topic Re: chroot returns Not Owner error in Operating System - HP-UX

chroot returns Not Owner error

Nelson Guevarra — Thu, 15 Feb 2001 20:51:29 GMT

I'm trying to restrict a user to his home directory using chroot but I'm not having any luck.

I created a user chris in /home/chris, in his directory, created the etc, usr/bin, usr/lib subdirectories and copied the files
/etc/passwd
/etc/group
/usr/bin/ls
/usr/bin/sh
/usr/lib/dld.sl
/usr/lib/libdld.1
into chris home directories respectively.
In his .profile, I have the entry
/usr/sbin/chroot /home/chris /usr/bin/sh

When I tried to login as him I got
/home/chris: NOT OWNER

I have not put any security measures so what could be the reason of this problem.

The / directory has:
drwxr-xr-x 4 root root 1024 Feb 15 12:24 home

The /home directory contains:
drwxr-xr-x 4 chris users 1024 Feb 15 12:25 chris

The /home/chris contains:
drwxrwxrwx 2 chris users 1024 Feb 15 12:32 etc
drwxrwxrwx 4 chris users 1024 Feb 15 12:30 usr

Any help is always appreciated.

Thanks.

Re: chroot returns Not Owner error

Stefan Schulz — Fri, 16 Feb 2001 07:48:09 GMT

Are there any hidden files or directorys in /home/chris which belong to another user?

Something like .dt or .profile?

Is this on a local or on a NFS filesystem?

Re: chroot returns Not Owner error

Steven Sim Kok Leong — Fri, 16 Feb 2001 08:18:35 GMT

Hi,

You are missing out the following files in your usr/lib directory:
- libc.2
- libcurses.1
- libdld.2

Perform the command using root (which has the privilege to run the process):
# chroot /home/chris /usr/bin/sh

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com

Re: chroot returns Not Owner error

Nelson Guevarra — Fri, 16 Feb 2001 17:39:16 GMT

Hi,

I'm using HPUX 10.20. The ls -la in /home/chris returns:

drwxr-xr-x 4 chris users 1024 Feb 15 12:25 .
drwxrwxrwx 4 root root 1024 Feb 15 12:24 ..
-rw-r--r-- 1 chris users 814 Feb 15 12:24 .cshrc
-rw-r--r-- 1 chris users 347 Feb 15 12:24 .exrc
-rw-r--r-- 1 chris users 341 Feb 15 12:24 .login
-rw-r--r-- 1 chris users 446 Feb 15 12:24 .profile
-rw------- 1 chris users 776 Feb 16 09:37 .sh_history
drwxrwxrwx 2 chris users 1024 Feb 15 12:32 etc
drwxrwxrwx 4 chris users 1024 Feb 15 12:30 usr

The chroot works if executed by root. This will only affect the root login. How will I make it work so when chris login so that he will be chrooted to his home directory only?

Re: chroot returns Not Owner error

Nelson Guevarra — Fri, 16 Feb 2001 17:46:13 GMT

Stefan, This is in a local file system....

Re: chroot returns Not Owner error

Stefan Schulz — Mon, 19 Feb 2001 10:29:32 GMT

As this message is "Not owner" it has to do something with an existing file. Althoug i think you should have a second look on the needed libraries this seems to be a different problem.

Have you configured to use something like command history?

I don't think you need to be root to use chroot. But i would test the following:

remove the chroot from the .profile, login as chris and try to start a new shell with chroot ....

Let us know what the result is.

Regards Stefan

Re: chroot returns Not Owner error

Carlos Fernandez Riera — Mon, 19 Feb 2001 15:29:27 GMT

From man 1M chroot:
WARNINGS
command cannot be in a shell script.

Re: chroot returns Not Owner error

Nelson Guevarra — Wed, 21 Feb 2001 00:33:13 GMT

I removed the chroot from the .profile and execute it from the shell after I login as chris. I got the same error. Same error is experienced even after invoking another shell.

Let me know if you have any other idea on how to restrict a user to be confined in his own home directory aside from chroot.

I tried it on another HPUX machine and have the same problem. I might be using chroot incorrectly.

Carlos: I'm using /usr/bin/sh (not a shell script) as my command for chroot.
i.e. /usr/sbin/chroot /home/chris /usr/bin/sh

Re: chroot returns Not Owner error

Stefan Schulz — Wed, 21 Feb 2001 06:52:19 GMT

Hello Nelson,

sorry i didn't find it til now, but the answer is in the man page. man 1M chroot says:

"This command is restricted to users with appropriate privileges."

So you have to use something like sudo or stickybits to use this command as a normal user.

Hope this helps.

Regards Stefan

Re: chroot returns Not Owner error

Daren Jackson — Wed, 21 Feb 2001 08:36:06 GMT

Why not try using a resticted shell (rsh) for the user, make links of the binaries you allow him to run in /usr/rbin and set his path to his home directoty and /usr/rbin.

There are a few holes in this method (shelling out from vi, etc.), but you can lock it down pretty tight if you give him only the binaries he needs in /usr/rbin.

Daren

Re: chroot returns Not Owner error

Joseph C. Denman — Wed, 21 Feb 2001 14:54:55 GMT

I agree with Daren, a restricted shell is the only way to lock them down. As far as I know, you can not use the chroot. However, you can lock the user down pretty good with the rsh or rksh.

Hope this helps.

...jcd...