search for: chroot_dir

Hi, This patch (against the current CVS tree) is intended to add secure configuration to icecast 'out of the box'. It adds two configuration directives, 'icecast_user' and 'chroot_dir'. These are intended to be used together to reduce the privileges icecast runs under to the minimum necessary. When this is enabled and run as root icecast will enter the specified chroot jail and drop privileges to the user specified. The chroot_dir option will probably not work if --enable...

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

...1.10 diff -u -3 -p -r1.10 restrict-access.c --- src/lib/restrict-access.c 4 Mar 2003 04:00:13 -0000 1.10 +++ src/lib/restrict-access.c 15 Apr 2003 17:37:26 -0000 @@ -31,12 +31,14 @@ #include <grp.h> void restrict_access_set_env(const char *user, uid_t uid, gid_t gid, - const char *chroot_dir) + const char *chroot_dir, int allow_zg) { if (user != NULL && *user != '\0') env_put(t_strconcat("RESTRICT_USER=", user, NULL)); if (chroot_dir != NULL && *chroot_dir != '\0') env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir,...

https://bugzilla.mindrot.org/show_bug.cgi?id=2681 Bug ID: 2681 Summary: postauth processes to log via monitor Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

This patch (against the current CVS tree) is intended to add secure configuration to icecast 'out of the box'. It adds two configuration directives, 'icecast_user' and 'chroot_dir'. These are intended to be used together to reduce the privileges icecast runs under to the minimum necessary. When this is enabled and run as root icecast will enter the specified chroot jail and drop privileges to the user specified. The chroot_dir option will probably not work if --e...

Dovecot is faulting on an error about permissions that it shouldn't do. I've got an user with its home dir with permissions 700, and inside the mail directory with the mboxes. In the error log I can see: 'Can't chdir to /home/user. Permission denied' I wonder why it has to chdir to that directory and why it can't access. Shouldn't it be running as the user?

...const char *executable, const char *module_dir, unsigned int process_size, int process_type, *************** *** 156,164 **** --- 192,205 ---- restrict_process_size(process_size, (unsigned int)-1); + (void)umask(set->umask); + if (*home_dir != '\0') { full_home_dir = *chroot_dir == '\0' ? home_dir : t_strconcat(chroot_dir, "/", home_dir, NULL); + if (set->parent_dir_umask != 0777 && + !create_directories(full_home_dir, set->parent_dir_umask)) + i_fatal("mkdir(%s) failed: %m", full_home_dir); if (chdir(full_home_...

...trying to get the patch to work on one of my AIX hosts (4.3.3), I discovered what is probably a bug in the section of code in session.c. for (i = 0; i < options.num_chroot_users; i++) { if (match_user(pw->pw_name, hostname, ipaddr, options.chroot_users[i])) { dir = chroot_dir(pw); /* 'dir' now points to memory block holding pathname */ new_home = dir; /* contents of 'dir' pointer copied to 'new_home' pointer */ xfree(dir); /* memory block with pathname freed */ if(chdir(new_home) == -1) /* now trying to refer...

...========# Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE Match User fredwww ChrootDirectory %h #ForceCommand internal-sftp #================================================# If I un-comment ForceCommand internal-sftp, syslog no longer logs activity from internal-sftp. I have the <CHROOT_DIR>/dev/log setup with my syslog, and as I said, without ForceCommand it works fine. I looked through the source, but am not super c savvy so I could not see why this would cause a problem, but I think it has to do with the -f -l arguments not getting through properly to sftp-server. I would be...

------------ Original Message ------------ > Date: Sunday, April 19, 2015 18:44:43 +0000 > From: Sarogahtyp <sarogahtyp at web.de> > To: centos at centos.org > Subject: [CentOS] yum install failiure - CentOS-7 - Base > > I have a running CentOS 6.5 64-bit system running and i like to > have a CentOS 7 chrooted system inside. > Ive done that chroot environment as

...t;return> to quit--- locaddr = 0x55b48e612800 "`\341\314 \302\177" remaddr = <optimized out> ret = <optimized out> status = <optimized out> tv = {tv_sec = 1529777922, tv_usec = 319131} now = <optimized out> chroot_dir = 0x55b48e5fa6d0 "\306\016\212 \302\177" rc = <optimized out> __func__ = "smbd_process" __FUNCTION__ = "smbd_process" #35 0x000055b48c66d1d4 in smbd_accept_connection (ev=0x55b48e5f3520, fde=<optimized out>, flags=<optimized out&g...