Search Results

Search found 369 results on 15 pages for 'chroot jail'.

Page 3/15 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • How to run tomcat6 on ubuntu as root?

    - by J G
    I've got an existing software package that runs on Ubuntu that uses a chroot jail and so needs to be run as root. I want to exec this from Tomcat6 on Ubuntu, so presumably I have to run Tomcat6 as root instead of the Tomcat6 user. How do I go about changing tomcat6 to run as root instead of the tomcat6 user?

    Read the article

  • sftp chroot access via SSH

    - by Cudos
    Hello. I have this setup in sshd_config: AllowUsers test1 test2 Match group sftpgroup ChrootDirectory /var/www X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp Match user test2 ChrootDirectory /var/www/somedomain.dk X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp I am trying to restrict test2 to only use /var/www/somedomain.dk For some reason when I try to login e.g. with Filezilla on account test2 I get this error: "Server unexpectedly closed network connection" The users are created and works. the SSH service has been stopped and started. test1 works when using e.g. filezilla and the root of the connection is /var/www. What am I doing wrong?

    Read the article

  • openssh sftp chroot

    - by Zulakis
    I chrooted a user to the directory /var/www/upload using ChrootDirectory /var/www/upload in my etc/ssh/sshd_config. The permissions of all the files in var/www/upload is 755 and owner is root:upload_user. However, I still cannot modify the files. (Getting a permission denied error.) Is it possible if I create a subdirectory with ownership upload_user:upload_user. Is it, by any means, possible to allow my chrooted user to write to his / directory?

    Read the article

  • On Ubuntu, how to design a monitor to run a process when a file is written to a directory?

    - by J G
    I want to run a process when a file is written to a directory on Ubuntu. I understand I can write a monitor to do this. (ie not an event based trigger but a 'monitor'). To implement this - other than writing a for loop of infinite duration in C that polls the directory - what steps would you take to implement this? What steps would you take to implement a monitor on Ubuntu that runs a process (another application) when a file is written to a directory? (The reason that you'd do this is the that process writing the file is under a limited set of permissions (eg tomcat6) but the executed process (an existing software package) needs root (ie to run a process in a chroot jail))

    Read the article

  • vsftpd chroot_local_user does nothing

    - by Reinderien
    I'm setting up a vsftpd server on: Linux 2.6.32-26-server #48-Ubuntu SMP Wed Nov 24 10:28:32 UTC 2010 x86_64 GNU/Linux When I set chroot_local_user=YES, there is no effect (I can still see / when I log in). There is nothing in syslog or /var/log/vsftpd.log to indicate what's wrong. I know that I'm editing the right conf file and that other settings do come into effect when I restart the daemon, because these work: ssl_enable=YES force_local_data_ssl=YES force_local_logins_ssl=YES Any idea what's wrong? Thanks. Edit: I've touched /etc/vsftpd.chroot_list for it to be empty (no chroot-denied users), and have added: chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list Then to restart: sudo /etc/init.d/vsftpd restart Rather than invoking init scripts through /etc/init.d, use the service(8) utility, e.g. service vsftpd restart Since the script you are attempting to invoke has been converted to an Upstart job, you may also use the restart(8) utility, e.g. restart vsftpd vsftpd start/running, process 5606 Still no effect.

    Read the article

  • PureFTPd : ChrootEveryone not working

    - by Mistha Noobstha
    I have a fresh install of Ubuntu 12.04 with pure-ftpd version 1.0.35-1. I don't use database for the only user I have (ftpuser1 - localuser), but I want to lock him into his home directory. /ftp/ftpuser1 is the home dir of ftpuser1. /etc/pure-ftpd/conf/ChrootEveryone has the yes string and in /etc/default/pure-ftpd-common VIRTUALCHROOT is set to false, but ftpuser1 can freely walk around. My startup line for pure-ftpd looks like this : /usr/sbin/pure-ftpd -l pam -A -8 UTF-8 -O clf:/var/log/pure-ftpd/transfer.log -u 1000 -E -B So there is the "-A" in it for the ChrootEveryone.

    Read the article

  • vsftpd chroot_local_user does nothing

    - by Reinderien
    Hello all. I'm setting up a vsftpd server on: Linux 2.6.32-26-server #48-Ubuntu SMP Wed Nov 24 10:28:32 UTC 2010 x86_64 GNU/Linux When I set chroot_local_user=YES, there is no effect (I can still see / when I log in). There is nothing in syslog or /var/log/vsftpd.log to indicate what's wrong. I know that I'm editing the right conf file and that other settings do come into effect when I restart the daemon, because these work: ssl_enable=YES force_local_data_ssl=YES force_local_logins_ssl=YES Any idea what's wrong? Thanks.

    Read the article

  • Ubuntu Server mod_chroot Apache2 Problem

    - by Petey B
    Hello, I am trying to make it so my apache web pages will be in a chroot jail. I have set up my chroot jail as according to https://wiki.ubuntu.com/ModChroot. However when i restart apache i get the following error logged: [error] No such file or directory: could not create /var/chroot/apache/var/run/apache2.pid [error] apache2: could not log pid to file /var/chroot/apache/var/run/apache2.pid /var/chroot/apache/var/run/apache2.pid is there with 777 permissions If i dissable mod_chroot web pages are delivered correctly from the /var/chroot/apache/var/www directory.

    Read the article

  • My home folder disappeared after using Chroot/debootstrap. Can it be recovered?

    - by Martin
    I was following the instructions from http://wiki.winehq.org/WineOn64bit but stopped after cloning wine. Afterwards I closed the terminal and terminated the process when asked. Ubuntu threw up an error report and when I tried to cd to ~/Downloads it was gone, along with all the other directories. So I tried restarting Ubuntu, whereupon I was greeted with the default desktop and home directory. Can I recover my home folder or has it been deleted?

    Read the article

  • Setting up an Ubuntu 9.10 chroot for Android OS builds

    <b>Spencer Herzberg Blog: </b>"So the goal of this post will be to install a 32-bit chroot of 9.10 in my fresh install of 10.04 as 9.10 is easier to build and test Cyanogen's custom Android rom. I have modified some guides from here and here. I have also elected to use schroot as it allows for easy chroot access."

    Read the article

  • scponly worked but didn't chroot the home folder, the user can still browse the entire server.

    - by Mint
    So I followed the "Chroot and Debian" tutorial in http://sublimation.org/scponly/wiki/index.php/FAQ Then when I log into user "upload" via ssh I have no access to the command line (this is what I wanted). But then when I SFTP into the upload user I can still see all the root files (/), it didn't chroot me to just /home/upload whats going on? …. I added this to the end of my /etc/ssh/sshd_config file, then done a restart Subsystem sftp internal-sftp UsePAM yes Match User upload ChrootDirectory /home/upload AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp Then when I log into sftp I can only see my upload folder (this is what I want), but now scp doesn't work :P SCP will accept my password then: debug1: Next authentication method: password [email protected]'s password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_NZ.UTF-8 debug1: Sending command: scp -v -t /test It will hang on that last debug message. Any help would be greatly appreciated. Note, running Debian Lenny

    Read the article

  • What's the proper way to prepare chroot to recover a broken Linux installation?

    - by ~quack
    This question relates to questions that are asked often. The procedure is frequently mentioned or linked to offsite, but is not often clearly and correctly stated. In an objective to concentrate useful information in one place, this question seeks to provide a clear, correct reference for this procedure. What are the proper steps to prepare a chroot environment for a recovery procedure? In many situations, repairing a broken Linux installation is best done from within the installation. But if the system won't boot, how do you fix it from within? Let's assume you manage to boot into an alternate system. Once there, you need to access your broken installation in order to fix it. Many recovery How-Tos recommend using chroot in order to run programs as if you are actually booted into the broken installation. What is the basic procedure? Are there accepted best-practices to follow? What variables need to be considered in order to adapt the basic preparation steps to a particular recovery task? As this is Community Wiki, feel free to edit this question to improve it as well.

    Read the article

  • Is MySecureShell a good way to manage SFTP user with chroot on a Centos Server?

    - by benjisail
    Hi, I need to setup my Centos 5.4 server for SFTP with chrooted access only (or equivalent). The regular solution using RSSH find here : http://www.cyberciti.biz/tips/howto-linux-unix-rssh-chroot-jail-setup.html seems over-killing to me if we want to manage multiple users... I found the project MySecureShell which seems a lot simpler to install and to maintain. Is it a good solution? Is there something better? Thanks!!

    Read the article

  • vmbuilder fails on chroot

    - by Bruce
    I am trying to install virtual machine with this command, but have no success: vmbuilder kvm ubuntu --verbose --suite precise --flavour virtual \ --part partitions.txt --ip 192.168.1.3 --hostname edb1 --arch amd64 \ -o --libvirt qemu:///system --user someuser --pass somepass \ --raw /home/virtual-machines/edb1.disk1.img \ --raw /home/virtual-machines/edb1.disk2.img \ --domain somedomain.com --mem 4096 --cpus 4 This is the error: ... I: Extracting xz-utils... I: Extracting zlib1g... W: Failure trying to run: chroot /tmp/tmp_JdKzu mount -t proc proc /proc , stderr: The host kernel is not original but modified by server provider. Why is the chroot needed for installation?

    Read the article

  • FreeBSD jail IMAP/MTA config recommendations

    - by kobame
    I've got access to my "own" FreeBSD jail. The jail has only basic, unconfigured system, but I have full access to FreeBSD ports, and (jail)root too. Now I need to setup my jail as IMAP/MTA. The question: What packages are EASIEST for config and later administration, (the simplest possible setup, with the minimum needed configuration) when: i haven't any preferences (don't know any yet) my (one) domain is managed by ISP, so don't need DNS need only IMAP for few users (up to 20 mailboxes) need secure transport layer (IMAPS/993) password auth, no LDAP, no kerberos, nor databases, nothing like fancy things... need easy-setup easy-admin MTA, with simplest possible password SMTP auth, (again no LDAP, nor DB), secure transport layer but would be nice have virus-scan and some anti-spam protection So, what ports I should install for MTA and IMAP? MTA (Sendmail, Postfix, Exim)? antivirus (ClamAV) antispam??? IMAP(S), (Dovecot, Courier) when the main criteria are: easy setup, and easy administration. When I googled I found only complicated setups for thousands of users with LDAP, databases and so on - too big-caliber for my small (easy?) needs. Any pointer to an easy howto is very welcomed.

    Read the article

  • On Linux do people chroot a Java Web Application or use IPTables and run as non-root?

    - by Adam Gent
    When you run a Java Servlet Container that you would like to serve both static and dynamic content on port 80 you have the classic question of whether to run the server as: As root in hopefully a chroot jail if you can (haven't gotten this working yet) As a non root user and then use IPTables to forward port 80 to some other port (1024) that the container is running on Both: As a non root user, IPTables, and chroot jail. The problem with opt. 1 is the complexity of chrooting and still the security problems of running root.The problem with opt. 2 is that each Linux distro has a different way of persisting IPTables. Option 3 of course is probably idea but very hard to setup. Finally every distro has the annoying differences in daemon scripts. What do people find as the best distro agnostic solution and are there resources to show how to do this?

    Read the article

  • FreeBSD jail with IPFW with loopback - unable to connect loopback interface

    - by khinester
    I am trying to configure a one IP jail with loopback interface, but I am unsure how to configure the IPFW rules to allow traffic to pass between the jail and the network card on the server. I have followed http://blog.burghardt.pl/2009/01/multiple-freebsd-jails-sharing-one-ip-address/ and https://forums.freebsd.org/viewtopic.php?&t=30063 but without success, here is what i have in my ipfw.rules # vim /usr/local/etc/ipfw.rules ext_if="igb0" jail_if="lo666" IP_PUB="192.168.0.2" IP_JAIL_WWW="10.6.6.6" NET_JAIL="10.6.6.0/24" IPF="ipfw -q add" ipfw -q -f flush #loopback $IPF 10 allow all from any to any via lo0 $IPF 20 deny all from any to 127.0.0.0/8 $IPF 30 deny all from 127.0.0.0/8 to any $IPF 40 deny tcp from any to any frag # statefull $IPF 50 check-state $IPF 60 allow tcp from any to any established $IPF 70 allow all from any to any out keep-state $IPF 80 allow icmp from any to any # open port ftp (20,21), ssh (22), mail (25) # ssh (22), , dns (53) etc $IPF 120 allow tcp from any to any 21 out $IPF 130 allow tcp from any to any 22 in $IPF 140 allow tcp from any to any 22 out $IPF 150 allow tcp from any to any 25 in $IPF 160 allow tcp from any to any 25 out $IPF 170 allow udp from any to any 53 in $IPF 175 allow tcp from any to any 53 in $IPF 180 allow udp from any to any 53 out $IPF 185 allow tcp from any to any 53 out # HTTP $IPF 300 skipto 63000 tcp from any to me http,https setup keep-state $IPF 300 skipto 63000 tcp from any to me http,https setup keep-state # deny and log everything $IPF 500 deny log all from any to any # NAT $IPF 63000 divert natd ip from any to any via $jail_if out $IPF 63000 divert natd ip from any to any via $jail_if in but when i create a jail as: # ezjail-admin create -f continental -c zfs node 10.6.6.7 /usr/jails/node/. /usr/jails/node/./etc /usr/jails/node/./etc/resolv.conf /usr/jails/node/./etc/ezjail.flavour.continental /usr/jails/node/./etc/rc.d /usr/jails/node/./etc/rc.conf 4 blocks find: /usr/jails/node/pkg/: No such file or directory Warning: IP 10.6.6.7 not configured on a local interface. Warning: Some services already seem to be listening on all IP, (including 10.6.6.7) This may cause some confusion, here they are: root syslogd 1203 6 udp6 *:514 *:* root syslogd 1203 7 udp4 *:514 *:* i get these warning and then when i go into the jail environment, i am unable to install any ports. any advice much appreciated.

    Read the article

  • Chrooted user does not start in his home directory and does not load his bash_profiles

    - by Stuffy
    If the users logs in, he starts in / of the chroot (Which is /var/jail on the real machine). I would like him to start in his home-dir. Also, he seems not to load any of his profile-files (.bash.rc etc). I followed this tutorial to create the chroot environment. This is what my /etc/passwd looks like: test:x:1004:1008:,,,:/var/jail/home/test:/bin/bash this is what my /var/jail/etc/passwd file looks like: test:x:1004:1008:,,,:/home/test:/bin/bash I also found out that, if I remove Match User test ChrootDirectory /var/jail AllowTCPForwarding no X11Forwarding no from my /etc/ssh/sshd_config, the user starts in his correct home-folder and with his bash-settings loaded. However, he is able to leave the chroot-environment if I remove that part. This question I asked before is somewhat related, since I think the wrong look of the commandline is caused from the not loaded profile-files. So any ideas how to fix this?

    Read the article

  • File system loop detected in /var/named/chroot/var/named/ CentOS6.3

    - by wilco
    When I use find command on shell, I got the following error. find: File system loop detected; /var/named/chroot/var/named' is part of the same file system loop as/var/named'. I verified the inode number and it comes out the same as below. [root@serverone ~]# ls -ldi /var/named/chroot/var/named/ /var/named 6684673 drwxr-x--- 6 root named 4096 Sep 7 17:17 /var/named 6684673 drwxr-x--- 6 root named 4096 Sep 7 17:17 /var/named/chroot/var/named/ I cannot remove the directory with rm -f and it is saying this is directory. It is minimal CentOS6.3 install with plesk 11. Any help would be appreciated.

    Read the article

  • Setup secure shared hosting (Apache, PHP, MySQL)

    - by Apaz
    So I'm setting up a shared hosting with Apache, PHP, MySQL and the biggest question mark is how to do with PHP, since there is a million options out there how to configure it securely. The plan is: Chroot for MySQL (built in support for chroot) Chroot for Apache (mod_security) Each user executing their PHP-scripts as their own user (see below) Set open_basedir Disable all "evil" php-functions (allow_url_fopen, system, exec, and so on) Ive looked at suexec and suphp but they seems very slow; http://blog.stuartherbert.com/php/2007/12/18/using-suexec-to-secure-a-shared-server/ http://blog.stuartherbert.com/php/2008/01/18/using-suphp-to-secure-a-shared-server/ So I've looked some more and found some other solutions: apache2-mpm-itk + mod_php(?) mod_fcgid + php-fpm mod_fastcgi + php-fpm Ive tried a simple setup with mod_fastcgi + php-fpm and it seems to work, runs as correct user and so on, but the protection against directory traveling is still open_basedir(?) One solution for that could be to use php-fpm's chroot option, but that causes a lot of other issues like domain name resolver does not work sending mail does not work Tips?

    Read the article

  • What is the secure way to isolate ftp server users on unix?

    - by djs
    I've read documentation for various ftp daemons and various long threads about the security implications of using a chroot environment for an ftp server when giving users write access. If you read the vsftpd documentation, in particular, it implies that using chroot_local_user is a security hazard, while not using it is not. There seems to be no coverage of the implications of allowing the user access to the entire filesystem (as permitted by their user and group membership), nor to the confusion this can create. So, I'd like to understand what is the correct method to use in practice. Should an ftp server with authenticated write-access users provide a non-chroot environment, a chroot environment, or some other option? Given that Windows ftp daemons don't have the option to use chroot, they need to implement isolation otherwise. Do any unix ftp daemons do something similar?

    Read the article

  • schroot build environment setup how to avoid bind-mount home

    - by minghua
    The recent linux distributions such as Fedora and Ubuntu all use chroot environment to make the build. Because when making the build often it needs to install some special tools, and to install to the existing system. Using chroot avoids making any changes to the host system. To set up such a build environment, the first step is to make a chroot. I'm following the setup guide at https://wiki.debian.org/Schroot [wheezy-test] description=Contains the SPICE program aliases=test type=directory directory=/srv/chroot/test users=jsmith root-groups=root script-config=desktop/config personality=linux preserve-environment=true In the host on my setup the /home is on /dev/mapper. When schroot is entered, the same home is bind-mounted. Is there a way to avoid this? I prefer to use a different /home inside chroot. When changing the type from directory to plain, the binding is not performed. However that also loses /proc, /sys, etc. You'd have to manually bind-mount them. That does not seem to be a good solution. If a simple configuration change is unavailable, any idea where the script is for type=directory? Probably I'll manually modify the script. Thanks in advance for any answers or hints!

    Read the article

  • Freebsd jail for an small company - checklist - what shouldn't forget

    - by cajwine
    Looking for an checklist for an "small company freebsd/jail server". Having pretty common starting point: FreeBSD jail (remote/headless) for the company: public web, email, ftp server, and private (maybe in the future partially public) wiki (foswiki) 4 physical persons, (6 email addresses) + one admin - others will never use ssh) have already done usual hardening on the host side (like pf, sshguard etc). my major components are: dovecot, exim, apache22, proftpd, perl5.14. Looking for an checklist, what I shouldn't forget. My plan: openssl self-signed certificates for exim, dovecot and proftpd (wildcard keys) openssl self-signed certificate for apache (later will go for "trusted-signed" key) My questions are: is is an "good practice" having one pair of wildcard SSL-certificates for many programs? (exim, dovecot, proftpd) - or should I generate one key for each service? should I add all 4 persons as standard (unix) users, or I should go with virtual users? Asking because: have only small count of users, and it is more simple to configure everything (exim, dovecot) for local users ($HOME/Maildir), plus ability to set $HOME/.forward/vacation and etc. is here some (special) things what I should consider? (e.g. maybe, in the future we want setup our own webmail - will make this any difference?) any other recommendation? Thank you, hoping that this question fit into the http://serverfault.com/faq under the: Server and Business Workstation operating systems, hardware, software Operations, maintenance, and monitoring Looking for an checklist, but please explain why you're recommending it. See Good Subjective, Bad Subjective. related: What's your suggested mail server configuration for a FreeBSD server?

    Read the article

  • debootstrap linux-generic package and grub

    - by user33993
    I am trying to build a thin client remix using debootstrap. I have been successful but am wondering about one thing. When I install linux-generic as per linuxlivecdcustomizationfromscratch It asks me where I want to install grub. I know the package grub is needed if you install Ubuntu off the live cd, but why is it trying to configure grub using the drives on my host system in the chroot? Thanks

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >