Hi Lynn! You were right. My setup is a bit more complicated (I store users in LDAP), but in the LDAP the homeDirectory attribute should be set to /home/chroot/home/theuser. The passwd file should contain the line you make with getent passwd|grep theuser (in this case, theuser's line is read from LDAP). So thanks, it works.
petya On Wed, 2006-11-29 at 12:38 -0500, Lynn Constantino wrote: > Mine our set to /path to chroot/home/theuser (this is a copy of /etc/passwd > after I added all my chroot users). If you have the rssh installation > document; under the user details section you see it says that the /etc/passwd > file should contain the path you want "theuser" to have. Sorry I should have > asked what the /etc/passwd file had, as the one in /path to chroot/etc/passwd > is not used to determine the users home directory. > > Hope this helps. > > Lynn C > > -----Original Message----- > From: petya [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 29, 2006 12:26 PM > To: Lynn Constantino > Cc: [email protected] > Subject: RE: chrooted home directory > > It's /home/theuser. > > petya > > On Wed, 2006-11-29 at 07:13 -0500, Lynn Constantino wrote: > > What is the user's path for the home directory in /home/chroot/etc/passwd > > file? > > > > Lynn C > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of petya > > Sent: Tuesday, November 28, 2006 5:47 PM > > To: James Shewey > > Cc: [email protected] > > Subject: Re: chrooted home directory > > > > Yes, chrooted ls and cd works, so theuser can chdir to it's home > > directory after login. Here is my rssh.conf: > > > > logfacility = LOG_USER > > allowscp > > allowsftp > > allowrsync > > umask = 022 > > chrootpath = /home/chroot > > > > petya > > > > On Tue, 2006-11-28 at 14:35 -0800, James Shewey wrote: > > > Right but if ls or cd is not working inside the chroot then rssh will > > > not be able to a) detect /home/theuser or b) cd into it. I know you > > > are sucessfully chrooting (eg /home/chroot/ becomes /) but once you > > > have chrooted does ls and cd work? > > > > > > On 11/28/06, petya <[EMAIL PROTECTED]> wrote: > > > Yes, it is dropping me to /home/chroot, which is / for > > > theuser, it can > > > cd to it's home directory. But I want rssh to cd /home/theuser > > > in the > > > chroot, when theuser logs in. This should be the normal > > > behavior > > > according to the error message in the log. > > > > > > petya > > > > > > On Tue, 2006-11-28 at 14:14 -0800, James Shewey wrote: > > > > if you ssh in using rssh, after it errors out it dumps you > > > > into /home/chroot correct? So if you ssh in and type ls, > > > what > > > > happens? if this works, try cd-ing into the directory. > > > > > > > > On 11/28/06, petya <[EMAIL PROTECTED]> wrote: > > > > Hi! > > > > > > > > It didn't help, same thing. I have tried this > > > earlier. > > > > > > > > petya > > > > > > > > On Tue, 2006-11-28 at 13:59 -0800, James Shewey > > > wrote: > > > > > try chmod a+rwx /home/theuser > > > > > > > > > > On 11/28/06, petya <[EMAIL PROTECTED]> wrote: > > > > > Hi everbody! > > > > > > > > > > I have a problem with chrooted sftp. When > > > theuser > > > > logs in, it > > > > > doesn't > > > > > find itself in it's home directory, but in > > > the > > > > chrooted /. The > > > > > log says: > > > > > > > > > > Nov 28 22:35:13 xxx rssh[23496]: setting > > > umask to > > > > 022 > > > > > Nov 28 22:35:13 xxx rssh[23496]: chrooting > > > all users > > > > > to /home/chroot > > > > > Nov 28 22:35:13 xxx rssh[23496]: chroot > > > cmd > > > > > line: /usr/lib/rssh/rssh_chroot_helper 2 > > > > > "/usr/lib/openssh/sftp-server" > > > > > Nov 28 22:35:13 xxx > > > rssh_chroot_helper[23496]: new > > > > session for > > > > > theuser, > > > > > UID=10009 > > > > > Nov 28 22:35:13 xxx > > > rssh_chroot_helper[23496]: > > > > user's home dir > > > > > is /home/theuser > > > > > Nov 28 22:35:13 xxx > > > rssh_chroot_helper[23496]: > > > > couldn't > > > > > find /home/theuser in chroot jail > > > > > Nov 28 22:35:13 xxx > > > rssh_chroot_helper[23496]: > > > > chrooted > > > > > to /home/chroot > > > > > Nov 28 22:35:13 xxx > > > rssh_chroot_helper[23496]: > > > > changing > > > > > working > > > > > directory to / (inside jail) > > > > > > > > > > However, theuser's home is there: > > > > > # pwd > > > > > /home/chroot/home > > > > > > > > > > # ls -la|grep theuser > > > > > drwx------+ 4 theuser users 4096 > > > 2006-11-02 > > > > 09:55 > > > > > theuser > > > > > > > > > > What am I doing wrong? > > > > > > > > > > petya > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------- > > > > > Take Surveys. Earn Cash. Influence the > > > Future of IT > > > > > Join SourceForge.net's Techsay panel and > > > you'll get > > > > the chance > > > > > to share your > > > > > opinions on IT & business topics through > > > brief > > > > surveys - and > > > > > earn cash > > > > > > > > > > > > > > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > > > > > > > _______________________________________________ > > > > > rssh-discuss mailing list > > > > > [email protected] > > > > > > > > > > > > https://lists.sourceforge.net/lists/listinfo/rssh-discuss > > > > > > > > > > > > > > > > > > > > -- > > > > > On 5/17/6, a spammer known as PharmaMaster (PM) > > > attacked > > > > Blue Security > > > > > (BS). > > > > > > > > > > Using a program called Blue Frog, BS created a > > > distributed > > > > network of > > > > > over ½ mil users who would automatically send opt > > > out > > > > requests to > > > > > spammers' clients. This was so effective that PM > > > declared > > > > that BS > > > > > "found the right solution to stop spam, and I > > > can't let > > > > this > > > > > continue." PM then DDoSd BS, endangered the net by > > > hacking a > > > > major > > > > > router on the net's backbone to block BS' webpage > > > and > > > > finally attacked > > > > > typepad, where BS had just surrendered 30 min > > > earlier. This > > > > attack > > > > > caused about 2000 servers to go down including > > > typepad and > > > > > livejournal.While BS gave up because they felt > > > this would > > > > "prevent a > > > > > full-scale cyber-war that we just don't have the > > > authority > > > > to start" > > > > > The community disagreed and started a Blue Frog > > > clone called > > > > okopipi > > > > > which will prevents DDOS attacks by using > > > decentralization. > > > > > > > > > > With your help we can fight back against PM and > > > his spam > > > > mafia. Please > > > > > join at okopipi.org and help take back our > > > internet. > > > > > > > > > > > > > > > > > > > > -- > > > > On 5/17/6, a spammer known as PharmaMaster (PM) attacked > > > Blue Security > > > > (BS). > > > > > > > > Using a program called Blue Frog, BS created a distributed > > > network of > > > > over ½ mil users who would automatically send opt out > > > requests to > > > > spammers' clients. This was so effective that PM declared > > > that BS > > > > "found the right solution to stop spam, and I can't let this > > > > continue." PM then DDoSd BS, endangered the net by hacking a > > > major > > > > router on the net's backbone to block BS' webpage and > > > finally attacked > > > > typepad, where BS had just surrendered 30 min earlier. This > > > attack > > > > caused about 2000 servers to go down including typepad and > > > > livejournal.While BS gave up because they felt this would > > > "prevent a > > > > full-scale cyber-war that we just don't have the authority > > > to start" > > > > The community disagreed and started a Blue Frog clone called > > > okopipi > > > > which will prevents DDOS attacks by using decentralization. > > > > > > > > With your help we can fight back against PM and his spam > > > mafia. Please > > > > join at okopipi.org and help take back our internet. > > > > > > > > > > > > > > > -- > > > On 5/17/6, a spammer known as PharmaMaster (PM) attacked Blue Security > > > (BS). > > > > > > Using a program called Blue Frog, BS created a distributed network of > > > over ½ mil users who would automatically send opt out requests to > > > spammers' clients. This was so effective that PM declared that BS > > > "found the right solution to stop spam, and I can't let this > > > continue." PM then DDoSd BS, endangered the net by hacking a major > > > router on the net's backbone to block BS' webpage and finally attacked > > > typepad, where BS had just surrendered 30 min earlier. This attack > > > caused about 2000 servers to go down including typepad and > > > livejournal.While BS gave up because they felt this would "prevent a > > > full-scale cyber-war that we just don't have the authority to start" > > > The community disagreed and started a Blue Frog clone called okopipi > > > which will prevents DDOS attacks by using decentralization. > > > > > > With your help we can fight back against PM and his spam mafia. Please > > > join at okopipi.org and help take back our internet. > > > > > > ------------------------------------------------------------------------- > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net's Techsay panel and you'll get the chance to share your > > opinions on IT & business topics through brief surveys - and earn cash > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > _______________________________________________ > > rssh-discuss mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/rssh-discuss > > > > -- > > No virus found in this incoming message. > > Checked by AVG. > > Version: 7.5.431 / Virus Database: 268.14.19/556 - Release Date: 11/28/2006 > > 3:22 PM > > > > > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ rssh-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rssh-discuss
