Find the answer to your Linux question:
Results 1 to 3 of 3
Hello all I have been looking for quite a while now about chrooting info. I found out (almost) how to chroot a shell. But now I need to chroot the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429

    chroot gdm


    Hello all I have been looking for quite a while now about chrooting info.
    I found out (almost) how to chroot a shell. But now I need to chroot the user when he wants to login using GDM.
    So when the user logged in he enters First a Chroot Jail, then he enters IceWM and then he can do whatever he wants. Run Firefox, Run OOo, Run Thunderbird, Run whatever he wants.
    Though the current script I have to chrootjail a users shell doesnt run if its not in a tty (that is what the Xsession Error Log says).
    Well, anyone an good idea? Maybe some documents about my problem?
    Its just VERY important that the users cant figureout that they arnt alone.
    And the Security is Very imporant aswell. (duh)
    Maybe it helps knowing people connect to this pc with a VNC Client that is written in Java. (Orginal by Tight VNC and I modded it)

    Edit:
    I have been doing research in the meanwhile..
    I found a couple of things:
    Code:
    http://www.debian.org/doc/manuals/reference/ch-tips.en.html#s-chroot
    http://gentoo-wiki.com/HOWTO_startx_in_a_chroot
    But well they arnt for my Distro (I know 98% chance that it still works)..
    And well at both situations He also has to load x.. With me it is already loaded.
    Well, I am working on installing a Fedora Dummy pc to test it out.. (Yea I run Fedora atm)
    And, well if someone else finds something.. Please let me know.

    Edit2:
    After doing more and more research I have figured out how to do it in an inefficient way.
    Install YUM and RPM on each account and then install the entire system for each user..
    This takes WAY to much drive space since I only have 10 Gig and well I want to add atleast 4 users with a Gig Space each.
    So can I link the programs? ln -s/h? (How does this work?)

    After trying for a while(Edit 3):
    I tryed link() and ln.
    Soft and Hard link.
    Both dont work.
    The hardlink says: "Cross Device" what is bull.. since its on the same HD.. But I think he ments other Partition.
    And the Softlink links but when I try to access the file it says: "Too many softlinks". And that doesnt make sence either since that meens that there are more links to that file or something like that right???

    How to do it Dirty(Edit 4):
    I made it!! ^^ Its working.
    But I am doing it in the Dirty way.
    I just do
    Code:
    mount -r -o bind
    with nearly all the dirs.
    The big problem with that is.. A normal user is jailed.. BUT can go in the entire system.
    Its dirty and not secure.. SO how can I link only the files to user needs in the jail?
    My answer, Linking.. How to make that work?

    I really need this.. And why is this SO hard.. -.-'
    I guess I look over something all the time..
    (And why can I escape from the jail with exit..? Only root can do that right?)
    Last edited by RobinVossen; 10-01-2007 at 12:39 PM. Reason: First: More Research done.. Second: Even MORE research done..
    New Users, please read this..
    Google first, then ask..

  2. #2
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Victory ^^
    I slayed the problem.
    But now I got another one.
    I can login.. No problem..
    BUT... I still have a shell problem.
    The Shell that x11 runs on crashes..
    So, well the Shell I build is:
    Code:
    if [ "$1" =  "-c"]
    then
    i=0
    PARAMETERS=""
    do <He crashes as this part.. The error is unexpected token `do'
    if [ $i -gt 0 ]
    then
    PARAMETERS=$PARAMETERS $parameter
    fi
    let i++
    done
    sudo /usr/sbin/chroot /home/$USER /bin/su - $USER -c $PARAMETERS
    else
    sudo /usr/sbin/chroot /home/$USER /bin/su - $USER
    fi
    Edit:
    Ok, well I changed it to just to sudo line for testing.
    And well, now it says that sudo can only run in tty.
    So, well does that mean that I have a serious problem and that I have to do this way diffrent?

    Edit 2:
    I tryed Jailkit - chroot jail utilities but that isnt what I am looking for...
    I still cant login.. :/
    Last edited by RobinVossen; 10-03-2007 at 01:58 PM. Reason: Extra Foundings.
    New Users, please read this..
    Google first, then ask..

  3. #3
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Ok, lets try this the entire way around.
    Can this be done just when a program starts. So that a user can still only just edit his own files. And open the Programs he is allowed to.
    Ok, first we try it with a shellscript:
    Code:
    ooffice
    chroot /home/files_allowed_to_edit
    Ok, that doesnt work.. lets try it another way..
    Code:
    chroot /home/files_allowed_to_edit
    ooffice
    Doesnt work either.
    Ok well lets put ooffice in the chrootjail

    Well that should work.
    Maybe someone has a better idea?
    I am tinkering on this at the moment. I post all my results asap..

    Edit:
    Note:
    Code:
    Maybe chroot cant be used out of the Console... 
    If so I am scr**wed and I have to find another way to do this..
    Lets not give up till I know for sure..
    (chroot + X11 != Possible)?
    But,.. X11 is still running on Console Right?
    In Linux its when you put it in Layers like this right:
    - Hardware
    - Kernel
    - Console
    - X11
    - IceWM
    - OpenOffice?
    Does somebody know that?

    Edit2:
    Well, I tryed to chrootfirst and then run OOffice.
    I included everything in the chrootjail. Just to know for sure that it works.
    And I got this error: Fatal: no entropy gathering module detected to fix this I need to add stuff to the kernel I guess.. Since it has something about Modules.
    Lets find out what the problem is. I post more when I know more..

    Edit3:
    After trying abit more.. Firefox runs!! As does xpdf..
    So only ooffice is a b*tch in this.. Though I havnt looked into the module error what so ever.
    I really hope I get this done before my holiday.. ^^

    Edit4:
    VICTORY ^^ Another Mile has been run. The error was that it doesnt have the Random Pool. So well now it does..
    /dev/random..
    Ok, now I need to make this run in a Smaller Jail. I know I can do this.. (Since Samantha told me)
    Well, I post all the new stuff that happens.. ^^

    (I remember why I love linux ^^ its giving you so much adrenaline when you are getting something working =D)

    Edit5:
    What is the minimal needed files for a user to run?
    I am looking into that now..

    Edit6:
    Well, ok I think I am almost stuck again.. :o
    The problem is. The Jail works.
    The programs works.
    They boot.. and... dont show in x.. but in there own little world..
    How can I make them show/pop-up in X11?
    The Script that I run to get the chroot is:
    Code:
    sudo /bin/mount -r -o bind /lib /home/$USER/lib
    sudo /bin/mount -r -o bind /dev /home/$USER/dev
    sudo /bin/mount -r -o bind /bin /home/$USER/bin
    sudo /bin/mount -r -o bind /usr /home/$USER/usr
    sudo /bin/mount -o bind /tmp /home/$USER/tmp
    sudo /bin/ln -s /etc/passwd /home/$USER/etc/passwd
    sudo /usr/sbin/chroot  /home/$USER
    I know this jail is still way to big.
    But, its shrinking
    Can anyone help me out here? Devils maybe? Moe? Or Redman?

    Edit7:
    Ok, well I start breaking my head again.. Its been at least 2 hours that I have been looking at this..
    So, well ok I have tryed a couple of things. It just simply doenst work.
    I really think I cant solve the end mystery myself.. =(
    Id hate to ask this.. but Please help..

    Edit8:
    I made a Video about the problem
    well if you want to help me I can send it.
    For some reason it doesnt upload at YouTube.. :S
    but ok.. Well I am still stuck.. and I have been working on it for another WORK day...
    Last edited by RobinVossen; 10-05-2007 at 02:11 PM. Reason: Edit: Research
    New Users, please read this..
    Google first, then ask..

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •