Browsing articles tagged with "chroot - Admins Goodies"
Oct 2, 2012
tom

A specific user is unable to log in to vsftpd

I am setting up a new user let his name be ftpguy. He has access to only one directory /var/www/xxx. I have already chowned the directory so that he has write and read privileges. The user is also unable to login via ssh as I have disabled that by changing his shell to /sbin/nologin. Also, in vsftpd config, I have enabled the chroot_local_user. Now whenever I log in from ftp, i get an auth error. […]

Continue Reading »
Aug 22, 2012
tom

Chroot on startup

I have a script that runs on startup, but it wont launch a application in chroot. #!/bin/sh /usr/sbin/chroot /root/chrootdir/ /bin/sh -c “lighttpd -f /etc/lighttpd.conf -m /lib” echo “script activated” >> /log/www.log the log file is written/appended on startup, but the lighttpd server is not starting. Running the script when the box is running works fine and launches lighttpd. This is a embedded system running a linux kernel and busybox. inittab triggers /etc/init.d/rcS that in turn […]

Continue Reading »
Aug 18, 2012
tom

SFTP fatal bad ownership or modes for chroot directory ubuntu 12.04

I just set up my SFTP server and it works fine when I use it from my first user account. I wanted to add a user which we will call ‘magnarp’. At first I did like this in sshd_config: Subsystem sftp internal-sftpMatch group sftponly ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp That worked fine enough, user magnarp went into his home directory. I then tried to add a symbolic link to it. home$ sudo […]

Continue Reading »
Aug 18, 2012
tom

Link all LXC node APT caches to the host machine’s APT cache

I have a number of LXC containers (ubuntu template) which all have their own separate APT caches. /var/lib/lxc/*/rootfs/var/cache/apt/archives/ I would like to have these linked to the host machines APT cache at: /var/cache/apt/archives From what I remember, symlinking out of a chroot jail is a massive no-no, so I was wondering what some other clean alternatives would be. One solution I thought of what just making a cron job on the host machine to sync […]

Continue Reading »
Aug 6, 2012
tom

PHP-FPM Chroot jail corrupts timezone db?

I’m trying to setup a PHP-FPM Chroot jail on a new CentOS 6.3 box. I can get the chroot to work fine, in the sense that I can get php scripts to respond and echo things out. But, every time I use the date function, I get an error saying the timezone db is corrupt. All I’ve done is changed the value of the chroot directive in php-fpm conf, to be the document root as […]

Continue Reading »
May 30, 2012
tom

Ubuntu SFTP & Chrooting

I’ve been looking around for a few days now, playing around with configurations and following tutorials on this. I Have two groups: dev and sftp. Users within the dev group are also part of the www-data and svn groups. These users are to be chrooted to their home directory. I would like them to have access to /var/www either via a symbolic link, or somehow mounting the directory for them. Users within the sftp group, […]

Continue Reading »
Feb 9, 2012
tom

Defining hard links in puppet

Is there a way to define hardlinks inside puppet manifest? It seems file type can only define symbolic links, but I need it to be hard links in order to make some of my chrooted applications to work. For example, I need to hardlink /etc/hosts -> $chroot/etc/hosts /etc/resolvf.com -> $chroot/etc/resolv.conf and so on. What can be the simplest way to archive that? Update: thanks, I’ve ended with following defines: define hardlinkdir(source=$name, target) { exec { […]

Continue Reading »
Jan 18, 2012
tom

How to create a link outside of the jail, but accessable within the jail?

I have created a chroot jail, but now I want to be able to create a link within the jail which links outside of the jail. Is this possible? The only method I can think of is used of a bind mount. A quick google found http://docs.1h.com/Bind_mounts Check more discussion of this question. Bookmark on Delicious Digg this post Recommend on Facebook share via Reddit Share with Stumblers Tweet about it Print for later Bookmark […]

Continue Reading »
Jan 18, 2012
tom

setlocale error with chroot

I have created a chroot jail and when I log in I get a bash warning bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) I tried to google the error, but wasn’t able to find a solution Sounds like you’re missing /usr/lib/locale inside your chroot. Try copying them into place from your non-chroot’d /usr/lib/locale or chroot with LANG=C. Check more discussion of this question. Bookmark on Delicious Digg this post Recommend on Facebook share via […]

Continue Reading »
Dec 29, 2011
tom

Implications that come with chrooting php-fpm

I am creating a production server that will run nginx with php-fpm. I want to have a good mix between securing the server, and still having good quick workflow. Now one thing that always secures the system is chrooting. Now I have read a lot about this, and chrooting nginx is pretty complicated. It is said that a good way is using the chroot function that php-fpm has build in. I read several guides, that […]

Continue Reading »
Pages:1234567»