A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children.
Questions tagged [chroot]
413 questions
0
votes
1 answer
sftp with chroot without ssh access
I'm trying to have some users able to sftp but not ssh. I've looked at OpenSSH: Difference between internal-sftp and sftp-server and Trying to ChrootDirectory an SFTP user to their home directory
Inside of sshd_config I have the lines
Subsystem…
ProjectPaatt
- 11
- 6
0
votes
1 answer
Create Linux user with no capabilities
How do I create a new user which has no capabilities? For instance, they should not be able to run any commands or view any directories (except for their home directory if necessary).
The only purpose of this user is to allow Machine1 to create a…
user1032531
- 568
- 2
- 11
- 26
0
votes
1 answer
Redirect output to /dev/tty1 outside chroot jail?
I couldn't figure out exactly how to word this in my searching; if someone could tell me what this is called and point me to a resource I would greatly appreciate it.
TL;DR: For a CentOS installation, I want users to be able to watch the %post…
Locane
- 429
- 1
- 8
- 20
0
votes
1 answer
Installing RPMs on system with no internet causes dependency conflicts: libstdc++.so.6, libm, etc
To avoid the XY problem, let me first describe the situation.
We have a client project of unique circumstances. We have a relatively modern software stack (Keras DNN stuff) that needs to run on a client's system. This system, a Cloudera CentOS 6…
DeusXMachina
- 183
- 1
- 1
- 9
0
votes
1 answer
PHP Error 500: Timezone database is corrupt - this should *never* happen
I have a fresh install of an Ubuntu Server 16.04 amd64 with apache 2.4.18 and php 7.0.
I have chrooted the Apache with mod_env and
ChrootDir /var/www
in /etc/apache2/apache2.conf and far as I know is here the problem. I want to do a NexctCloud 11…
Arny80Hexa
- 139
- 1
- 4
- 14
0
votes
1 answer
SFTP via port 22 or vsftp over port 20 / 21 - Best way to secure FTP access to a server
I've read many articles and questions on SF about this, and still can't figure out if the way I'm doing it is (a) possible, and (b) secure.
The server is running on AWS EC2, and all access is via SSH keys. I also only open port 22 to my own IP, but…
dsl101
- 433
- 1
- 8
- 14
0
votes
2 answers
Enabling ChrootDirectory breaks my SFTP on AWS, gives error for wrong dir
I'm trying to set up an SFTP server on AWS that multiple customers can use to upload data securely. It is important that they are not able to see the data of any other customer, and to do that I need to jail the directories with ChrootDirectory in…
Jordan Bentley
- 51
- 5
0
votes
1 answer
Permissions on chrooted user not working after update on Amazon Linux
I setup chrooted users on an Amazon Linux development instance to grant them access to the /var/www folder. It was working fine, but after a yum update (November I think), the users can no longer edit/create files and folders in the /var/www…
Complectia
- 1
- 2
0
votes
1 answer
Can't Chroot users to directory
I'm trying to Chroot a user name rasportine to a folder.
I followed a tutorial and modified the sshd_config file by adding
Match User rasportine
ChrootDirectory /var/www/clubs/rasportine
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding…
arthurM
- 1
- 1
0
votes
2 answers
Systemd unit script that should print a message to the terminal is not working
I have a CentOS7 server running named-chroot. The problem is named and named-chroot are separate systemd services in CentOS7, and I have both a stable system and a short memory. Months go by between any need for BIND maintenance. When I have BIND…
William Seligman
- 33
- 1
- 6
0
votes
1 answer
OpenBSD 6.0 chrooted httpd with php 7.0 mail() works, but no mail goes out?
I started with a fresh install of OpenBSD 6.0 which has a chroot (/var/www) on their httpd server (not Apache). I installed PHP 7.0 and set up the php-fpm using the binary installs. In the web root there exists both sendmail and femail objects. I…
FreedomRings
- 1
- 3
0
votes
1 answer
chroot root jail with where you an only su out to registed user
Can i ask for some advice about securing ssh logins.
Is this a good way.
I want to have only one user allowed to connect to our remote servers(AllowUser in sshd.conf)Using ssh keys and NoPasswords.
This user connect to a restricted shell withn a…
Christian Watts
- 3
- 3
0
votes
1 answer
Running BIND9 In chroot on Ubuntu 16.04 xenial
Running inside an OpenVZ guest, it is not possible to use the AppArmor as discussed, so I am trying to configure BIND9 to run in chroot.
Following the documentation, I struggled until I found that in Ubuntu 15.04 and 16.04 do not honour…
Alexander Radev
- 101
- 1
- 4
0
votes
1 answer
How to disable systemcalls in ftp environment with vsftpd?
I've set up a vsftpd server with local users jailed within their home directories.
Anyhow if I connect through a ftp client I can execute systemcalls with the "!" command.
How can I configure vsftpd to deny those calls?
ftp> ! cat /etc/shadow
...…
m13r
- 174
- 8
0
votes
0 answers
Jailkit: cannot su to jailed user
As a part of a bigger setup (docker container with safe environment for running python scripts), I need to configure a jailed user. I have looked at different options and decided to try Jailkit. Unfortunately, I have a problem with trying to setup a…
Andrey Sapegin
- 1,201
- 2
- 12
- 27