Package: libpam-chroot Version: 0.9-3 Debian Version: lenny Hello!
According to the german tutorial "Anleitung zum Absichern von Debian" I had set up a server containing logins and homes for an amount of more then 300 users. The users are able to login via ssh. Every user has his own changeroot environment. To realize this, I am using libpam_chroot. A single changeroot directory is used as a "master changeroot directory" and and all (system) files in each users change-root environment, excluding the user's own data, are hard links to the files in this “master environment”. The (master) change-root environment has a static /dev directory and it is not necessary to mount any additional file-system. I made this configuration debian sarge, the update to debian etch made no problem and etch still is running actually. But now it's time to update to debian lenny. If I investigated correctly, two huge changings are necessary to make the changeroots work in lenny: 1) The /proc – file system must be mounted into every changeroot-user directory. Otherwise, ssh-logins are interrupted with the message: Connection reset by peer Connection to <server-ip> closed. 2) The same must be done with /dev/pts. Otherwise, the ssh-login freezes after the authentication while the message “PTY allocation request failed on channel 0”. This means, that /proc and /dev/pts must be mounted into every single one of the 300 (and still growing amount of) chroot-environments for my users. Is this intended, is it a bug or is it not longer recommended to use a changeroot environment for each user? Regards Matthias Faulstich -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
