Sent from my iPhone
On Dec 23, 2011, at 8:28 PM, Antonio Olivares wrote:
> Dear folks,
>
> I am trying to build a simple livecd to learn more. I have
> successfully run some commands found here:
>
> http://www.secure-computing.net/wiki/index.php/FreeBSD/LiveCD
>
> # cd /usr/src
> # make bu
On Sat, Dec 24, 2011 at 7:03 AM, Da Rock
wrote:
> On 12/24/11 22:57, Antonio Olivares wrote:
>>>
>>> I'll ask a stupid question, and you're more than welcome to give a stupid
>>> answer: Is /bin/csh actually _in_ your chroot?
>>>
>>> So csh should be this path: /usr/home/olivares/tmp/tmp/R/bin/csh
> I'll ask a stupid question, and you're more than welcome to give a stupid
> answer: Is /bin/csh actually _in_ your chroot?
>
> So csh should be this path: /usr/home/olivares/tmp/tmp/R/bin/csh
>
> HTH
> ___
> freebsd-questions@freebsd.org mailing list
>
On 12/24/11 22:57, Antonio Olivares wrote:
I'll ask a stupid question, and you're more than welcome to give a stupid
answer: Is /bin/csh actually _in_ your chroot?
So csh should be this path: /usr/home/olivares/tmp/tmp/R/bin/csh
HTH
___
freebsd-questi
On 12/24/11 14:28, Antonio Olivares wrote:
Dear folks,
I am trying to build a simple livecd to learn more. I have
successfully run some commands found here:
http://www.secure-computing.net/wiki/index.php/FreeBSD/LiveCD
# cd /usr/src
# make buildworld DESTDIR=/usr/home/olivares/tmp/tmp/R/
# ma
On Tue, May 25, 2010 11:23 pm, Balázs Mátéffy wrote:
> Hello,
>
>
> Try /usr/ports/shells/scponly .
>
> Look up the features, this way you can assign the restrictive scponly
> shell
> to the users:
>
> http://sublimation.org/scponly/wiki/index.php/Main_Page
Thanks,
I have used this before on linu
On Tue, May 25, 2010 11:05 pm, Matthew Seaman wrote:
> Checkout the security/openssh-portable port which has options to enable
> chroot'ing. You should be able to configure the account to only be able
> to use scp(1) or sftp(1) by editing sshd_config or by using forced
> commands in the user auth
Hello,
Try /usr/ports/shells/scponly .
Look up the features, this way you can assign the restrictive scponly shell
to the users:
http://sublimation.org/scponly/wiki/index.php/Main_Page
Best Regards:
Balázs Mátéffy
On 26 May 2010 00:05, Matthew Seaman wrote:
> -BEGIN PGP SIGNED MESSAGE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25/05/2010 22:29:57, Matthew Law wrote:
>
> I want to provide some users with secure network attached storage over
> SCP. The intent is to provide people with a similar thing to, e.g.
> rsync.net but inside of our network only.
>
> Security is ob
2010/1/9 Vadkan Jozsef
> Hi.
>
> What kind of chroot should I use, if I want to make a more secured
> desktop, running e.g.:
>
> pdf reader
> webbrowser
> audio player
> video player
> openoffice
> picture viewer
> mua
> ooo
> virtualbox
>
> e.g.: if theres a javascript vulnerability in google ch
2009/12/27 Marwan Sultan
>
> Dear Krad,
> Thank you for your reply, regarding your answer, i have few questions here
>
> 1-
> in sshd_config file the default line is :
> Subsystem sftp/usr/libexec/sftp-server
>
> So should i comment out the line? or just add your line ?
> Subsystem
2009/12/28 Tijl Coosemans
> On Sunday 27 December 2009 18:16:47 krad wrote:
> > fairly easy if you read the man page 8) I wrote this howto for sun
> > boxes at work but it was using openssh so same rules should apply.
> > Make sure chroot support was compiled in though
> >
> >1. Dont bother w
On Sunday 27 December 2009 18:16:47 krad wrote:
> fairly easy if you read the man page 8) I wrote this howto for sun
> boxes at work but it was using openssh so same rules should apply.
> Make sure chroot support was compiled in though
>
>1. Dont bother with sun ssh it wont work. Opensolaris a
Dear Krad,
Thank you for your reply, regarding your answer, i have few questions here
1-
in sshd_config file the default line is :
Subsystem sftp/usr/libexec/sftp-server
So should i comment out the line? or just add your line ?
Subsystem sftp internal-sftp
2- the SS
2009/12/27 Marwan Sultan
>
> Hello people,
>
>
>
> Im on FreeBSD 7.2-R P5
>
>
>
> Its easy to chroot ftp users - adding users to /etc/ftpchroot -makes the
> job easy.
>
>
>
> How about if I want to chroot the SSH users (not ftp)
>
> any easy way? no need for jail installation or anything like
Thanks, I think this is the solution for the sftp connections using jail/chroot
mechanism.
Derek Ragona wrote:
> At 11:20 AM 4/11/2007, Thiago Esteves de Oliveira wrote:
>>Thanks for the suggestion. I intend to study about this possible solution
>>but to save time I'd
>>like to ask you some quest
At 11:20 AM 4/11/2007, Thiago Esteves de Oliveira wrote:
Thanks for the suggestion. I intend to study about this possible solution
but to save time I'd
like to ask you some questions.
With this software, can I control which accounts "from the unix passwd
file" will be able to log in?
Yes jus
Thanks for the suggestion. I intend to study about this possible solution but
to save time I'd
like to ask you some questions.
With this software, can I control which accounts "from the unix passwd file"
will be able to log in?
If there is a symbolic link in the home directory(jail/chroot) that
At 10:28 AM 4/10/2007, Thiago Esteves de Oliveira wrote:
Hello,
I want to use the chroot/jail mechanism in user's ssh and sftp
connections. I've read some
tutorials and possible solutions to jail/chroot the users into their own
home directories. One is
to install the openssh-portable(with chro
On Wed, Dec 27, 2006 at 10:16:31AM +0100, VeeJay wrote:
> Hi
>
> I have made partations on my web server like at very outer edges of the
> disks,
>
> I have /, then /var, /tmp, /usr and in the end /home.
>
> Since I read that Data modified & used often should be placed at close to
> outer edges
On Thu, Dec 15, 2005 at 07:18:11PM +, Dieter wrote:
> How does one provide one or two devices, e.g. /dev/null
> for a chroot environment?
>
> Device nodes created by mknod do not work.
>
> mount_devfs creates an entire device tree, negating
> the security of the chroot.
See the jail manpage
I have a very similar setup with bind run inside a chroot jail. I
experience a similar problem if I set up named to use /var/run/log. I
commected it out and put "syslog daemon" in its place and it works like a
champ. Sadly, I've not found the time to spend figuring out why it
doesn't work otherw
How very interesting...
For a start, you can't copy devices with "cp"--you need something
smarter like "tar", "cpio", ... Pretty much anything that could
be used for backups should understand the niceties of copying a
device. As an alternative you could use "mknod" to create them.
Here is how to
On Thu, Jul 18, 2002 at 10:22:59PM -0400, Michael Sharp wrote:
> I installed ( or so I thought ) a chroot env last night and ran into some
> difficulties. Could someone very familiar with openssh/chroot glance
> over http://probsd.ws/chroot.txt and tell me what I did wrong please?
>
> chroot.tx
On Sat, Jun 12, 2004 at 12:53:41PM +0100, Robert Downes wrote:
> Questions (for the old and wise):
> So, are there any FreeBSD-internals masters who can answer the following:
>
>1) What happens if named is broken with neither chroot nor jail,
> assuming named is running as user and group bin
- Original Message -
From: "Kris Kennaway" <[EMAIL PROTECTED]>
To: "Mark" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, April 01, 2004 10:47 AM
Subject: Re: chroot or jail?
> > Hello,
>
> > I am setting up a new Apache
On Thu, Apr 01, 2004 at 08:02:04AM +, Mark wrote:
> Hello,
>
> I am setting up a new Apache 1.3.29; and I was wondering, should I use jail
> or chroot to secure it? I know root can potentially break out of chroot. But
> what about jail? (FreeBSD 4.9R-p3). Can you break out of a jail?
No [1],
On Sat, 6 Dec 2003 13:18:13 -0800
"Nick Twaddell" <[EMAIL PROTECTED]> wrote:
> I am trying to setup a chroot environment for some users. I rebuilt the
> environment inside their userdir, copied all the appropriate binaries, libs,
> etc. The part I am stumped on, is how do you make it so their acc
If you've already built the environment, you're halfway to having a
jail(8) - this extends chroot(8) by creating a private process tree and
network interface. You can run an entire system inside a jail, including
sshd(8) to accept logins.
For ftp logins, ftpd(8) has builtin support for chrooting c
On Fri, Nov 14, 2003 at 10:38:39AM +0530, Sunil Sunder Raj typed:
> Hi,
> proftp is the best bet. It locks the user in his home directory not allowng
> him to go below his home directory.
Why install a port when the base system ftpd can do the same thing? All
you need to do is put the users you
Hi,
proftp is the best bet. It locks the user in his home directory not allowng
him to go below his home directory.
Regards
SSR
From: "Shawn Guillemette" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: chroot users
Date: Thu, 13 Nov 2003 16:45:58 -0800
I want to chroot users to there home d
In the immortal words of "Shawn Guillemette" <[EMAIL PROTECTED]>...
> I want to chroot users to there home directories so that I can allow
> them to use FTP and not worry about someone going lower then there
> home dir..
The default ftpd in FreeBSD works nicely, try looking in:
man ftpchroot
Ch
On Thu, 13 Nov 2003, Shawn Guillemette wrote:
> I want to chroot users to there home directories so that I can allow them to use FTP
> and not worry about someone going lower then there home dir..
>
Hi,
If you are using Proftpd add "DefaultRoot" or try changing their home
directory to
/home/./u
On Fri, Oct 03, 2003 at 11:45:47AM -0400, Your Name wrote:
> Can you teach me what is the different between
> chroot and su user
Even a cursory glance at the chroot(8) and su(1) man pages will answer
this. 'chroot' is "change root directory": that is confine a process
and all of it's children t
On Wed, Jul 30, 2003 at 12:08:17PM -0400, Jason Lieurance wrote:
> Hello,
>
> I know I'm not doing this right. I want to have a user who uses windows xp
> login to my freebsd 4.7 server with winscp and just have access(chroot) to
> the home directory I specify for them. I tried it like so:
>
> /e
Steve Warwick <[EMAIL PROTECTED]> writes:
> I have been looking through the docs to see how I can chroot SSH sessions in
> the same way as FTP (using proftp). ie when a user logs in they can only
> play in their home directory.
>
> Is it possible?
Sure. man chroot(8). or jail(8).
To Unsubscri
On Sat, Oct 05, 2002 at 07:57:18PM -0500, Joseph Davida wrote:
> Any ideas why I am getting:
>
> $ chroot /usr/compat/linux /bin/sh
> chroot: /usr/compat/linux: Operation not permitted
>
> I am Using FreeBSD 4.6.2-RELEASE.
You can only chroot as the superuser.
Kris
msg04056/pgp0.pgp
Des
On Sat, Oct 05, 2002 at 07:57:18PM -0500, Joseph Davida wrote:
> Any ideas why I am getting:
>
> $ chroot /usr/compat/linux /bin/sh
> chroot: /usr/compat/linux: Operation not permitted
>
> I am Using FreeBSD 4.6.2-RELEASE.
>
>
> Cheers,
>
> Joe
>
Permissions issue perhaps? What happens if
rbash is the best option.
I was quite succecful with it
- Original Message -
From: "Gerard Samuel" <[EMAIL PROTECTED]>
To: "Brossin Pierrick" <[EMAIL PROTECTED]>
Cc: "FreeBSD Questions" <[EMAIL PROTECTED]>
Sent: Tuesday, September 24, 2002
[ snip ]
> With these modifications, I can ssh into the account, but I can still
> "break root" by cd'ing out of the home directory.
Hrm, aren't you supposed to soft mount the home directory to a blank place,
e.g. mount /home/user /usr/local/chroots/user at which point "/" is
/usr/local/chroots/
|| Your first half made total sense, and I was able to lock the root
|| user in /home/developer when
|| chroot was executed.
|| Your second half however, is not clicking with me at the moment.
|| Here is what I did
|| 1. Under /home/developer/bin create a new file (my_sh) with this ->
|| #!/b
Well I figured out why my example below wouldn't work. So this is one
for the archive for others who may
try what I was doing...
chroot can only be executed by root, and the shell is executed by the
user logging in, thus a no go.
So the method of using chroot and or jail doesn't seem to make se
Your first half made total sense, and I was able to lock the root user
in /home/developer when
chroot was executed.
Your second half however, is not clicking with me at the moment. Here
is what I did
1. Under /home/developer/bin create a new file (my_sh) with this ->
#!/bin/sh
/home/develo
> On Tue, 2002-09-24 at 12:01, Gerard Samuel wrote:
> > Im trying to figure out how to restrict users from leaving their
> > home directories.
> > I would enter the new directory /usr/home/developer and issue the
> > chroot command ->
> >
> > hivemind# chroot /usr/home/developer
> > chroot: /bin/
Hi,
|| Im trying to figure out how to restrict users from leaving their home
|| directories.
|| I would enter the new directory /usr/home/developer and issue the
|| chroot command ->
|| hivemind# chroot /usr/home/developer
|| chroot: /bin/csh: No such file or directory
It's because a chrooted di
I'm interested in this as well. I now that the ftp daemon in OBSD will
chroot and that is nice when a user only have FTP access.
Thanks,
Jeff
On Tue, 2002-09-24 at 12:01, Gerard Samuel wrote:
> Im trying to figure out how to restrict users from leaving their home
> directories.
> I would ente
On Thu, Jul 18, 2002 at 10:22:59PM -0400, Michael Sharp wrote:
> I installed ( or so I thought ) a chroot env last night and ran into some
> difficulties. Could someone very familiar with openssh/chroot glance
> over http://probsd.ws/chroot.txt and tell me what I did wrong please?
>
> chroot.t
I haven't looked over what you've done all that thoroughly, but here's
some starters:
The first thing I would do is to turn up your server log level and have a
look at what it says. It's an option in the sshd config file.
I take it you didn't install 'su' in your chroot area. 'sh'?
You very
How very interesting...
For a start, you can't copy devices with "cp"--you need something
smarter like "tar", "cpio", ... Pretty much anything that could
be used for backups should understand the niceties of copying a
device. As an alternative you could use "mknod" to create them.
Here is how t
49 matches
Mail list logo
