[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jailkit-users] Re: Jailkit-users Digest, Vol 18, Issue 8
From: |
Lisandro Beltramino |
Subject: |
[Jailkit-users] Re: Jailkit-users Digest, Vol 18, Issue 8 |
Date: |
Mon, 12 Mar 2007 15:24:23 -0300 |
Hi
You don't need to use a symlink, use the mknod command to make a new
node in /dev instead. Google for it, but I think you have to do
something like...
# mknod /home/jail/dev/null c 1 3
# chmod 666 /home/jail/dev/null
as root, and suposing that the jail you are talking about is located in
/home/jail
Cordiales saludos,
Lisandro.-
El lun, 12-03-2007 a las 13:02 -0400, address@hidden
escribió:
> Send Jailkit-users mailing list submissions to
> address@hidden
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.nongnu.org/mailman/listinfo/jailkit-users
> or, via email, send a message with subject or body 'help' to
> address@hidden
>
> You can reach the person managing the list at
> address@hidden
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Jailkit-users digest..."
> Today's Topics:
>
> 1. RE: SFTP Jail closes connection after login (James McGowan)
> 2. RE: How to launch a xterm into the jail (FOUCHECOURT FREDERIC)
> 3. RE: SFTP Jail closes connection after login (FOUCHECOURT FREDERIC)
> 4. RE: SFTP Jail closes connection after login (Olivier Sessink)
> mensaje de correo electrónico adjunto
> > --------- Mensaje reenviado --------
> > De: James McGowan <address@hidden>
> > Responder a: address@hidden
> > Para: address@hidden
> > Asunto: RE: [Jailkit-users] SFTP Jail closes connection after login
> > Fecha: Sun, 11 Mar 2007 22:40:41 -0700
> >
> > I added a symlink in /home/jail/dev to /dev/null and it works. I realize
> > this may present security issues, so I've since disabled it and will patch
> > from CVS. On behalf of 64-bit SuSE 9 users everywhere, thank you!
> >
> > james
> >
> > -----Original Message-----
> > From: address@hidden
> > [mailto:address@hidden On
> > Behalf Of Ari Karhu
> > Sent: Tuesday, March 06, 2007 3:48 AM
> > To: address@hidden
> > Subject: Re: [Jailkit-users] SFTP Jail closes connection after login
> >
> > Hi,
> >
> > Thanks for your reply! The /dev/null suggestion that was in the other mail
> > seems to taken care of my problem. I just created a /dev/null node with
> > enough permissions and now I can use both SFTP and SCP.
> >
> > // Ari
> >
> > Olivier Sessink wrote:
> > > Ari Karhu wrote:
> > >> Tried to read old mails, but I'm still not able to make the system work.
> > >> Idea is to provide only sftp/scp access to a user. My os uses
> > >> syslog-ng for logging so I'm not using jk_socketd. The syslog-ng is
> > >> configured to create a /dev/log into the jail.
> > >>
> > >> The system log looks like this when logging in with sftp:
> > >> -----
> > >> Mar 5 16:25:01 crapbox sshd[7429]: Accepted keyboard-interactive/pam
> > >> for test from xxx.xxx.xxx.xxx port 57361 ssh2 Mar 5 16:25:01 crapbox
> > >> sshd(pam_unix)[7434]: session opened for user test by (uid=0) Mar 5
> > >> 16:25:01 crapbox sshd[7434]: subsystem request for sftp Mar 5
> > >> 16:25:01 crapbox jk_chrootsh[7435]: now entering jail /var/www/test
> > >> for user test (1001) Mar 5 14:25:01 crapbox jk_lsh[7435]: jk_lsh
> > >> version 2.3, started Mar 5 14:25:01 crapbox jk_lsh[7435]: executing
> > >> command '/usr/lib/misc/sftp-server' for user test (1001) Mar 5
> > >> 16:25:01 crapbox sshd(pam_unix)[7434]: session closed for user test
> > >
> > > this looks 100% good, it seems to be the sftp-server process that
> > > closes the connection.. If jk_lsh fails to execute sftp-server it
> > > would log something like "WARNING: running /usr/lib/misc/sftp-server
> > > failed for user test (1001): Permission denied", but it doesn't, so I
> > > assume sftp-server is started correctly.
> > >
> > > which sftp client are you using?
> > >
> > >> /var/www/test/etc/jailkit/jk_lsh.ini:
> > >> [test]
> > >> paths= /usr/bin, /usr/lib/misc
> > >> executables= /usr/bin/scp, /usr/lib/misc/sftp-server
> > >> allow_word_expansion = 0
> > >
> > > since you allow scp as well, can you copy files by scp to account 'test'?
> > >
> > > regards,
> > > Olivier
> > >
> >
> >
> >
> >
> >
> mensaje de correo electrónico adjunto
> > --------- Mensaje reenviado --------
> > De: FOUCHECOURT FREDERIC <address@hidden>
> > Responder a: address@hidden
> > Para: address@hidden
> > Asunto: RE: [Jailkit-users] How to launch a xterm into the jail
> > Fecha: Mon, 12 Mar 2007 09:58:46 +0100
> >
> > Yes of course :-)
> >
> > /home/jail/dev:
> > srw-rw-rw- 1 root root 0 Mar 6 16:51 log
> > drwxr-xr-x 2 root root 4096 Mar 7 14:39 pts
> > crw-rw-rw- 1 root root 5, 0 Mar 7 14:40 tty
> > crw-rw---- 1 root root 4, 0 Mar 5 10:35 tty0
> > crw------- 1 root root 4, 4 Mar 5 10:36 tty4
> > cr--r--r-- 1 root root 1, 9 Mar 5 10:35 urandom
> >
> > /home/jail/dev/pts:
> > crw------- 1 root root 136, 0 Mar 7 14:39 0
> > crw------- 1 root root 136, 1 Mar 7 14:38 1
> >
> > Regards, Fred
> >
> > -----Original Message-----
> > From:
> > address@hidden
> > [mailto:address@hidden
> > gnu.org] On Behalf Of Olivier Sessink
> > Sent: 09 March 2007 17:50
> > To: address@hidden
> > Subject: Re: [Jailkit-users] How to launch a xterm into the jail
> >
> > FOUCHECOURT FREDERIC wrote:
> > > Thanks for your response Olivier
> > >
> > > I have try your command and it seems better, but now I have the
> > > following error message :
> > > address@hidden ~]$ echo $DISPLAY
> > > localhost:11.0
> > > address@hidden ~]$ xterm&
> > > [1] 23292
> > > address@hidden ~]$ Warning: locale not supported by Xlib, locale set to
> > > C
> > > Warning: X locale modifiers not supported, using default
> > > xterm: Error 32, errno 2: No such file or directory
> > > Reason: get_pty: not enough ptys
> >
> >
> > can you post `ls -l <jail>/dev/` ?
> >
> > regards,
> > Olivier
> >
> >
> > _______________________________________________
> > Jailkit-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/jailkit-users
> >
> >
> >
> mensaje de correo electrónico adjunto
> > --------- Mensaje reenviado --------
> > De: FOUCHECOURT FREDERIC <address@hidden>
> > Responder a: address@hidden
> > Para: address@hidden
> > Asunto: RE: [Jailkit-users] SFTP Jail closes connection after login
> > Fecha: Mon, 12 Mar 2007 10:12:09 +0100
> >
> > Hi,
> >
> > I'am a newby user of the jailkit, so ...
> >
> > I just see in the file /etc/jailkit/jk_init.ini that scp and sftp
> > section are described like this :
> >
> > [scp]
> > comment = ssh secure copy
> > executables = /usr/bin/scp
> > includesections = netbasics, uidbasics
> > devices = /dev/urandom
> >
> > [sftp]
> > comment = ssh secure ftp
> > executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server,
> > /usr/lib/misc/sftp-server
> > includesections = netbasics, uidbasics
> > devices = /dev/urandom
> >
> > So, perhaps, it's better to add the symlink /dev/urandom in the
> > /home/jail/dev and not /dev/null ? (To be tested)
> >
> > Regards, Fred
> >
> > -----Original Message-----
> > From:
> > address@hidden
> > [mailto:address@hidden
> > gnu.org] On Behalf Of James McGowan
> > Sent: 12 March 2007 06:41
> > To: address@hidden
> > Subject: RE: [Jailkit-users] SFTP Jail closes connection after login
> >
> > I added a symlink in /home/jail/dev to /dev/null and it works. I realize
> > this may present security issues, so I've since disabled it and will
> > patch from CVS. On behalf of 64-bit SuSE 9 users everywhere, thank you!
> >
> > james
> >
> > -----Original Message-----
> > From: address@hidden
> > [mailto:address@hidden On
> > Behalf Of Ari Karhu
> > Sent: Tuesday, March 06, 2007 3:48 AM
> > To: address@hidden
> > Subject: Re: [Jailkit-users] SFTP Jail closes connection after login
> >
> > Hi,
> >
> > Thanks for your reply! The /dev/null suggestion that was in the other
> > mail seems to taken care of my problem. I just created a /dev/null node
> > with enough permissions and now I can use both SFTP and SCP.
> >
> > // Ari
> >
> > Olivier Sessink wrote:
> > > Ari Karhu wrote:
> > >> Tried to read old mails, but I'm still not able to make the system
> > work.
> > >> Idea is to provide only sftp/scp access to a user. My os uses
> > >> syslog-ng for logging so I'm not using jk_socketd. The syslog-ng is
> > >> configured to create a /dev/log into the jail.
> > >>
> > >> The system log looks like this when logging in with sftp:
> > >> -----
> > >> Mar 5 16:25:01 crapbox sshd[7429]: Accepted keyboard-interactive/pam
> >
> > >> for test from xxx.xxx.xxx.xxx port 57361 ssh2 Mar 5 16:25:01 crapbox
> > >> sshd(pam_unix)[7434]: session opened for user test by (uid=0) Mar 5
> > >> 16:25:01 crapbox sshd[7434]: subsystem request for sftp Mar 5
> > >> 16:25:01 crapbox jk_chrootsh[7435]: now entering jail /var/www/test
> > >> for user test (1001) Mar 5 14:25:01 crapbox jk_lsh[7435]: jk_lsh
> > >> version 2.3, started Mar 5 14:25:01 crapbox jk_lsh[7435]: executing
> > >> command '/usr/lib/misc/sftp-server' for user test (1001) Mar 5
> > >> 16:25:01 crapbox sshd(pam_unix)[7434]: session closed for user test
> > >
> > > this looks 100% good, it seems to be the sftp-server process that
> > > closes the connection.. If jk_lsh fails to execute sftp-server it
> > > would log something like "WARNING: running /usr/lib/misc/sftp-server
> > > failed for user test (1001): Permission denied", but it doesn't, so I
> > > assume sftp-server is started correctly.
> > >
> > > which sftp client are you using?
> > >
> > >> /var/www/test/etc/jailkit/jk_lsh.ini:
> > >> [test]
> > >> paths= /usr/bin, /usr/lib/misc
> > >> executables= /usr/bin/scp, /usr/lib/misc/sftp-server
> > >> allow_word_expansion = 0
> > >
> > > since you allow scp as well, can you copy files by scp to account
> > 'test'?
> > >
> > > regards,
> > > Olivier
> > >
> >
> >
> >
> >
> > _______________________________________________
> > Jailkit-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/jailkit-users
> >
> >
> >
> mensaje de correo electrónico adjunto
> > --------- Mensaje reenviado --------
> > De: Olivier Sessink <address@hidden>
> > Responder a: address@hidden
> > Para: address@hidden
> > Asunto: RE: [Jailkit-users] SFTP Jail closes connection after login
> > Fecha: Mon, 12 Mar 2007 13:59:45 +0100 (CET)
> >
> > > So, perhaps, it's better to add the symlink /dev/urandom in the
> > > /home/jail/dev and not /dev/null ? (To be tested)
> >
> > in cvs the device /dev/null is added to the sftp section
> >
> > regards,
> > Olivier
> >
> >
> >
> >
> >
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users
- [Jailkit-users] Re: Jailkit-users Digest, Vol 18, Issue 8,
Lisandro Beltramino <=