HPE Community
Operating System - HP-UX
1753747 Members
4909 Online
108799 Solutions
New Discussion юеВ

Re: problem with chroot on 11.31

 
DeafFrog
Valued Contributor

тАО07-02-2009 01:07 AM

тАО07-02-2009 01:07 AM

problem with chroot on 11.31

Dear Gurus,
i tried to creat a user with following attibute :
1) should not transerve back from assigned home dir .
2)from this i ran ssh_chroot_setup.sh
--selected option 1.Configure a chroot enviroment
--Enter the new root directory for newuser with absolute path
/finlogs/alllogs/testlogs
3) Selected chroot secure shell
--2 ssh & sftp & scp
(hereis if i choose option 1--sftp only,
user is not able to login thru psftp)

But user is still able to transerve all way back to / and any dir.
i tried /./ in passwdord file,ftp and telnet are blocked on the system.
The system is 11.31.
I need help on this , the user should not transerve back from assigned home dir.
what i am doing incorrect
FrogIsDeaf
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

тАО07-02-2009 02:40 AM

тАО07-02-2009 02:40 AM

Re: problem with chroot on 11.31

Shalom,

To answer your question, I would need to see the /var/adm/syslog/syslog.log out put related to the login.

There is an error there almost certainly, which explains why chroot configuration is failing.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
DeafFrog
Valued Contributor

тАО07-02-2009 02:52 AM

тАО07-02-2009 02:52 AM

Re: problem with chroot on 11.31

Hi Sep ,

Here are the lines generated as a result og login attempt:

Jul 2 13:50:15 PWCDR sshd[19385]: SSH: Server;Ltype: Version;Remote: 80.XXX.YYY.227-3632;Protocol: 2.0;Client: PuTTY_Release
_0.59
Jul 2 13:50:22 PWCDR sshd[19385]: Accepted keyboard-interactive/pam for ftpuser from 80.XXX.YYY.227 port 3632 ssh2
Jul 2 13:50:22 PWCDR sshd[19392]: fatal: bad ownership or modes for chroot directory component "/pcard17/"
FrogIsDeaf
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО07-02-2009 04:13 AM

тАО07-02-2009 04:13 AM

Re: problem with chroot on 11.31

> Jul 2 13:50:22 PWCDR sshd[19392]: fatal:
> bad ownership or modes for chroot directory
> component "/pcard17/"

Some of us non-psychics can't see the
ownership or permissions on this directory.
"ls -l[d]"?

Or what's in /etc/passwd for this user.

Or much else.
0 Kudos
Reply
DeafFrog
Valued Contributor

тАО07-02-2009 04:27 AM

тАО07-02-2009 04:27 AM

Re: problem with chroot on 11.31

Dear Steven ,
Here they are :
PWCDR#more /etc/passwd | grep "^ftpuser"
ftpuser:ilMT1teLJzfGM:115:107:chrooted user:/pcard17/dir1/dir2/dir3/./:/bin/sh
PWCDR#ls -ld /pcard17/dir1/dir2/dir3
drwxr-xr-x 10 root sys 1024 Jul 2 11:26 /pcard17/dir1/dir2/dir3
PWCDR#ls -ld ls -ld /pcard17/dir1/dir2
PWCDR#ls -ld /pcard17/dir1/dir2
drwxrwxrwx 3 root sys 96 Jul 2 09:33 /pcard17/dir1/dir2
PWCDR#ls -ld /pcard17/dir1
drwxrwxrwx 3 root sys 96 Jul 2 09:31 /pcard17/dir1

Please let me know if some more o/p is required.
Regards ,
Rahul
FrogIsDeaf
0 Kudos
Reply
Suraj K Sankari
Honored Contributor

тАО07-02-2009 04:27 AM

тАО07-02-2009 04:27 AM

Re: problem with chroot on 11.31

Hi,
>>fatal: bad ownership or modes for chroot directory component "/pcard17/"

Check permission of the directiory which user is going to access.

Suraj
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.