Search Results

Search found 293 results on 12 pages for 'chroot'.

Page 2/12 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • User can't SFTP after chroot

    - by Dauntless
    Ubuntu 10.04.4 LTS I'm trying to chroot the user 'sam'. According to all the tutorials out there this should work, but apparently I'm still doing something wrong. The user: sam:x:1005:1006::/home/sam:/bin/false I changed /etc/ssh/sshd_config like this (at the bottom of the file): #Subsystem sftp /usr/lib/openssh/sftp-server # CHROOT JAIL Subsystem sftp internal-sftp Match group users ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no I added sam to the users group: $groups sam sam : sam users I changed the permissions for sam's home folder: $ ls -la /home/sam drwxr-xr-x 11 root root 4096 Sep 23 16:12 . drwxr-xr-x 8 root root 4096 Sep 22 16:29 .. drwxr-xr-x 2 sam users 4096 Sep 23 16:10 awstats drwxr-xr-x 3 sam users 4096 Sep 23 16:10 etc ... drwxr-xr-x 2 sam users 4096 Sep 23 16:10 homes drwxr-x--- 3 sam users 4096 Sep 23 16:10 public_html I restarted ssh and now sam can't log in with SFTP. The session is created, but also closed immediately: Sep 24 12:55:15 ... sshd[9917]: Accepted password for sam from ... Sep 24 12:55:15 ... sshd[9917]: pam_unix(sshd:session): session opened for user sam by (uid=0) Sep 24 12:55:16 ... sshd[9928]: subsystem request for sftp Sep 24 12:55:17 ... sshd[9917]: pam_unix(sshd:session): session closed for user sam Cyberduck says Unexpected end of sftp stream. and other clients give similar errors. What did I forget / what is going wrong? Thanks!

    Read the article

  • Ubuntu karmic, chroot, Ubuntu server 8.04 LTS and Plesk

    - by morpheous
    I am pretty new to the Linux environment, and although I have been using Ubuntu Karmic desktop for development work, I have always prefered the GUI tools and very rarely use the terminal. I am about to launch a site (a VPS) which will be running Ubuntu server 8.04 LTS and Plesk. I want to install both the server (8.04 LTS) and Plesk in a 'chroot' on my Karmic desktop. I also want to test install some packages I have written for the server, and generally familiarize myself with the environment before I signup to the hosting service. I will be running a streamline server (no GUI), with only the following software: PHP Python mySQL PostgreSQL Apache Plesk Third party packages I developed In terms of mail, I think the hosting provider provides a mail service, so I dont know if I will need to run my own mail server. I will like some advice on the following: How can I install Ubuntu 8.0.4 server LTS in a chroot? How can I install Plesk in Ubuntu 8.0.4 server LTS (from the command line) Can anyone recommend how I back up the remote server when I go live (i.e. what tools to use)?. I will need to back up both databases, as well as some config data and installation packages

    Read the article

  • chroot on OSX as a different OS

    - by ekaqu
    I was wondering if anyone has been able to use chroot on OSX to run another OS (ubuntu, centos). I know that they are very different, but almost everything I want to use this for wouldn't care about anything at the level of the kernel, so was hoping there would be a way to do this without using a VM. Based off my google searches, I see this question is asked, but no real answer other than "try a VM". Would really like to do this without a VM though.

    Read the article

  • Chroot for Mysql running on Ubuntu 10.10?

    - by Calvin Froedge
    Prompted from a question about MySQL server security best practices, I've been running through this list (with a few minor alterations) to properly secure my server database server: http://www.greensql.net/publications/mysql-security-best-practices On step 10, I'm told to change the root directory for the mysql user using chroot, but very few specifics are provided and I'm not sure where to start. Does anyone know of a good resource for walking me through the steps to properly create a chrooted environment for Ubuntu 10.10?

    Read the article

  • How to chroot Django

    - by Brian M. Hunt
    Can one run Django in a chroot? Notably, what's necessary in order to set up (for example) /var/www as a chroot'd directory and then have Django run in that chroot'd directory? Thank you - I'm grateful for any input.

    Read the article

  • gcc sandboxing tool - AppArmor / CHROOT jail on Ubuntu 12.04

    - by StuR
    We have a Node application as the front end to a C++ sandboxing tool, which compiles code using gcc and outputs the result to the browser. e.g. exec("gcc -o /tmp/test /tmp/test.cpp", function (error, stdout, stderr) { if(!stderr) { execFile('/tmp/test', function(error, stdout, stderr) {}); } }); This works fine. However, as you can imagine this is a security nightmare if it were to be made public - so I was thinking of two options to protect my stack: 1) A CHROOT jail - but this in itself wouldn't be enough to prevent directory traversal / file access. 2) AppArmor ? So my question is really, how could I protect my stack from any nasties that could come from: A) Compiling unknown code using gcc B) Executing the compiled code

    Read the article

  • chroot for unsecure programs execution

    - by attwad
    Hi, I have never set-up a chroot-jailed environment before and I am afraid I need some help to do it well. To explain shortly what this is all about: I have a webserver to which users send python scripts to process various files that are stored on the server (the system is for Research purpose). Everyday a cron job starts the execution of the uploaded scripts via a command of this kind: /usr/bin/python script_file.py All of this is really insecure and I would like to create a jail in which I would copy the necessary files (uploaded scripts, files to process, python binary and dependencies). I already looked at various utilities to create jails but none of them seemed up-to-date or were lacking solid documentation (ie. the links proposed in How can I run an untrusted python script) Could anyone guide me to a viable solution to my problem? like a working example of a script that creates a jail, put some files in it and executes a python script? Thank you very much.

    Read the article

  • File permissions to run mysqld in chroot

    - by Neo
    I'm trying to run mysqld inside chroot environment. Herez the situation. When I run mysqld as root, I can connect to my databases. But when I run mysql using init.d scripts, mysql gives me an error. $ mysql --user=root --password=password ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (111) So I guess, I need to change file permissions of some files. But which ones? Oh and in case you are wondering '/var/run/mysqld/mysqld.sock' is owned by 'mysql' user. EDIT: strace output looks something like this [pid 20599] <... select resumed> ) = 0 (Timeout) [pid 20599] time (NULL) = 12982215237 [pid 20599] select(0, NULL, NULL, NULL, {1, 0} <unfinished ...>

    Read the article

  • What exactly is a chroot? Is it similar to a simultaneous dual boot?

    - by mathematician1975
    It has been suggested to me that the use of a chroot might solve my problem of building an application that must run on an embedded device. I have inferred from this description that it is somehow similar to creating the embedded environment locally on my machine which I can then use to develop on from my desktop development machine. Is this the right way to look at the functionality or have I totally misunderstood? In order to get some idea of how it works I read this https://wiki.ubuntu.com/DebootstrapChroot which I will attempt to make a chroot for an old Ubuntu version on my machine. However, as I am a total linux novice, I am a bit concerned that as I do not entirely know what I am doing is there anyway that I could end up with an unusable system?? Is this something that a novice should even attempt???

    Read the article

  • SFTP ChRoot result in broken pipe

    - by Patrick Pruneau
    I have a website that I want to add some restricted access to a sub-folder. For this, I've decided to use CHROOT with SFTP (I mostly followed this link : http://shapeshed.com/chroot_sftp_users_on_ubuntu_intrepid/) For now, I've created a user (sio2104) and a group (magento).After following the guide, my folder list look like this : -rw-r--r-- 1 root root 27 2012-02-01 14:23 index.html -rw-r--r-- 1 root root 21 2012-02-01 14:24 info.php drwx------ 15 root root 4096 2012-02-25 00:31 magento As you can see, i've chown root:root the folder magento I wanted to jail-in the user and ...everything else by the way. Also in the magento folder, I chown sio2104:magento everything so they can access what they want. Finally, I've added this to sshd_config file : #Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp Match Group magento ChrootDirectory /usr/share/nginx/www/magento ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no PasswordAuthentication yes #UsePAM yes And the result is...well, I can enter my login, password and it's all finished with a "broken pipe" error. $ sftp [email protected] [....some debug....] [email protected]'s password: debug1: Authentication succeeded (password). Authenticated to 10.20.0.50 ([10.20.0.50]:22). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. Write failed: Broken pipe Connection closed Verbose mode gives nothing to help. Anyone have an idea of what I've done wrong? If I try to login with ssh or sftp with my personnal user, everything works fine.

    Read the article

  • SFTP, Chroot problems on Redhat

    - by Curtis_w
    I'm having problems setting up sftp with a ChrootDirectory. I've done an equivalent setup on other distros, but for some reason I cannot get it to work on a Redhat AMI. The changes to my sshd_config file are: Subsystem sftp internal-sftp Match Group ftponly PasswordAuthentication yes X11Forwarding no ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no I have the concerned usere's homes at /home/user, owned by root. After connecting with a user in the ftponly group, I'm dropped into / without permissions for anything, and am unable to do anything. sftp bob@localhost Connecting to localhost... bob@localhost's password: sftp> pwd Remote working directory: / I can connect normally with users not in the ftponly group. openssh version 5.3 I've experimented with different permissions, as well as having users own their own home directory (gives a Write failed: Broken pipe error), and so far, nothing has seemed to work. I'm sure it's a permissions error, or something equally as trivial, but at this point my eyes are beginning to glaze over, and any help would be greatly appreciated. EDIT: James and Madhatter, thanks for clarifying. I was confused by chroot dropping me in /... just didn't think through it properly. I've added the appropriate directories and permissions to get read access. One other key part was enabling write access to chrooted homes: setsebool -P ssh_chroot_rw_homedirs on in order to get write access. I think I'm all set now. Thanks for the help.

    Read the article

  • Is chroot the right choice for my use case?

    - by Anthony
    Backstory: I am working on setting up a MineCraft server and want to allow admins to have ssh access to the MineCraft server console and appropriate mc server files, but not the whole system. The console provided by the minecraft server is only available to the user that launched the process. In addition, the admins will need terminal access to some basic cli tools such as wget, cp, mv, rm, and a text editor. Plan: I have already setup the ssh aspect of things, requiring pre-shared keys and whatnot. Setup a jailed environment in which all user activity will be contained. Setup user accounts. - The first user account will be the minecraft user. The minecraft user will start the MC server in a multiuser screen session and allow the other admins to attach to it. - Subsequent users should have their own /home directory for normal usage. Setup acl for the appropriate files to allow each user to edit the mc server files. No one will be doing system updates, nor will anyone be installing any programs, so I'll be the only user with sudo. The Issues: I don't want the ssh users to have access to the whole system. Users will still need to use wget or curl to update the mc server files. Is chroot the right tool for this use case, or is there something more appropriate for the job? I have no experience setting up a chroot environment and have found several tools to aid in this process. Jailkit seems to be the most robust, but it's not in the standard repos.

    Read the article

  • How to run tomcat6 on ubuntu as root?

    - by J G
    I've got an existing software package that runs on Ubuntu that uses a chroot jail and so needs to be run as root. I want to exec this from Tomcat6 on Ubuntu, so presumably I have to run Tomcat6 as root instead of the Tomcat6 user. How do I go about changing tomcat6 to run as root instead of the tomcat6 user?

    Read the article

  • sftp chroot access via SSH

    - by Cudos
    Hello. I have this setup in sshd_config: AllowUsers test1 test2 Match group sftpgroup ChrootDirectory /var/www X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp Match user test2 ChrootDirectory /var/www/somedomain.dk X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp I am trying to restrict test2 to only use /var/www/somedomain.dk For some reason when I try to login e.g. with Filezilla on account test2 I get this error: "Server unexpectedly closed network connection" The users are created and works. the SSH service has been stopped and started. test1 works when using e.g. filezilla and the root of the connection is /var/www. What am I doing wrong?

    Read the article

  • openssh sftp chroot

    - by Zulakis
    I chrooted a user to the directory /var/www/upload using ChrootDirectory /var/www/upload in my etc/ssh/sshd_config. The permissions of all the files in var/www/upload is 755 and owner is root:upload_user. However, I still cannot modify the files. (Getting a permission denied error.) Is it possible if I create a subdirectory with ownership upload_user:upload_user. Is it, by any means, possible to allow my chrooted user to write to his / directory?

    Read the article

  • vsftpd chroot_local_user does nothing

    - by Reinderien
    I'm setting up a vsftpd server on: Linux 2.6.32-26-server #48-Ubuntu SMP Wed Nov 24 10:28:32 UTC 2010 x86_64 GNU/Linux When I set chroot_local_user=YES, there is no effect (I can still see / when I log in). There is nothing in syslog or /var/log/vsftpd.log to indicate what's wrong. I know that I'm editing the right conf file and that other settings do come into effect when I restart the daemon, because these work: ssl_enable=YES force_local_data_ssl=YES force_local_logins_ssl=YES Any idea what's wrong? Thanks. Edit: I've touched /etc/vsftpd.chroot_list for it to be empty (no chroot-denied users), and have added: chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list Then to restart: sudo /etc/init.d/vsftpd restart Rather than invoking init scripts through /etc/init.d, use the service(8) utility, e.g. service vsftpd restart Since the script you are attempting to invoke has been converted to an Upstart job, you may also use the restart(8) utility, e.g. restart vsftpd vsftpd start/running, process 5606 Still no effect.

    Read the article

  • On Ubuntu, how to design a monitor to run a process when a file is written to a directory?

    - by J G
    I want to run a process when a file is written to a directory on Ubuntu. I understand I can write a monitor to do this. (ie not an event based trigger but a 'monitor'). To implement this - other than writing a for loop of infinite duration in C that polls the directory - what steps would you take to implement this? What steps would you take to implement a monitor on Ubuntu that runs a process (another application) when a file is written to a directory? (The reason that you'd do this is the that process writing the file is under a limited set of permissions (eg tomcat6) but the executed process (an existing software package) needs root (ie to run a process in a chroot jail))

    Read the article

  • Jailkit not locking down SFTP, working for SSH

    - by doublesharp
    I installed jailkit on my CentOS 5.8 server, and configured it according to the online guides that I found. These are the commands that were executed as root: mkdir /var/jail jk_init -j /var/jail extshellplusnet jk_init -j /var/jail sftp adduser testuser; passwd testuser jk_jailuser -j /var/jail testuser I then edited /var/jail/etc/passwd to change the login shell for testuser to be /bin/bash to give them access to a full bash shell via SSH. Next I edited /var/jail/etc/jailkit/jk_lsh.ini to look like the following (not sure if this is correct) [testuser] paths= /usr/bin, /usr/lib/ executables= /usr/bin/scp, /usr/lib/openssh/sftp-server, /usr/bin/sftp The testuser is able to connect via SSH and is limited to only view the chroot jail directory, and is also able to log in via SFTP, however the entire file system is visible and can be traversed. SSH Output: > ssh testuser@server Password: Last login: Sat Oct 20 03:26:19 2012 from x.x.x.x bash-3.2$ pwd /home/testuser SFTP Output: > sftp testuser@server Password: Connected to server. sftp> pwd Remote working directory: /var/jail/home/testuser What can be done to lock down SFTP access to the jail? FWIW, I mostly used this as a guide: http://digitalpatch.blogspot.com.ar/2010/03/openssh-daemon-hardening-part-3-setup.html

    Read the article

  • PureFTPd : ChrootEveryone not working

    - by Mistha Noobstha
    I have a fresh install of Ubuntu 12.04 with pure-ftpd version 1.0.35-1. I don't use database for the only user I have (ftpuser1 - localuser), but I want to lock him into his home directory. /ftp/ftpuser1 is the home dir of ftpuser1. /etc/pure-ftpd/conf/ChrootEveryone has the yes string and in /etc/default/pure-ftpd-common VIRTUALCHROOT is set to false, but ftpuser1 can freely walk around. My startup line for pure-ftpd looks like this : /usr/sbin/pure-ftpd -l pam -A -8 UTF-8 -O clf:/var/log/pure-ftpd/transfer.log -u 1000 -E -B So there is the "-A" in it for the ChrootEveryone.

    Read the article

  • vsftpd chroot_local_user does nothing

    - by Reinderien
    Hello all. I'm setting up a vsftpd server on: Linux 2.6.32-26-server #48-Ubuntu SMP Wed Nov 24 10:28:32 UTC 2010 x86_64 GNU/Linux When I set chroot_local_user=YES, there is no effect (I can still see / when I log in). There is nothing in syslog or /var/log/vsftpd.log to indicate what's wrong. I know that I'm editing the right conf file and that other settings do come into effect when I restart the daemon, because these work: ssl_enable=YES force_local_data_ssl=YES force_local_logins_ssl=YES Any idea what's wrong? Thanks.

    Read the article

  • Ubuntu Server mod_chroot Apache2 Problem

    - by Petey B
    Hello, I am trying to make it so my apache web pages will be in a chroot jail. I have set up my chroot jail as according to https://wiki.ubuntu.com/ModChroot. However when i restart apache i get the following error logged: [error] No such file or directory: could not create /var/chroot/apache/var/run/apache2.pid [error] apache2: could not log pid to file /var/chroot/apache/var/run/apache2.pid /var/chroot/apache/var/run/apache2.pid is there with 777 permissions If i dissable mod_chroot web pages are delivered correctly from the /var/chroot/apache/var/www directory.

    Read the article

  • My home folder disappeared after using Chroot/debootstrap. Can it be recovered?

    - by Martin
    I was following the instructions from http://wiki.winehq.org/WineOn64bit but stopped after cloning wine. Afterwards I closed the terminal and terminated the process when asked. Ubuntu threw up an error report and when I tried to cd to ~/Downloads it was gone, along with all the other directories. So I tried restarting Ubuntu, whereupon I was greeted with the default desktop and home directory. Can I recover my home folder or has it been deleted?

    Read the article

  • Setting up an Ubuntu 9.10 chroot for Android OS builds

    <b>Spencer Herzberg Blog: </b>"So the goal of this post will be to install a 32-bit chroot of 9.10 in my fresh install of 10.04 as 9.10 is easier to build and test Cyanogen's custom Android rom. I have modified some guides from here and here. I have also elected to use schroot as it allows for easy chroot access."

    Read the article

  • scponly worked but didn't chroot the home folder, the user can still browse the entire server.

    - by Mint
    So I followed the "Chroot and Debian" tutorial in http://sublimation.org/scponly/wiki/index.php/FAQ Then when I log into user "upload" via ssh I have no access to the command line (this is what I wanted). But then when I SFTP into the upload user I can still see all the root files (/), it didn't chroot me to just /home/upload whats going on? …. I added this to the end of my /etc/ssh/sshd_config file, then done a restart Subsystem sftp internal-sftp UsePAM yes Match User upload ChrootDirectory /home/upload AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp Then when I log into sftp I can only see my upload folder (this is what I want), but now scp doesn't work :P SCP will accept my password then: debug1: Next authentication method: password [email protected]'s password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_NZ.UTF-8 debug1: Sending command: scp -v -t /test It will hang on that last debug message. Any help would be greatly appreciated. Note, running Debian Lenny

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >