Search Results

Search found 369 results on 15 pages for 'chroot jail'.

Page 4/15 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • How to boot from a debootstrap based install?

    - by João Pinto
    I would like to boot a testing Ubuntu release from a directory (which contains a debootstrap based install). As far as I understand I just need someway to tell the boot process (initrd scripts?) that it should chroot() into the specified dir immediately after mounting the root partition, and then resume the regular upstart/init start. Could someone provide some instructions on how to achieve this?

    Read the article

  • Mounting a network filesystem into schroot

    - by haggai_e
    Hi, I'm using a network file system (AFS) and I would like to also mount it into my schroot. Adding a line to /etc/schroot/mount-defaults, with bind or rbind in the options didn't help: schroot always mounts the directory with bind, and it remains empty in the chroot. My current solution is a script that remounts the /afs directory with rbind after the schroot has been set up. Is there a way to make schroot use rbind directly?

    Read the article

  • Faking a Linux environment without chroot

    - by Pascal
    For a university project I want to test a C++11 program on a 32-core machine. Unfortunately the machine has Ubuntu 12.04 with GCC 4.6 installed (we need GCC 4.7 because of some C++11 threading features). In such an environment I would normally run a chroot with a custom linux (say a debootstrap with Ubuntu 12.10). Since we don't get root access on the machine we can't use chroot. So far I have prepared a run-time environment using debootstrap for our code, I compiled it in the debootstrap environemnt. Then copied it onto the server (using rsync). In order to run our C++ code I set the LD_LIBRARY_PATH to export LD_LIBRARY_PATH=~/debootstrap/usr/lib/:~/debootstrap/lib64/:~/debootstrap/usr/lib/x86_64-linux-gnu/:~/debootstrap/lib/x86_64-linux-gnu/:$LD_LIBRARY_PATH and so far our code seems to run. I'm however stuck with our python code. It doesn't seem to be sufficient to set the paths manually. export PYTHONPATH=~/debootstrap/usr/lib/python2.7/dist-packages:~/debootstrap/usr/lib/python2.7:~/debootstrap/usr/lib/python2.7/plat-linux2:~/debootstrap/usr/lib/python2.7/lib-tk:~/debootstrap/usr/lib/python2.7/lib-dynload:~/debootstrap/usr/local/lib/python2.7/dist-packages:~/debootstrap/usr/lib/pymodules/python2.7:~/debootstrap/usr/lib/python2.7/dist-packages/PIL:~/debootstrap/usr/lib/python2.7/dist-packages/gtk-2.0:~/debootstrap/usr/lib/python2.7 Executing our script results in ImportError: No module named _path Is there an easier way to accomplish a "fake"-chroot than just overriding and creating environment variables? Note I need python since we created a custom C++-Python module in order to run our tests. Maybe I should create two questions from this.

    Read the article

  • File system loop detected in /var/named/chroot/var/named/

    - by Iko
    The problem start with a message No space left on device. After investigating a little (with google's help) I found : find: File system loop detected; /var/named/chroot/var/named' is part of the same file system loop as/var/named'. What I don't know is what to do next. I found this on centos.org : and see if the inode numbers are the same (they shouldn't be). If they are then you need to remove the /var/named/chroot/var/named/ hard link and recreate it as a directory the inode number are the same but I don't know exactly which folder to delete and what to do next thank you for any help Linux xxxxx.onlinehome-server.info 2.6.32-220.13.1.el6.x86_64 #1 SMP Tue Apr 17 23:56:34 BST 2012 x86_64 x86_64 x86_64 GNU/Linux

    Read the article

  • Linux networking "jail" for a single process

    - by halp
    I need to tune up a networking app for network specific things like: make it use a DNS server different than the default one from /etc/resolv.conf make sure it does not try to connect to certain hosts/ports using tcp/udp connections I know I can get away with just modifying /etc/resolv.conf and writing some iptables rules, but going for a default DENY firewall policy for outgoing IP packets can trigger malfunctions in other services running on the server. I know I can set up a virtual machine with a whole OS and run my app there, but it seems a bit overkill. Is it possible to have a networking "jail" for a single app (think single Linux process) that could accept iptables-like rules for network traffic (think in terms of IP packets and above) allowed to and from this particular app? Maybe this is achievable through some dynamically loaded library that can deal with the networking layer, the same manner tsocks does, but more fine-grained?

    Read the article

  • Resource consumption of FreeBSD's jails

    - by Juan Francisco Cantero Hurtado
    Just for curiosity. An example machine: an dedicated amd64 server with the last stable version of FreeBSD and UFS for the partitions. How much resources consume FreeBSD for each empty jail? I mean, I don't want know what is the resource consumption of a jailed server or whatever, just the overhead of each jail. I'm especially interested on CPU, memory and IO. For a few jails the overhead is negligible but imagine a server with 100 jails.

    Read the article

  • vsftpd: chroot_local_user causes GNU/TLS-error

    - by akrosikam
    Distro: Ubuntu 12.04.2 Server 32-bit Server client: vsftpd 2.3.5 (from default "main" repository) Problem: Since upgrading from Ubuntu 10.04 to Ubuntu 12.04 (nothing changed on client-side), vsftp has refused to make chroot-jails with the "chroot_local_user" directive on FTP(e/i)S-connections. Here's my vsftpd.conf: anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES xferlog_std_format=YES ftpd_banner=How are you gentlemen. listen=YES pam_service_name=vsftpd userlist_enable=YES userlist_deny=NO tcp_wrappers=YES connect_from_port_20=YES ftp_data_port=20 listen_port=21 pasv_enable=YES pasv_promiscuous=NO pasv_min_port=4242 pasv_max_port=4252 pasv_addr_resolve=YES pasv_address=your.domain.com ssl_enable=YES allow_anon_ssl=NO force_local_logins_ssl=YES force_local_data_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_cert_file=/home/maw/ssl_ftp_test/vsftpd.pem rsa_private_key_file=/home/maw/ssl_ftp_test/vsftpd.pem debug_ssl=YES log_ftp_protocol=YES ssl_ciphers=HIGH chroot_local_user=NO How to reproduce: Have a working SSL/TLS-secured vsftpd-configuration (I suggest similar to the one above) ready. Try to connect with an FTP user client and upload some files. With my setup, the above listed config works well at this point. Edit /etc/vsftpd.conf and set chroot_local_user= to YES. Make sure that chroot_list_enable= and/or chroot_list_file= are not set. Comment them out if they are. Save and exit. Run sudo restart vsftpd (or sudo service vsftpd restart if you like) in a terminal. Try to connect with an FTP user client. You should see a message more or less like this: GnuTLS error -15: An unexpected TLS packet was received. This is an issue for me, as I do not want FTP-sessions to be able to list files outside the user's home folder. I have checked with several client-side apps, and I get the same results with every one of them. Filezilla is not so good regarding cipher methods nowadays, but as I am able to make an FTP(e)s-connection over TLS (as long as chroot'ing is disabled and ssl_ciphers is set to HIGH) I have a feeling ciphers are not the issue this time, and that I won't find the answer by tweaking configs on the client side. My vsftpd.log stays empty, even though debug_ssl and log_ftp_protocol are enabled, so no info there either.

    Read the article

  • Webserver: chrooted PHP gives mysql.sock error when attempting to reach mysql

    - by Jon L.
    Hey guys, I've configured an Ubuntu webserver with Nginx + PHP5-FPM. I've created a chrooted environment (using jailkit) that I'm tossing my developers into, from where they can develop their test applications. Chroot jail: /home/jail Nginx and PHP5-FPM run outside the chroot, but are configured to function with websites within the chrooted environment. So far, Nginx and PHP5-FPM are serving up files without issue, except for the following: When attempting to connect to MySQL, we receive this error: SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' Now, I believe the issue is due to the non-chrooted php.ini referencing mysqld.sock outside of the chroot environment (it's actually using the MySQL default setting currently). My question is, how can I configure PHP to access MySQL via loopback or similar? (Found that as a suggestion in a google result, but without any instructions) Or if I'm missing some other obvious setting, let me know. If there's an option of creating a hardlink (that would remain available even if mysql is restarted), that would be handy as well.

    Read the article

  • A complicated nginx/php-fpm chroot setup

    - by Rsaesha
    I'm running nginx and php-fpm, and I want to set up jails for each host. My setup is a little complicated, so following tutorials on the web gets me nowhere. Each site has a directory /var/www/domain.name/ Inside that directory, there will be a public/ directory which will be the website root, a logs/ directory which will store nginx logs for that site specifically, and the chroot filesystem (etc/, usr/, etc.) The first problem I've run into is that nomatter how I configure it, PHP-FPM cannot find the files that are passed to it via nginx. They result in a "Primary script unknown" error, and to make matters worse, the error messages from PHP-FPM are no more verbose than that, so I can't figure out what path is being passed by nginx. A php-fpm pool configuration for a host looks like this: [host] user = host group = www-data chroot = /var/www/domain.name chdir = /public listen = 127.0.0.1:900x 'x' is incremented for each pool. The nginx config for this host looks like this: server { listen 80; server_name domain.name *.domain.name; root /var/www/domain.name/public; index index.php index.html index.html; location ~ \.php$ { expires epoch; fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass 127.0.0.1:9001; } } I'm guessing that the problem is the SCRIPT_FILENAME parameter, but I've changed it to just $fastcgi_script_name, and various other combinations, but to no avail. Can anyone help?

    Read the article

  • What is chroot in proftpd

    - by Saif Bechan
    I am using proftpd and on every login I get the following message: Apr 4 08:26:23 mydomain proftpd[4240]: mydomain.com (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - FTP session opened. Apr 4 08:26:23 mydomain proftpd[4240]: mydomain.com (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - Preparing to chroot to directory 'path-to/domain' Can anyone explaom to me what this means. Everything works fine however, the are no other messages except for these 2.

    Read the article

  • chrooting php-fpm with nginx

    - by dragonmantank
    I'm setting up a new server with PHP 5.3.9 and nginx, so I compiled PHP with the php-fpm SAPI options. By itself it works great using the following server entry in nginx: server { listen 80; server_name domain.com www.domain.com; root /var/www/clients/domain.com/www/public; index index.php; log_format gzip '$remote_addr - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$gzip_ratio"'; access_log /var/www/clients/domain.com/logs/www-access.log; error_log /var/www/clients/domain.com/logs/www-error.log error; location ~\.php$ { fastcgi_pass 127.0.0.1:9001; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/clients/domain.com/www/public$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; include /etc/nginx/fastcgi_params; } } It servers my PHP files just fine. For added security I wanted to chroot my FPM instance, so I added the following lines to my conf file for this FPM instance: # FPM config chroot = /var/www/clients/domain.com and changed the nginx config: #nginx config for chroot location ~\.php$ { fastcgi_pass 127.0.0.1:9001; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME www/public$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; include /etc/nginx/fastcgi_params; } With those changes, nginx gives me a File not found message for any PHP scripts. Looking in the error log I can see that it's prepending the root path to my DOCUMENT_ROOT variable that's passed to fastcgi, so I tried to override it in the location block like this: fastcgi_param DOCUMENT_ROOT /www/public/; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; but I still get the same error, and the debug log shows the full, unchrooted path being sent to PHP-FPM. What am I missing to get this to work?

    Read the article

  • vsftpd: refusing to run with writable root inside chroot

    - by MrROY
    I want to setup a anonymous only ftp server (able to upload files). Here is my config file: listen=YES anonymous_enable=YES anon_root=/var/www/ftp local_enable=YES write_enable=YESr. anon_upload_enable=YES anon_mkdir_write_enable=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES dirmessage_enable=YES use_localtime=YES secure_chroot_dir=/var/run/vsftpd/empty rsa_cert_file=/etc/ssl/private/vsftpd.pem pam_service_name=vsftpd But when i try to connect it: kan@kan:~$ ftp yxxxng.bej Connected to yxxx. 220 (vsFTPd 2.3.5) Name (yxxxg.bej:kan): anonymous 331 Please specify the password. Password: 500 OOPS: vsftpd: refusing to run with writable root inside chroot() Login failed Can anyone help ?

    Read the article

  • A specific user is unable to log in to vsftpd

    - by HackToHell
    I am setting up a new user let his name be ftpguy. He has access to only one directory /var/www/xxx. I have already chowned the directory so that he has write and read privileges. The user is also unable to login via ssh as I have disabled that by changing his shell to /sbin/nologin. Also, in vsftpd config, I have enabled the chroot_local_user. Now whenever I log in from ftp, i get an auth error. Connect socket #1008 to xxxxxxxx, port 21... 220 Welcome to blah FTP service. USER ftpguy 331 Please specify the password. PASS **** 530 Login incorrect. I changed the password to something different several times, using the passwd command, nothing happens, i still the above error. However I am able to log in with my ssh creditals to my ftp server without any problems.(I do not use a key).

    Read the article

  • Need ProFTPd to follow symbolic link

    - by FMaz008
    I have 2 folder: /var/www/project1/ /var/www/repository/module/ and I have this symbolic link: /var/www/project1/module/News = /var/www/repository/module/News I know the target is outside the ftp root folder. But I want to make proFTPd to be able to display&follow that symbolic link. The security is NOT a matter, we use that FTP on the local network for development purpose only. Ps.: I also use GADMIN-PROFTPD, and I installed everything by default, using apt-get install.

    Read the article

  • How to "FTP jail" with Pure-FTPD?

    - by Nate
    I asked this a little bit ago, but instead of specifying Pure-FTPD I just said Apache. Per the answer to that question, I'm asking again with "Pure-FTPD" in the title this time. I need to allow someone access to my VPS via FTP, but there are a number of directories that the person must not be allowed to view or modify. For example, something like this: private_info_1 public_info_1 private_info_2 public_info_2 In this example, the FTP user would need to be allowed to do stuff in the public directories, but not the private ones. How do I go about doing this with Pure-FTPD? I have cPanel and SSH access.

    Read the article

  • iPhone jail break implementation

    - by Marcus
    I've read to jailbreak your iPhone, you download custom firmware to your iPhone. Is this "firmware" a full operating system? Are you replacing the OS that Apple included on the phone with a custom version that doesn't have some of Apple's restrictions?

    Read the article

  • What is the easiest and cleanest way to create a chrooted SFTP on Centos 5.4?

    - by benjisail
    Hi, I would like to setup a SFTP with chroot (or equivalent) login to my Centos 5.4 server in a clean way. By clean way I mean by using only the YUM command if possible and with something easy to maintain and easy to extend (for example an easy way to add an extra SFTP user). The problem with CentOS 5.4 is that OpenSSH is at version 4.3 in the repository so it is not possible to use the built in chroot capabilities of OpenSSH 4.8+. Installing RSSH required to create manually a chrooted directory which don't seems easy to maintain to me. MySecureShell is an other solution but it require an higher version of openSSL than the one which is in the repository. I know that I could install manually an higher version of OpenSSH but I would lose all the advantage of the Yum command and it could become tricky to maintain if I want to do some updates in the futur... Do you have an easy and clean way to setup a chrooted SFTP login on a centOS 5.4 server? Thanks!

    Read the article

  • Simple jail for user with open-ssh

    - by Vikram
    Can I confine my users to their /home/%u directory using simply open-ssh configuration? I did the following from what I found on the Internet Stopped the server To the sshd_config file appended the following Match group sftpusers ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no started the server FYI I have the users added to sftpusers group My users can still access entire file structure on my system Ubuntu Server 12.04 LTS with open-ssh installed

    Read the article

  • chroot'ing SSH home directories, shell problem.

    - by Hamza
    Hi folks, I am trying to chroot my SSH users to their home directories and it seems to work.. in a strange way. Here is what I have in my sshd_config: Match group restricthome ChrootDirectory %h The permissions on the user directories looks like this: drwxr-xr-x 2 root root 1024 May 11 13:45 [user]/ And I can see that the user logs in successfully: May 11 13:49:23 box sshd[5695]: Accepted password for [user] from x.x.x.x port 2358 ssh2 (with no error messages after this) But after entering the password the PuTTY window closes down. This is a wild guess, but could it be because the user's shell is set to /bin/bash and it can't execute because of the chroot? If so, could you give me pointers on how to fix it? Would simply copying the bash binary into user's home directory and modyfying the shell work? How would I deal with the dependencies, ldd shows quite a few of those :) Comments/suggestions will be appreciated. Thanks.

    Read the article

  • Can't connect using Jail SFTP account

    - by Fazal
    I've been following this tutorial "Limiting Access with SFTP Jails on Debian and Ubuntu" and whilst I've had no errors setting it up, I've had issues on Ubuntu 10.04LTS logging in as a user on a virtualhost. I've changed my SSH port to 22022, and enter all the credentials when attempting to login. I ran these commands to add a user to the virtualhost: # useradd -d /srv/www/[domain] [username] # passwd [username] # usermod -G filetransfer [username] # chown [username]:[username] /srv/www/[domain]/public_html I should add that this is the only time I've setup the user they have no other /home directories or such. The directory that does exist is at /srv/www/example.com/public_html When I try using a desktop package such as cyberduck to login to the site, I keep getting a "Login failed with this username or password". I am completely lost as what to do next... The reason why I'm trying this method is because I want my clients to use SFTP and not FTP to upload files to their websites. Any help or direction is appreciated.

    Read the article

  • Jail Linux user to directory for FTP login

    - by Greg
    I'm planning on using vsftpd to act as a secure ftp server, but I am having difficulty controlling the linux users that will be used as ftp logins. The users are required to be "jailed" into a specific directory (and subdirectories) and have full read/write access. Requirements: - User account "admin_ftp" should be jailed to /var/www directory. - Other accounts will be added as needed, for each site... e.g: - User account "picturegallery_ftp" should be jailed to /var/www/picturegallery.com directory. I have tried the following, but to no avail: # Group to store all ftp accounts in. groupadd ftp_accounts # Group for single user, with the same name as the username. groupadd admin_ftp useradd -g admin_ftp -G ftp_accounts admin_ftp chgrp -R ftp_accounts /var/www chmod -R g+w /var/www When I log into FTP using account admin_ftp, I am given the error message: 500 OOPS: cannot change directory:/home/admin_ftp But didn't I specify the home directory? Extra internets for a guide how to do this specifically for vsftpd :)

    Read the article

  • Entire filesystem restore from rdiff-backup snapshot

    - by atmosx
    I'm trying to make a complete system restore from an rdiff-backup. The cli for backing was: rdiff-backup --exclude-special-files --exclude /tmp --exclude /mnt --exclude /proc --exclude /sys / /mnt/backup/ebox/ I created a new partition mounted the partition at /mnt/gentoo and did: rdiff-backup -r /mnt/vol2 /mnt/gentoo However when I try to chroot to this system (following gentoo's manual, which means mounting /dev/ and /proc) I get the following error: chroot: failed to run command/bin/bash': No such file or directory` All this takes place on a Parallels (virtual machine) Debian installation. Any ideas on how to proceed in order to fully restore the system? Best Regards ps. /mnt/gentoo/bin/bash works fine if I execute it. All files and permissions are in place rdiff-backup seems to work just fine. However the system cannot neither boot (exits with kernel panic - cannot find init) or be chrooted.

    Read the article

  • How to "FTP jail" with apache?

    - by Nate
    I need to allow someone access to my website via FTP, but there are a number of directories that the person must not be allowed to view or modify. For example, something like this: private_info_1 public_info_1 private_info_2 public_info_2 In this example, the FTP user would need to be allowed to do stuff in the public directories, but not the private ones. How do I go about doing this with an Apache server? I have cPanel and SSH access.

    Read the article

  • FreeBSD Jail own network stack with vimage

    - by bodokaiser
    I want to throw all services from the host system and put them in jails. Unfortunatly this doesn't work for file sharing (e.g. nfsd) because the jails don't have there own network stack by default. I know read something about vimage which would solve this issue. See more in this thread: http://forums.freebsd.org/showthread.php?t=9006 The use of vimage with raw jails should use moreorless but the use with vimage and ezjail makes it hard. Does anyone have experience about this topic and wants to share it? Regards

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >