ssh jail?
Rick Stevens
ricks at alldigital.com
Mon Jan 25 21:48:03 UTC 2016
On 01/25/2016 12:54 PM, Jeffrey Ross wrote:
>> On 01/25/2016 06:55 AM, Jeffrey Ross wrote:
>>> I'm in the process of setting up an SSH jail, for the most part its
>>> working as expected with one exception, I want to provide access to
>>> /dev/ttyUSB0 through /dev/ttyUSB4 (not 2) via cu.
>>>
>>> When I attempt to use "cu -lttyUSB0 -s9600" I always get "line in use"
>>> even through it is not in use and from another account not restricted to
>>> the "jail" I can successfully connect to the ttyUSB0.
>>>
>>> I've tried creating $chroot/
>>>
>>> run/
>>> lock/
>>> lockdev/
>>> uucp/
>>> var/
>>> run -> symbolic link to $chroot/run
>>> lock -> symbolic link to $chroot/run/lock
>>>
>>> and then matched the directory permissions so they are the same as the
>>> "real" system.
>>>
>>> ls -l $chroot/dev/ttyUSB?
>>> crwxrwxrwx 1 root dialout 188, 0 Jan 24 14:48 ttyUSB0
>>> crwxrwxrwx 1 root dialout 188, 1 Jan 24 14:49 ttyUSB1
>>> crwxrwxrwx 1 root dialout 188, 3 Jan 24 14:49 ttyUSB3
>>> crwxrwxrwx 1 root dialout 188, 4 Jan 24 14:49 ttyUSB4
>>>
>>> The dialout group is 18 and the user is in group 18, initially I set the
>>> permissions for the ttyUSB? to 660 before changing it to 777 as a last
>>> ditch effort.
>>>
>>> The "real" /dev/ttyUSB? -
>>>
>>> ls -l /dev/ttyUSB?
>>> crw-rw---- 1 root dialout 188, 0 Jan 24 14:44 /dev/ttyUSB0
>>> crw-rw---- 1 root dialout 188, 1 Jan 23 21:48 /dev/ttyUSB1
>>> crw-rw---- 1 root dialout 188, 3 Jan 24 15:12 /dev/ttyUSB3
>>> crw-rw---- 1 root dialout 188, 4 Jan 23 21:48 /dev/ttyUSB4
>>>
>>> I'm probably missing something simple and any suggestions would be
>>> appreciated.
>>
>> Uhm, double check the permissions on the $chroot/var/run and
>> $chroot/var/lock directories and make sure that the user you're trying
>> to run as has write permissions in those directories. It's been a
>> while, but IIRC the only way cu can determine if a device is in use is
>> by checking the lock files and if it can't create a lock file, it says
>> the device is in use.
>>
>> Why in the devil would you pull out that ancient program anyway? Man!
>> I haven't even LOOKED at cu/uucp in 15 years at least!
>
>
> Just in case the permissions were wrong I did a chmod -R 777 on the run
> directory, no dice, so I did the next best thing, I ran "strace -ff -o
> outfile cu -l...." found a few libraries I missed, not sure if that was
> part of the issue as that's not where the failure occurred. I did find
> that it forked (?) lockdev which is a program that I had not included
> $chroot, so I brought that program over into $chroot/usr/sbin/lockdev set
> the permission appropriately and everything began working.
>
>
> Why did I choose "cu" I know uucp is ancient but for a quick and dirty
> way to connect to various serial interfaces cu seems to work well, and
> although the remainder of the uucp suite comes with cu I did not configure
> uucp :)
>
> If you've got a suggestion for another program to use that will allow
> quick connectivity to various serial ports I'm all ears.
How about minicom? Much more flexible.
You could have done an "ldd `which cu`" to find out what libraries it
uses, as well:
[root at prophead ~]# ldd `which cu`
linux-vdso.so.1 (0x00007fff015e3000)
liblockdev.so.1 => /lib64/liblockdev.so.1 (0x00007fee0c1f5000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x00007fee0bfdc000)
libc.so.6 => /lib64/libc.so.6 (0x00007fee0bc1b000)
/lib64/ld-linux-x86-64.so.2 (0x000055a6208a4000)
However, running anything in a chroot jail is always sort of a problem.
>
> Thanks!
>
> Jeff
>
>
>
--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks at alldigital.com -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- To err is human, to forgive is beyond the scope of the OS -
----------------------------------------------------------------------
More information about the users
mailing list