CentOS - Jan 2008 - Can TFTPD run in a chroot jail?

Hi,

I've been struggling with this problem for the last couple of hours and am 
nowhere near solving the problem.  I am trying to run a tftp server in a 
chroot jail.  Now perhaps I am being paranoid, but I would like to have it 
launched from within its own jail even if it supposedly does a chroot itself 
and runs with a parameterizable user.

I downloaded the atftp-server package and tried to set up my own tftpd jail. 
I copied over the linked libs to the proper place, the /etc/passwd, 
/etc/groups, /etc/hosts, /etc/nsswitch.conf, /etc/resolv, /etc/services 
files.  I even created the dev/null device and set up syslog to read from 
the jail/dev/log device.

However, I can't seem to launch it from within the jail.  It works fine when
I try from the regular prompt, but when I try to launch from within the 
jail, I doesn't want to start:

[root at apollo tftpd]# /usr/sbin/chroot  /chroot/tftpd/ 
 /usr/sbin/atftpd --daemon --no-fork

in /var/log/messages:
Jan 12 23:09:02 apollo atftpd[17479]: atftpd: udp/tftp, unknown service


So it apparently is unable to read my /chroot/tftpd/etc/services file.  If I 
set the port number manually:
[root at apollo tftpd]# /usr/sbin/chroot  /chroot/tftpd/ 
 /usr/sbin/atftpd --daemon --no-fork --port 69 -user eric.eric

Jan 12 23:16:05 apollo atftpd[17556]: atftpd: can't change identity to 
eric.eric, exiting.


I know the tftpd daemon is able to read the /chroot/tftpd/etc/ directory as 
it is properly reading my /etc/localtime file (if i remove /etc/localtime 
the logged timestamp changes).

Can anyone point me in the right direction as to things to try?  I've tried 
everything I can think of, and even then some things, but just can't figure 
it out...

Thanks!

Eric

Eric B. wrote:
> Hi,
> 
> I've been struggling with this problem for the last couple of hours and
am
> nowhere near solving the problem.  I am trying to run a tftp server in a 
> chroot jail.  Now perhaps I am being paranoid, but I would like to have it 
> launched from within its own jail even if it supposedly does a chroot
itself
> and runs with a parameterizable user.
there is only one chroot under unix (you can't chroot from the shell
then in the daemon).

If a service implements chroot correctly, then it is better to use it
(because it can load the necessary stuff before, so you don't need to
copy a whole system to the jail).
> 
> I downloaded the atftp-server package and tried to set up my own tftpd
jail.
> I copied over the linked libs to the proper place, the /etc/passwd, 
> /etc/groups, /etc/hosts, /etc/nsswitch.conf, /etc/resolv, /etc/services 
> files.  I even created the dev/null device and set up syslog to read from 
> the jail/dev/log device.
> 
> However, I can't seem to launch it from within the jail.  It works fine
when
> I try from the regular prompt, but when I try to launch from within the 
> jail, I doesn't want to start:
> 
> [root at apollo tftpd]# /usr/sbin/chroot  /chroot/tftpd/ 
>  /usr/sbin/atftpd --daemon --no-fork
> 
> in /var/log/messages:
> Jan 12 23:09:02 apollo atftpd[17479]: atftpd: udp/tftp, unknown service
> 
> 
> So it apparently is unable to read my /chroot/tftpd/etc/services file.  If
I
> set the port number manually:
> [root at apollo tftpd]# /usr/sbin/chroot  /chroot/tftpd/ 
>  /usr/sbin/atftpd --daemon --no-fork --port 69 -user eric.eric
> 
> Jan 12 23:16:05 apollo atftpd[17556]: atftpd: can't change identity to 
> eric.eric, exiting.
> 
> 
> I know the tftpd daemon is able to read the /chroot/tftpd/etc/ directory as
> it is properly reading my /etc/localtime file (if i remove /etc/localtime 
> the logged timestamp changes).
> 
> Can anyone point me in the right direction as to things to try?  I've
tried
> everything I can think of, and even then some things, but just can't
figure
> it out...
> 
> Thanks!
> 
> Eric
> 
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>