topic Re: chroot in Operating System - Linux

chroot

Piotr Kirklewski — Wed, 14 Nov 2007 08:29:09 GMT

Hi there
I'm tryin to jail user in hs home directory but it's firs time I'm playing eith chroot.
I'm still having cannot run command `/bin/bash': No such file or directory
error.

Please help

root@loadb1:/# chroot /home/madmin/
chroot: cannot run command `/bin/bash': No such file or directory
root@loadb1:/# cp -R /bin/ /home/madmin/
root@loadb1:/# chroot /home/madmin/
chroot: cannot run command `/bin/bash': No such file or directory
root@loadb1:/# chown madmin:madmin /home/madmin/bin/
root@loadb1:/# chown madmin:madmin /home/madmin/bin/*
chown: changing ownership of `/home/madmin/bin/lsmod.modutils': No such file or directory
chown: changing ownership of `/home/madmin/bin/pidof': No such file or directory
root@loadb1:/# chmod 775 /home/madmin/bin/
root@loadb1:/# chmod 775 /home/madmin/bin/*
root@loadb1:/# chroot /home/madmin/
chroot: cannot run command `/bin/bash': No such file or directory
root@loadb1:/#

Re: chroot

Ivan Ferreira — Wed, 14 Nov 2007 08:58:11 GMT

Configure a chroot environment is not that easy, you must create the directory structure required and the programs to be used.

Please see:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1119613

Re: chroot

Piotr Kirklewski — Wed, 14 Nov 2007 09:46:22 GMT

To be hones I don't want to create new directories. I want to jail existing user in his existing direcotry (/home/madmin) so he cannot reach real root dir or other users directories.

How am I doing that ?

Best Regards

Peter

Re: chroot

Ivan Ferreira — Wed, 14 Nov 2007 10:28:58 GMT

>>> To be hones I don't want to create new directories.

That is the issue, to be able to run chroot, you need a directory structure in the user's HOME that simulates the root directory, chroot expect to find some files there, just to have one example, it's expecting to find /home/mdadmin/bin/bash among others.

Please see also:

http://chrootssh.sourceforge.net

Re: chroot

Heironimus — Wed, 14 Nov 2007 11:26:58 GMT

A restricted shell would prevent the user from changing directories, but it would also block a lot of other things.

Re: chroot

Piotr Kirklewski — Mon, 19 Nov 2007 11:36:54 GMT

Here's step by step what I did:

cd /tmp
wget http://www.zlib.net/zlib-1.2.3.tar.gz
tar xvfz zlib-1.2.3.tar.gz
cd zlib-1.2.3
make clean
./configure -s
make
make install
cd /tmp
apt-get install libpam0g-dev openssl libcrypto++-dev libssl0.9.7 libssl-dev ssh
wget http://chrootssh.sourceforge.net/download/openssh-4.2p1-chroot.tar.gz
tar xvfz openssh-4.2p1-chroot.tar.gz
cd openssh-4.2p1-chroot
./configure --exec-prefix=/usr --sysconfdir=/etc/ssh --with-pam
make
make install

mkdir /home/chroot/
mkdir /home/chroot/home/
cd /home/chroot
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5

#SCRIPT !!! ###########################
#!/bin/sh
APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS; do
cp $prog ./$prog

# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }'`
for l in $LIBS; do
mkdir -p ./`dirname $l` > /dev/null 2>&1
cp $l ./$l
done
fi
done
#SCRIPT !!! ###########################

cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/

echo '#!/bin/bash' > usr/bin/groups
echo "id -Gn" >> usr/bin/groups
touch etc/passwd
grep /etc/passwd -e "^root" > etc/passwd
grep /etc/group -e "^root" -e "^users" > etc/group
/etc/init.d/ssh restart
useradd -s /bin/bash -m -d /home/chroot/./home/testuser -c "testuser" -g users testuser
passwd testuser
grep /etc/passwd -e "^testuser" >> /home/chroot/etc/passwd
cp /lib/ld-linux.so.2 lib/

Now it says:

I have no name!@test:~$

instaed : testuser@test

There must be something wrong with /chroot/home/bin/bash.

Any Ideas how to get rid of this problem ?

Best Regards

Peter

Re: chroot

Piotr Kirklewski — Mon, 19 Nov 2007 11:53:09 GMT

I know

vim /home/chroot/etc/passwd

and add

testuser:x:1002:100::/home/chroot/./home/testuser:/bin/bash

Best Regards

Peter