" = "-c" ] && a="$*"
sudo /usr/sbin/chroot /var/www/public_files/$USER /bin/su - $USER $a
and I have a working entry in sudoers:
hello ALL= NOPASSWD: /usr/sbin/chroot /var/www/public_files/hello /bin/su -
hello*
However, whenever I try to log in with ssh, I get this:
login as: hello
password:
Last login: Thu Feb 13 14:57:53 2003 from 192.168.0.50
/bin/su: incorrect password
At this point ssh stops/closes. I can't su to anybody, even when logged on as
root. What would cause this? While logged in as root this is what happens:
# su - hello
/bin/su: incorrect password
#
Brian ThunderEagle
- http://www.swjedi.net
- furbs@swjedi.net
- bthundereagle@aidea.org
Quoting furbs <furbs@mail.swjedi.net>:
>
> More information:
>
> my sudoers file has for example this entry in it:
> hello2 ALL= NOPASSWD: /usr/sbin/chroot /var/www/public_files/hello2 /bin/su -
>
> hello2*
>
> Which tells me that the user hello2 is allowed to
> run "/usr/sbin/chroot /var/www/public_files/hello2". Everytime I log in
> though,
> it's as if the chroot command isn't being run. If I try to run it by hand
> after
> logging in I get the following:
>
> $ /usr/sbin/chroot /var/www/public_files/hello2
> /usr/sbin/chroot: cannot change root directory to
> /var/www/public_files/hello2:
> Operation not permitted
> $
>
> If I run the 2 commands back to back, with suid root on chroot:
> $ /usr/sbin/chroot /var/www/public_files/hello2 /bin/su - hello2
> /bin/su: incorrect password
> $
>
>
>
> Brian ThunderEagle
> - http://www.swjedi.net
> - furbs@swjedi.net
> - bthundereagle@aidea.org
>
>
>
>
>
> Quoting furbs <furbs@mail.swjedi.net>:
>
> >
> > I am pulling my hair out trying to figure this out. I had it working at
> one
> >
> > point, and then I noticeed it stopped one day.
> >
> > I have ssh2 running, with users defined for Chroot access using
> "ChrootUsers"
> > I
> > also have an entry for each user defined in sudeors (or however its
> spelt.)
> >
> > There is also a root tree set up in their home directory. Now all of this
> was
> >
> > working, and I have no idea what caused it to stop, or when it stopped.
> So
> > far,
> > it seems that it simply isn't running the "chroot" on the user when they
> log
> >
> > in. Does anyone have any knowledge as to how to set up Chroot with SSH?
> > "ssh-
> > chrootmgr" doesn't work either. Anything I can find on this is extreamly
> > vague
> > and doesn't actually explain the entire process of a working setup. Any
> help
> > is
> > appreciated, I need to get this fixed ASAP.
> >
> >
> >
> > Brian ThunderEagle
> > - http://www.swjedi.net
> > - furbs@swjedi.net
> > - bthundereagle@aidea.org
> >
> >
> >
> >
> >
> >
> >
> >
> > -------------------------------------------------
> > This mail sent through IMP: http://horde.org/imp/
> >
> > ---------
> > To unsubscribe, send email to <aklug-request@aklug.org>
> > with 'unsubscribe' in the message body.
> >
>
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Thu Feb 13 2003 - 15:05:19 AKST