search for: chrootdir

...tion, in practice a single directory. The idea would be to allow file access to this directory with a passwordless public key, but keep rest of the users file accessible only with another, supposedly more secure key. I found a way to do this by running a separate sshd on a different port with 'ChrootDirectory /some-dir' and 'ForceCommand internal-sftp' configuration variables, but running two sshds is rather inelegent. Is there a way to force this kind of configuration to only some keys? If not, could the Match keyword be extended to match only certain keys, or even better, could a ...

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

...r.conf for pxeboot. Default not work -- machine panic with "no init" diagnose. Reason -- need string in loader.conf: vfs.root.mountfrom="ufs:/dev/md0c" (I need some another strings for my own loader.conf) For creating release I use command: make release BUILDNAME=6.1-PRERELEASE CHROOTDIR=/usr/release \ CVSROOT=/home/ncvs EXTSRCDIR=/usr/src KERNELS=OILSPACE1 \ LOCAL_PATCHES=/usr/src_local_patches NO_FLOPPIES=yes NO_ISOS=yes \ NODOC=yes NOPORTS=yes RELEASETAG=RELENG_6 KERNELS_BASE="OILSPACE1 \ GENERIC" My local patches -- only new unionfs currently. install.cfg I put in /u...

...nst' disk - that is, with the release, docs, and a port tree, but no ports. This is so I can do a fresh install without having to update the world... I am using a script that looks like this... #!/bin/sh rm -rf /usr/obj cd /usr/src make -DNOCLEAN world kernel cd /usr/src/release make release CHROOTDIR=/usr/release \ CVSROOT=/usr/mirror/ncvs \ RELEASETAG=RELENG_4_8 -DMAKE_ISOS DOC_LANG=en_US.ISO8859-1 ...this works fine for RELENG_4 but I haven't gotten it to work yet for RELENG_4_8... Thanks, Mike H.

...t cd to /usr/release/usr/src/sys/conf.. and it stops here for me ;) .. going further will feel like remaking frankenstein. Can somebody explain to me why the above is going so terribly wrong ?. I tried man release ans the FreeBSD handbook without luck. # define needed variables for make release CHROOTDIR=/usr/release BUILDNAME=4.8-RELENG CVSROOT=/usr RELEASETAG=RELENG_4_8 NOPORTS=YES MAKE_ISOS=YES export CHROOTDIR BUILDNAME CVSROOT RELEASETAG NOPORTS MAKE_ISOS # make a ftp install dir and ISO's cd /usr/src/release make release -- The whole problem with the world is that fools and fa...

Hi all, Just thought I'd share this little bit of information. If you're running Icecast in a chroot jail the timestamps in the access.log file will almost certainly be in UTC times. If you want local timezone timestamps you need to make sure the file /etc/localtime is in <chrootdir>/etc/localtime. If you use a different timezone settings (generated using tzselect for example). You may need to copy the appropriate files from /usr/share/zoneinfo to your chroot basedir. Just thought I'd share this with you folk, since it took me about an hour to figure it out. Cheers,...

...mmuniGate(tm) Pro* When we last deployed OpenSSH (v. 3.4p1), we used a chroot patch supplied by John Furman. Does anyone know if that is still being maintained, and if so, where one may get it? If not, do any of the other chroot patches use the same configuration syntax? Specifically, it adds ChrootDir and ChrootUser to sshd_config. Thanks, --Jason

I suspect this has been asked before but I'll ask anyway. Q1: Is it possible for a non-root process to perform a chroot? My interest is this: I have a typical ISP hosting account (verio; on a FreeBSD 4.4 server.) I'd like to install and run various CGI packages, yet protect myself (and my email, and my .ssh keys) from bugs being exploited in those CGI packages. Chroot at the start

...mindrot.org/attachment.cgi?id=1648) Temporarily fix (changed code in session.c) for this issue Hello: I have configured sshd_config as the following: ================================================= Subsystem sftp /opt/ssh/libexec/sftp-server #Subsystem sftp internal-sftp Match User sftpch ChrootDirectory /chrootdir ForceCommand internal-sftp ================================================== Now if somebody tries to do a ssh (not a sftp) with account sftpch, the connection hangs. And I have investigated this issue and generated a temporarily solution for it. Let's have a travel to t...