[Jailkit-users] Re: Jailkit-users Digest, Vol 18, Issue 8

jailkit-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jailkit-users] Re: Jailkit-users Digest, Vol 18, Issue 8

From:	Lisandro Beltramino
Subject:	[Jailkit-users] Re: Jailkit-users Digest, Vol 18, Issue 8
Date:	Mon, 12 Mar 2007 15:24:23 -0300
Hi

You don't need to use a symlink, use the mknod command to make a new
node in /dev instead. Google for it, but I think you have to do
something like...

# mknod /home/jail/dev/null c 1 3
# chmod 666 /home/jail/dev/null

as root, and suposing that the jail you are talking about is located in
/home/jail

Cordiales saludos,
Lisandro.-


El lun, 12-03-2007 a las 13:02 -0400, address@hidden
escribió:
> Send Jailkit-users mailing list submissions to
>       address@hidden
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>       http://lists.nongnu.org/mailman/listinfo/jailkit-users
> or, via email, send a message with subject or body 'help' to
>       address@hidden
> 
> You can reach the person managing the list at
>       address@hidden
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Jailkit-users digest..."
> Today's Topics:
> 
>    1. RE: SFTP Jail closes connection after login (James McGowan)
>    2. RE: How to launch a xterm into the jail (FOUCHECOURT FREDERIC)
>    3. RE: SFTP Jail closes connection after login (FOUCHECOURT FREDERIC)
>    4. RE: SFTP Jail closes connection after login (Olivier Sessink)
> mensaje de correo electrónico adjunto
> > --------- Mensaje reenviado --------
> > De: James McGowan <address@hidden>
> > Responder a: address@hidden
> > Para: address@hidden
> > Asunto: RE: [Jailkit-users] SFTP Jail closes connection after login
> > Fecha: Sun, 11 Mar 2007 22:40:41 -0700
> > 
> > I added a symlink in /home/jail/dev to /dev/null and it works. I realize
> > this may present security issues, so I've since disabled it and will patch
> > from CVS. On behalf of 64-bit SuSE 9 users everywhere, thank you!
> > 
> > james
> > 
> > -----Original Message-----
> > From: address@hidden
> > [mailto:address@hidden On
> > Behalf Of Ari Karhu
> > Sent: Tuesday, March 06, 2007 3:48 AM
> > To: address@hidden
> > Subject: Re: [Jailkit-users] SFTP Jail closes connection after login
> > 
> > Hi,
> > 
> > Thanks for your reply! The /dev/null suggestion that was in the other mail
> > seems to taken care of my problem. I just created a /dev/null node with
> > enough permissions and now I can use both SFTP and SCP.
> > 
> > // Ari
> > 
> > Olivier Sessink wrote:
> > > Ari Karhu wrote:
> > >> Tried to read old mails, but I'm still not able to make the system work.
> > >> Idea is to provide only sftp/scp access to a user. My os uses 
> > >> syslog-ng for logging so I'm not using jk_socketd. The syslog-ng is 
> > >> configured to create a /dev/log into the jail.
> > >>
> > >> The system log looks like this when logging in with sftp:
> > >> -----
> > >> Mar  5 16:25:01 crapbox sshd[7429]: Accepted keyboard-interactive/pam 
> > >> for test from xxx.xxx.xxx.xxx port 57361 ssh2 Mar  5 16:25:01 crapbox 
> > >> sshd(pam_unix)[7434]: session opened for user test by (uid=0) Mar  5 
> > >> 16:25:01 crapbox sshd[7434]: subsystem request for sftp Mar  5 
> > >> 16:25:01 crapbox jk_chrootsh[7435]: now entering jail /var/www/test 
> > >> for user test (1001) Mar  5 14:25:01 crapbox jk_lsh[7435]: jk_lsh 
> > >> version 2.3, started Mar  5 14:25:01 crapbox jk_lsh[7435]: executing 
> > >> command '/usr/lib/misc/sftp-server' for user test (1001) Mar  5 
> > >> 16:25:01 crapbox sshd(pam_unix)[7434]: session closed for user test
> > > 
> > > this looks 100% good, it seems to be the sftp-server process that 
> > > closes the connection.. If jk_lsh fails to execute sftp-server it 
> > > would log something like "WARNING: running /usr/lib/misc/sftp-server 
> > > failed for user test (1001): Permission denied", but it doesn't, so I 
> > > assume sftp-server is started correctly.
> > > 
> > > which sftp client are you using?
> > > 
> > >> /var/www/test/etc/jailkit/jk_lsh.ini:
> > >> [test]
> > >> paths= /usr/bin, /usr/lib/misc
> > >> executables= /usr/bin/scp, /usr/lib/misc/sftp-server 
> > >> allow_word_expansion = 0
> > > 
> > > since you allow scp as well, can you copy files by scp to account 'test'?
> > > 
> > > regards,
> > >   Olivier
> > > 
> > 
> > 
> > 
> > 
> > 
> mensaje de correo electrónico adjunto
> > --------- Mensaje reenviado --------
> > De: FOUCHECOURT FREDERIC <address@hidden>
> > Responder a: address@hidden
> > Para: address@hidden
> > Asunto: RE: [Jailkit-users] How to launch a xterm into the jail
> > Fecha: Mon, 12 Mar 2007 09:58:46 +0100
> > 
> > Yes of course :-)
> > 
> > /home/jail/dev:
> > srw-rw-rw-  1 root root    0 Mar  6 16:51 log
> > drwxr-xr-x  2 root root 4096 Mar  7 14:39 pts
> > crw-rw-rw-  1 root root 5, 0 Mar  7 14:40 tty
> > crw-rw----  1 root root 4, 0 Mar  5 10:35 tty0
> > crw-------  1 root root 4, 4 Mar  5 10:36 tty4
> > cr--r--r--  1 root root 1, 9 Mar  5 10:35 urandom
> > 
> > /home/jail/dev/pts:
> > crw-------  1 root root 136, 0 Mar  7 14:39 0
> > crw-------  1 root root 136, 1 Mar  7 14:38 1 
> > 
> > Regards, Fred
> > 
> > -----Original Message-----
> > From:
> > address@hidden
> > [mailto:address@hidden
> > gnu.org] On Behalf Of Olivier Sessink
> > Sent: 09 March 2007 17:50
> > To: address@hidden
> > Subject: Re: [Jailkit-users] How to launch a xterm into the jail
> > 
> > FOUCHECOURT FREDERIC wrote:
> > > Thanks for your response Olivier
> > > 
> > > I have try your command and it seems better, but now I have the 
> > > following error message :
> > > address@hidden ~]$ echo $DISPLAY
> > > localhost:11.0
> > > address@hidden ~]$ xterm&
> > > [1] 23292
> > > address@hidden ~]$ Warning: locale not supported by Xlib, locale set to 
> > > C
> > > Warning: X locale modifiers not supported, using default
> > > xterm: Error 32, errno 2: No such file or directory
> > > Reason: get_pty: not enough ptys
> > 
> > 
> > can you post `ls -l <jail>/dev/` ?
> > 
> > regards,
> >     Olivier
> > 
> > 
> > _______________________________________________
> > Jailkit-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/jailkit-users
> > 
> > 
> > 
> mensaje de correo electrónico adjunto
> > --------- Mensaje reenviado --------
> > De: FOUCHECOURT FREDERIC <address@hidden>
> > Responder a: address@hidden
> > Para: address@hidden
> > Asunto: RE: [Jailkit-users] SFTP Jail closes connection after login
> > Fecha: Mon, 12 Mar 2007 10:12:09 +0100
> > 
> > Hi,
> > 
> > I'am a newby user of the jailkit, so ...
> > 
> > I just see in the file /etc/jailkit/jk_init.ini that scp and sftp
> > section are described like this :
> >  
> > [scp]
> > comment = ssh secure copy
> > executables = /usr/bin/scp
> > includesections = netbasics, uidbasics
> > devices = /dev/urandom
> > 
> > [sftp]
> > comment = ssh secure ftp
> > executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server,
> > /usr/lib/misc/sftp-server
> > includesections = netbasics, uidbasics
> > devices = /dev/urandom
> > 
> > So, perhaps, it's better to add the symlink /dev/urandom in the
> > /home/jail/dev and not /dev/null ? (To be tested)
> > 
> > Regards, Fred
> > 
> > -----Original Message-----
> > From:
> > address@hidden
> > [mailto:address@hidden
> > gnu.org] On Behalf Of James McGowan
> > Sent: 12 March 2007 06:41
> > To: address@hidden
> > Subject: RE: [Jailkit-users] SFTP Jail closes connection after login
> > 
> > I added a symlink in /home/jail/dev to /dev/null and it works. I realize
> > this may present security issues, so I've since disabled it and will
> > patch from CVS. On behalf of 64-bit SuSE 9 users everywhere, thank you!
> > 
> > james
> > 
> > -----Original Message-----
> > From: address@hidden
> > [mailto:address@hidden On
> > Behalf Of Ari Karhu
> > Sent: Tuesday, March 06, 2007 3:48 AM
> > To: address@hidden
> > Subject: Re: [Jailkit-users] SFTP Jail closes connection after login
> > 
> > Hi,
> > 
> > Thanks for your reply! The /dev/null suggestion that was in the other
> > mail seems to taken care of my problem. I just created a /dev/null node
> > with enough permissions and now I can use both SFTP and SCP.
> > 
> > // Ari
> > 
> > Olivier Sessink wrote:
> > > Ari Karhu wrote:
> > >> Tried to read old mails, but I'm still not able to make the system
> > work.
> > >> Idea is to provide only sftp/scp access to a user. My os uses 
> > >> syslog-ng for logging so I'm not using jk_socketd. The syslog-ng is 
> > >> configured to create a /dev/log into the jail.
> > >>
> > >> The system log looks like this when logging in with sftp:
> > >> -----
> > >> Mar  5 16:25:01 crapbox sshd[7429]: Accepted keyboard-interactive/pam
> > 
> > >> for test from xxx.xxx.xxx.xxx port 57361 ssh2 Mar  5 16:25:01 crapbox
> > >> sshd(pam_unix)[7434]: session opened for user test by (uid=0) Mar  5
> > >> 16:25:01 crapbox sshd[7434]: subsystem request for sftp Mar  5
> > >> 16:25:01 crapbox jk_chrootsh[7435]: now entering jail /var/www/test 
> > >> for user test (1001) Mar  5 14:25:01 crapbox jk_lsh[7435]: jk_lsh 
> > >> version 2.3, started Mar  5 14:25:01 crapbox jk_lsh[7435]: executing 
> > >> command '/usr/lib/misc/sftp-server' for user test (1001) Mar  5
> > >> 16:25:01 crapbox sshd(pam_unix)[7434]: session closed for user test
> > > 
> > > this looks 100% good, it seems to be the sftp-server process that 
> > > closes the connection.. If jk_lsh fails to execute sftp-server it 
> > > would log something like "WARNING: running /usr/lib/misc/sftp-server 
> > > failed for user test (1001): Permission denied", but it doesn't, so I 
> > > assume sftp-server is started correctly.
> > > 
> > > which sftp client are you using?
> > > 
> > >> /var/www/test/etc/jailkit/jk_lsh.ini:
> > >> [test]
> > >> paths= /usr/bin, /usr/lib/misc
> > >> executables= /usr/bin/scp, /usr/lib/misc/sftp-server 
> > >> allow_word_expansion = 0
> > > 
> > > since you allow scp as well, can you copy files by scp to account
> > 'test'?
> > > 
> > > regards,
> > >   Olivier
> > > 
> > 
> > 
> > 
> > 
> > _______________________________________________
> > Jailkit-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/jailkit-users
> > 
> > 
> > 
> mensaje de correo electrónico adjunto
> > --------- Mensaje reenviado --------
> > De: Olivier Sessink <address@hidden>
> > Responder a: address@hidden
> > Para: address@hidden
> > Asunto: RE: [Jailkit-users] SFTP Jail closes connection after login
> > Fecha: Mon, 12 Mar 2007 13:59:45 +0100 (CET)
> > 
> > > So, perhaps, it's better to add the symlink /dev/urandom in the
> > > /home/jail/dev and not /dev/null ? (To be tested)
> > 
> > in cvs the device /dev/null is added to the sftp section
> > 
> > regards,
> > Olivier
> > 
> > 
> > 
> > 
> > 
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users
[Prev in Thread]
Current Thread
[Next in Thread]
[Jailkit-users] Re: Jailkit-users Digest, Vol 18, Issue 8, Lisandro Beltramino <=
- RE: [Jailkit-users] Re: Jailkit-users Digest, Vol 18, Issue 8, James McGowan, 2007/03/13
Prev by Date: RE: [Jailkit-users] SFTP Jail closes connection after login
Next by Date: [Jailkit-users] Suse 64bit SFTP problem
Previous by thread: [Jailkit-users] How do you safely handle jailed user files?
Next by thread: RE: [Jailkit-users] Re: Jailkit-users Digest, Vol 18, Issue 8
Index(es):
- Date
- Thread