We have a requirement to allow ssh access to a server in order to
provide a secure link to one of our legacy systems. I would like to
chroot these accounts.
I have this working except for one small detail, the user's prompt in
the ssh session. Each user has their shell set to /bin/bash in
/etc/passwd. However, instead of getting the prompt defined in their
.bash_profiles we see this:
-bash-4.1$
when we are expecting this:
[username at hostname dir]$
So, before I go messing around moving files I would some information
from you as tio what I have overlooked. Do I need to move something
like etc/passwd and /etc/group into the chroot/etc?
TIA
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
James B. Byrne wrote:> We have a requirement to allow ssh access to a server in order to > provide a secure link to one of our legacy systems. I would like to > chroot these accounts. > > I have this working except for one small detail, the user's prompt in > the ssh session. Each user has their shell set to /bin/bash in > /etc/passwd. However, instead of getting the prompt defined in their > .bash_profiles we see this: > > -bash-4.1$ > > when we are expecting this: > > [username at hostname dir]$ > > So, before I go messing around moving files I would some information > from you as tio what I have overlooked. Do I need to move something > like etc/passwd and /etc/group into the chroot/etc?When ssh'ing into the chrooted directories, where's their /home/<user>? I'd set the prompt in ~/.bash_profile. mark
On Jul 6, 2015, at 2:49 PM, James B. Byrne <byrnejb at harte-lyne.ca> wrote:> However, instead of getting the prompt defined in their > .bash_profiles we see this: > > -bash-4.1$ > > when we are expecting this: > > [username at hostname dir]$ > > So, before I go messing around moving files I would some information > from you as tio what I have overlooked. Do I need to move something > like etc/passwd and /etc/group into the chroot/etc?This just means that your users don?t have a ~/.bashrc that can sources /etc/bashrc (either/both are missing), where the traditional $PS1 is set. -- Jonathan Billings <billings at negate.org>
> James B. Byrne wrote: >> So, before I go messing around moving files I would some information >> from you as tio what I have overlooked. Do I need to move something >> like etc/passwd and /etc/group into the chroot/etc?You haven't said anything about the process you used, so it's hard to say what you've overlooked. The basics thing to remember is that the chroot is expected to be a complete system. If you need name resolution, then /etc/passwd and /etc/group need to be present in the chroot. If you need DNS resolution, /etc/resolv.conf, too. If your system uses sssd, chroot won't have access to it. The shell and all of the commands and all of the associated libraries must be in the chroot. Finally, the user's home directory has to exist within and relative to the chroot directory. So, if the user's home directory is /home/user and you want to chroot them there, you would expect to have something like: /home/user/bin/bash /home/user/etc/bash_profile /home/user/home/user/.bash_profile You could symlink /home/user/home/user to /, as well.