CHROOT Tutorial?
kalinix
calin.kalinix.cosma at gmail.com
Tue Sep 18 21:09:18 UTC 2007
On Tue, 2007-09-18 at 14:45 -0500, Mike McCarty wrote:
> Manuel Arostegui Ramirez wrote:
> >
> > http://www.todo-linux.com/modules.php?name=News&file=article&sid=2485
> >
>
> I followed that with a few modifications to make the chroot
> environment look a little bit more like the natural environment.
> One change I made was to put the jailed shell in
>
> /usr/local/bin/jail_shells/pajaro
>
> rather than in /bin/jail. This allows easy setup of different
> users with jailed shells named for them. Another was to add
> /home/pajaro/home/pajaro, so that the "home" directory shows
> up in the chroot environment.
>
> I see some consequences which are somewhat different from the
> "normal" environment.
>
> (1) I found that
>
> $ su - pajaro
>
> worked to log in, but not
>
> $ login
> login: pajaro
> Password:
> Login incorrect
>
> (2) The user must enter his password twice when logging in,
> once for the user and once for sudo to execute the chroot.
>
> (3) The user, though jailed, runs as root in the chroot
> environment, not as himself
>
> bash-2.05b# whoami
> whoami: cannot find username for UID 0
>
> (4) After the initial login, the current directory is
> /, not $HOME.
>
> bash-2.05b# pwd
> /
> bash-2.05b# ls
> bin home lib usr
> bash-2.05b# cd
> bash-2.05b# pwd
> /home/pajaro
> bash-2.05b#
>
> Mike
> --
> p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
> Oppose globalization and One World Governments like the UN.
> This message made from 100% recycled bits.
> You have found the bank of Larn.
> I can explain it for you, but I can't understand it for you.
> I speak only for myself, and I am unanimous in that!
>
(just trying to be wiseguy :) )
(1) I tested with same setup as in document ad worked for me, of course
with
(2) two time password :) But I think you can override the sudo password
with NOPASSWD in sudoers
(3) this is intended to, since you *sudo* chroot.
(4) actually you don't have a true login shell so the home directory
in /etc/passwd means nothing. The PWD will be the one you chrooted to
Not to mention that you can easily break out from that jail.
On the other hand I have noticed /etc/security/chroot.conf but never
found an RH/Fedora/CentOS document about how to set it up. It looks like
is using a pam module, pam_chroot.so
In the meanwhile there is another chroot howto. Sorry again guys that is
not Fedora related :D This time is debian.
http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html
You might be interested in the link it provides: chroot section of the
Debian Reference
Calin
=================================================
"Help Mr. Wizard!" -- Tennessee Tuxedo
More information about the users
mailing list