Find the answer to your Linux question:
Results 1 to 6 of 6
Hey everyone, So after beating my head over this problem, i've decieded to see if anyone can help. Here's the senerio I've created several different chroot environments using several different ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2007
    Posts
    1

    Chroot environment help.


    Hey everyone,

    So after beating my head over this problem, i've decieded to see if anyone can help.

    Here's the senerio

    I've created several different chroot environments using several different methods. I've used, yum, openssh-chroot, mk_jail and a few other methods. Keep in mind i've tested each of these methods they are not being used con-currently. Also i can get the env. working beautifuly no issues.

    Here's the problem i run into. I have 30+ users each with seperate chroot env. That means each env. has /etc/passwd /etc/group /etc/shadow etc...

    now the passwd command is installed and working great in each of the environments. The only problem is when passwd is runthe "chrooted" shadow file is actually being updated. So for instanace if im logged in as chrootuser1 (who's chroot environment is /home/chrootuser1/) and I run the passwd command I go ahead and enter in the new password and all the tokens update correctly..however obviously since i'm in the chroot it's really updating /home/chrootuser1/etc/shadow vs /etc/shadow.

    Now i've seen some posts with users doing something similar to this:

    diff -u /etc/shadow /home/chrootuser1/etc/shadow > shadow.patch

    and then patch the orignal /etc/shadow file... (they then apply these commands to a cron job)

    This solution would work if I had one chroot env. where i really only had two shadow files /etc/shadow and /chroot/etc/shadow...

    But since i have dozens of individual chroot environments each with there own seperate shadow file its not feasable to patch the diff between each.


    SO.... any ideas on how to allow each chrooted user change there password would be great. I'm really open to anything at this point.

    Thanks!

  2. #2
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429

    Exclamation

    Can someone help the ppor fellow?
    And me (a)
    After looking on Google and the Forum search I saw there was a unanswerd question here and I had exacly the same problem. So I thought lets put this on the top again by replying on it. Maybe someone can help around now.. ^^

    So..

    We both need a chrootjail with linked applications...
    New Users, please read this..
    Google first, then ask..

  3. #3
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    How I got this far already..
    What do I have to do to finish this and make it work secure..

    Code:
    $JailDir = $HomeDir + "Jail"
    mkdir {$JailDir}
    mkdir {$JailDir}/bin
    mkdir {$JailDir}/lib
    mkdir {$JailDir}/home
    mount -o bind /bin {$JailDir}/bin
    mount -o bind /lib {$JailDir}/lib
    mount -o bind /home {$JailDir}/home
    ln -s /usr/bin/firefox {$JailDir}/bin
    chroot {$JailDir}
    This adds the function of firefox right?
    I really need to know how this works..
    New Users, please read this..
    Google first, then ask..

  4. #4
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Sorry that I reply on my self but then this topic is and back on the top.
    And this might be the sollution ^^

    Code:
    #!/bin/bash
    
    #
    #This script it made to make a new user.
    #
    #Made by Robin Vossen
    #Using http://intmainvoid.nl/item/4 as Reference
    #
    
    #Set this to 1 the first time you run the script
    $REGENERATE_CHROOTSHELL = 0
    
    #Can only run if root
    if [ {whoami} -eq "root" ]
    then
        #First we make the user
        $USERNAME = read
        useradd -d /tmp -s /bin/chrootshell $USERNAME
        passwd $USERNAME
        #Then we make the Home Dir
        mkdir /home/$USERNAME
        if [ $REGENERATE_CHROOTSHELL -eq 1 ]
        then
            #Lets make the chrootshell
            echo "#!/bin/bash" >> /bin/chrootshell
            echo "if [ \"$\" = \"-c\" ]" >> /bin/chrootshell
            echo "then" >> /bin/chrootshell
            echo "i=0" >> /bin/chrootshell
            echo "PARAMETERS=\"\"" >> /bin/chrootshell
            echo "do" >> /bin/chrootshell
            echo "if [ $i -gt 0 ]" >> /bin/chrootshell
            echo "then" >> /bin/chrootshell
            echo "PARAMETERS=\"$PARAMETERS $parameter\"" >> /bin/chrootshell
            echo "fi" >> /bin/chrootshell
            echo "let i++" >> /bin/chrootshell
            echo "done" >> /bin/chrootshell
            echo "sudo /usr/sbin/chroot /home/$USER /bin/su - $USER -c  \"$PARAMETERS\"" >> /bin/chrootshell
            echo "else" >> /bin/chrootshell
            echo "sudo /usr/sbin/chroot /home/$USER /bin/su - $USER" >>  /bin/chrootshell
            echo "fi" >> /bin/chrootshell
            chmod +x /bin/chrootshell
        fi
        # Make the Chroot Root ^^
        cd /home/$USERNAME
        mkdir bin dev etc home lib tmp usr
        mkdir home/$USERNAME
        #Make the tmp dir work
        chmod 777 tmp
        chmod +t tmp
        #Make chrooted Passwd file
        grep root /etc/passwd >> etc/passwd
        echo "Change /tmp to /home/$USERNAME"
        echo "and change /bin/chrootshell"
        echo "to /bin/bash"
        echo ">> Press ANY Key to Contiue <<"
        read
        nano -w etc/passwd
        #Lets make the group file
        grep root /etc/group >> etc/group
        grep users /etc/group >> etc/group
        #Copy files that can be edited
        cp /etc/profile etc
        cp /etc/DIR_COLORS etc
        cp /etc/HOSTNAME etc
        #We need to make devices
        mknod -m 0666 dev/tty c 5 0
        mknod -m 0644 dev/urandom c 1 9
        mknod -m 0666 dev/null c 1 3
        #Linking time ^^
        ln -s bin usr
        ln -s lib usr
        ln -s lib usr/libexec
        mkdir usr/local
        ln -s bin usr/local
        ln -s lib usr/local
        #Make the TermInfo
        mkdir usr/share
        cp -r /usr/share/terminfo usr/share
        #Figureout what you want the user to use
        echo "Like this:"
        echo "`which cp` `which du` `which cat` `which less` `which vi`"
        $COMMAND = read
        #Copy Essential Stuff First
        cp `which bash` `which su` `which cp` `which ln` `which ls` `which rm`  `which mv` `which cp` `which du` `which cat` `which less` `which dircolors` `which id` `which icewm` bin
        #Hhaha I dont link the librarys
        mount -o bind /lib /home/$USERNAME/lib
        #Finaly Make sudo work
        echo "$USERNAME ALL= NOPASSWD: /usr/sbin/chroot /home/$USERNAME /bin/su - $USERNAME*" >> /etc/sudoers
    else
        echo "You HAVE to be root"
    fi
    Can a Linux Guru tell me, does this work?
    New Users, please read this..
    Google first, then ask..

  5. #5
    Linux Enthusiast meton_magis's Avatar
    Join Date
    Oct 2006
    Location
    arizona
    Posts
    699
    have you tried symlinking to /etc/shadow ???
    New to the internet, technical forums, or the hacker / open source community??
    Read this to learn good posting habits http://www.catb.org/~esr/faqs/smart-questions.html

    RHCE for RHEL version 5
    RHCT for RHEL version 4

  6. #6
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    I dont know about leetEVO.
    But atleast I have
    New Users, please read this..
    Google first, then ask..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •