similar to: Chroot'ed SSH

Hello, First, a big thank you to the OpenSSH devs. _ /Problem Summary:/ _ Chroot and SELinux don't get along. This affects both the new (official) ChrootDirectory feature, as well as the older (3rd party) patch at http://chrootssh.sourceforge.net/. _ /History and repro:/ _ On March 21, 2008, Alexandre Rossi posted to this list with the subject: "*ChrootDirectory

Hi everybody. I got a problem here. I want to use chroot + sshd service. env: RHEL 5.2 tail -1 /etc/pam.d/sshd session required pam_chroot.so debug tail /etc/security/chroot.conf terry /users ssh terry at 192.168.20.11 faile tail /var/log/secure Jun 7 05:05:40 node1 sshd[5397]: pam_chroot(sshd:session): chroot(/users) succeeded <- chroot /users succeeded Jun

Hello, I'm new to the list, but hopefully I've done enough digging around that I don't get yelled at too terribly ;) We're looking to implement a chrooted environment for allowing users to scp files from servers. That's basically the only functionality that we need in this case. We're looking to chroot the user and/or remove any chance that the account can login via

Has anyone got the pam_chroot module to successfully work in FreeBSD? I have FreeBSD 5.2-RELEASE installed. I copied the appropriate binaries and libraries into my chroot, I can chroot -u test -g test /home/test /usr/local/bin/bash and it works perfectly. So now I am trying to get the pam module to work. I added session required pam_chroot.so debug into the

Hi, On CentOS 7 I?m trying to set up a chrooted SFTP server on which specific users can only read and write on specific folder. And I?d like to disable some commands, so the users can only do ?cd?, ?ls?, ?get? and ?put? (and disabling ?chgrp?, ?chmod?, ?chown?, ?df? etc ?). Is there a way to achieve it, natively or with using a third-party software ? Alexandre MALDEME Analyste d'exploitation

I am supporting a site that allows members to upload release files. I have inherited this site which was previously existing. The goal is to allow members to file transfer to and from their project area for release distribution but not to allow general shell access and not to allow access to other parts of the system. Currently rsync and old scp has been restricted using a restricted shell

Affected Software: rssh - all versions prior to 2.3.0 Vulnerability: local user privilege escalation Severity: *CRITICAL* Impact: local users can gain root access Solution: Please upgrade to v2.3.1 Summary ------- rssh is a restricted shell which allows a system administrator to limit users' access to a system via SSH to scp, sftp, rsync, rdist, and cvs. It also allows the system

Hello, As discussed on the centos-users list, I would like to create some pages on the CentOS Wiki with instructions on how to set up your environment to build RPMs and how to rebuild RPMs. This content today exists here: http://wiki.centos.org/HowTos/I_need_the_Kernel_Source#head-a8dae925eec15786df9f6f8c918eff16bf67be0d I would suggest creating these two: 1)

Hello, I've got strange problem with centos (as well as rhel btw) chrooted environment. First of all I created simple directory with only the libs for 'bash' and 'id' tools: ---- # chroot testcase/ bash-3.1# id uid=0 gid=0 groups=0,1,2,3,4,6,10 ---- Yes, I even do not have /etc/ directory inside testcase/ , but id shows groups from the _host_ root account. I tried to

Hello, I noticed something unusual today. If I "du" a small file (couple of bytes) in CentOS 5, it tells me the file is using 8kb, while I was expecting 4kb which is the block size I'm using. I tried this on several CentOS 5 machines, both x86_64 and i386: $ echo test >test.txt $ ls -l test.txt -rw-rw-r-- 1 filbranden filbranden 5 Mar 11 17:24 test.txt $ du -h test.txt 8.0K

Hi, My boss asked me to harden a CentOS box by removing "hacker" tools, such as nmap, tcpdump, nc (netcat), telnet, etc. I would like to know which list of packages would you remove from a base install. I would appreciate if someone could point me to a "standard" way of doing this. I know there are procedures for hardening a machine (I remember reading about Bastille Linux)

Hi! I do not know if it's the ideal place, but I'm sending some suggestion. Always use openssh and its enormous features. - I needed to create an environment with only sftp access and thus used: - Match User suporte ForceCommand / usr / lib / openssh / sftp-server OK! It worked perfectly! But only sftp. - Create an environment with only blocking the ssh, but scp and

On Tue, Feb 17, 2009 at 11:33, Alan Bartlett <ajb.stxsl at googlemail.com> wrote: > The subject line for this "conversation / thread" reads: > "Re: [CentOS-docs] [CentOS] Is the NFS lockd bug fixed ?" > The contents, however, relates to XFS & the CentOSPlus kernel. > Filipe, please take care with what you do. :-) Very sorry about that. Fixed it now. In

Hi, Small correction there. Example 4 of section 2 (how to use XFS with CentOSPlus kernel) says you should use this configuration line in [centosplus] section of yum: includepkgs=kernel* xfs* dmapi* However, the XFS module's package name is kmod-xfs*, so I believe it should actually be: includepkgs=kernel* kmod-xfs* xfs* dmapi* I did this on a system of mine, and in the first case it did

Hi, As per the subject line - if I look up setting up chroot jails for SFTP over SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page dated 2005, but what's the 'best' or 'correct' way to set this up for Centos 4.5 and 5? Thanks

List, I am putting together a sftp server and would like to use a restrictive shell with a chroot jail. I was wondering what members of the list thought about rssh as opposed to scponly. Greg Ennis

A colleague supplied me with a set of rpms he built on his Fedora box and when I tried to install them with yum localinstall I got a missing dependency: Resolving Dependencies --> Running transaction check ---> Package hipl-doc.i386 0:1.0.4-1 set to be updated ---> Package hipl-tools.i386 0:1.0.4-1 set to be updated --> Processing Dependency: python(abi) = 2.5 for package:

I have a use for sftp to run in a chroot jail. Since sftp doesn't quite work properly for that, I did the work to make it function like that. This required two different changes: sftpsh is a replacement for nologin. It works like nologin except under certain circumstances -- where it will start up sftp-server. The other part was to add an option to sftp-server. the '-c' option

Hello, I recently noticed that Thunderbird updates are missing from CentOS 5. First, I noticed that Thunderbird 2.0.0.19 is available in the "updates" repo of CentOS 5.2, but not on the "updates" repo of CentOS 5.3. The version in the "os" repo of CentOS 5.3 is 2.0.0.18. - Thunderbird 2.0.0.19 in CentOS 5.2 updates repo:

I just setup CENTOS 4.7 with latest patches on DELL server. I also configured NTP point to out time server. I found /var/log/messages file every 20 to 30 minutes will generate a error message : Mar 15 14:28:15 SER1 ntpd[25037]: sendto(172.29.21.16): Invalid argument Mar 15 14:45:22 SER1 ntpd[25037]: sendto(172.29.21.16): Invalid argument Mar 15 15:02:29 SER1 ntpd[25037]: sendto(172.29.21.16):