HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

chroot

 
Piotr Kirklewski
Super Advisor

chroot

Hi there
I'm tryin to jail user in hs home directory but it's firs time I'm playing eith chroot.
I'm still having cannot run command `/bin/bash': No such file or directory
error.

Please help


root@loadb1:/# chroot /home/madmin/
chroot: cannot run command `/bin/bash': No such file or directory
root@loadb1:/# cp -R /bin/ /home/madmin/
root@loadb1:/# chroot /home/madmin/
chroot: cannot run command `/bin/bash': No such file or directory
root@loadb1:/# chown madmin:madmin /home/madmin/bin/
root@loadb1:/# chown madmin:madmin /home/madmin/bin/*
chown: changing ownership of `/home/madmin/bin/lsmod.modutils': No such file or directory
chown: changing ownership of `/home/madmin/bin/pidof': No such file or directory
root@loadb1:/# chmod 775 /home/madmin/bin/
root@loadb1:/# chmod 775 /home/madmin/bin/*
root@loadb1:/# chroot /home/madmin/
chroot: cannot run command `/bin/bash': No such file or directory
root@loadb1:/#
Jesus is the King
6 REPLIES
Ivan Ferreira
Honored Contributor

Re: chroot

Configure a chroot environment is not that easy, you must create the directory structure required and the programs to be used.

Please see:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1119613
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Piotr Kirklewski
Super Advisor

Re: chroot

To be hones I don't want to create new directories. I want to jail existing user in his existing direcotry (/home/madmin) so he cannot reach real root dir or other users directories.

How am I doing that ?

Best Regards

Peter
Jesus is the King
Ivan Ferreira
Honored Contributor

Re: chroot

>>> To be hones I don't want to create new directories.

That is the issue, to be able to run chroot, you need a directory structure in the user's HOME that simulates the root directory, chroot expect to find some files there, just to have one example, it's expecting to find /home/mdadmin/bin/bash among others.

Please see also:

http://chrootssh.sourceforge.net
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Heironimus
Honored Contributor

Re: chroot

A restricted shell would prevent the user from changing directories, but it would also block a lot of other things.
Piotr Kirklewski
Super Advisor

Re: chroot

Here's step by step what I did:

cd /tmp
wget http://www.zlib.net/zlib-1.2.3.tar.gz
tar xvfz zlib-1.2.3.tar.gz
cd zlib-1.2.3
make clean
./configure -s
make
make install
cd /tmp
apt-get install libpam0g-dev openssl libcrypto++-dev libssl0.9.7 libssl-dev ssh
wget http://chrootssh.sourceforge.net/download/openssh-4.2p1-chroot.tar.gz
tar xvfz openssh-4.2p1-chroot.tar.gz
cd openssh-4.2p1-chroot
./configure --exec-prefix=/usr --sysconfdir=/etc/ssh --with-pam
make
make install

mkdir /home/chroot/
mkdir /home/chroot/home/
cd /home/chroot
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5


#SCRIPT !!! ###########################
#!/bin/sh
APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS; do
cp $prog ./$prog

# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }'`
for l in $LIBS; do
mkdir -p ./`dirname $l` > /dev/null 2>&1
cp $l ./$l
done
fi
done
#SCRIPT !!! ###########################

cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/

echo '#!/bin/bash' > usr/bin/groups
echo "id -Gn" >> usr/bin/groups
touch etc/passwd
grep /etc/passwd -e "^root" > etc/passwd
grep /etc/group -e "^root" -e "^users" > etc/group
/etc/init.d/ssh restart
useradd -s /bin/bash -m -d /home/chroot/./home/testuser -c "testuser" -g users testuser
passwd testuser
grep /etc/passwd -e "^testuser" >> /home/chroot/etc/passwd
cp /lib/ld-linux.so.2 lib/


Now it says:

I have no name!@test:~$

instaed : testuser@test

There must be something wrong with /chroot/home/bin/bash.

Any Ideas how to get rid of this problem ?

Best Regards

Peter

Jesus is the King
Piotr Kirklewski
Super Advisor

Re: chroot

I know

vim /home/chroot/etc/passwd

and add

testuser:x:1002:100::/home/chroot/./home/testuser:/bin/bash




Best Regards

Peter
Jesus is the King