Your message dated Wed, 16 Jun 2021 17:34:00 +0000
with message-id <[email protected]>
and subject line Bug#527564: fixed in libpam-chroot 0.9-5
has caused the Debian Bug report #527564,
regarding pam_chroot causes a huge expense for setting up multiple parallel
chroot environments
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
527564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527564
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpam-chroot
Version: 0.9-3
Debian Version: lenny
Hello!
According to the german tutorial "Anleitung zum Absichern
von Debian" I had set up a server containing logins and homes for an amount of
more then 300 users. The users are able to login via ssh. Every user has his
own changeroot environment.
To realize this, I am using libpam_chroot. A single changeroot directory is
used as a "master changeroot directory" and and all (system) files in each
users change-root environment, excluding the user's own data, are hard links
to the files in this “master environment”.
The (master) change-root environment has a static /dev directory and it is not
necessary to mount any additional file-system.
I made this configuration debian sarge, the update to debian etch made no
problem and etch still is running actually.
But now it's time to update to debian lenny.
If I investigated correctly, two huge changings are necessary to
make the changeroots work in lenny:
1) The /proc – file system must be mounted into every changeroot-user
directory.
Otherwise, ssh-logins are interrupted with the message:
Connection reset by peer
Connection to <server-ip> closed.
2) The same must be done with /dev/pts.
Otherwise, the ssh-login freezes after the authentication while the
message “PTY allocation request failed on channel 0”.
This means, that /proc and /dev/pts must be mounted into every single one of
the 300 (and still growing amount of) chroot-environments for my users.
Is this intended, is it a bug or is it not longer recommended to use a
changeroot environment for each user?
Regards
Matthias Faulstich
--- End Message ---
--- Begin Message ---
Source: libpam-chroot
Source-Version: 0.9-5
Done: Javier Fernandez-Sanguino Pen~a <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libpam-chroot, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <[email protected]> (supplier of updated
libpam-chroot package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 03 Jun 2021 12:57:43 +0200
Source: libpam-chroot
Architecture: source
Version: 0.9-5
Distribution: unstable
Urgency: high
Maintainer: Javier Fernandez-Sanguino Pen~a <[email protected]>
Changed-By: Javier Fernandez-Sanguino Pen~a <[email protected]>
Closes: 437385 527564 949080 980047
Changes:
libpam-chroot (0.9-5) unstable; urgency=high
.
* debian/rules: Install the PAM module in the right location
(Closes: #980047)
* Fix FTCBFS: (Closes: #949080, #437385)
+ Let dh_auto_build pass cross tools to make.
+ Make install substitutable.
+ Pass a non-stripping install to make install.
Thanks Helmut Grohne for the patch
* debian/README.Debian: discourage users from using this module with
OpenSSH as this feature is available already in the daemon (see option
ChrootDirectory) and the setup might not work due to changes in OpenSSH
(Closes: #527564)
Checksums-Sha1:
b5d11547633d1e0c49468cb71e9d444b2364570d 1754 libpam-chroot_0.9-5.dsc
7e1f8df79bea3f4957d2c40b7041e0b718ffcd0b 10965 libpam-chroot_0.9-5.diff.gz
fa19466d43b6b5e88ad2506959d528f37cb2e730 6360
libpam-chroot_0.9-5_source.buildinfo
Checksums-Sha256:
7fbbfd6958dcab983438fadb5b485057a73a79e10348b5c0aa5a63824a0301ca 1754
libpam-chroot_0.9-5.dsc
155fc31a2b035990490d2cbbe18c217d86afaa50adb317d7f05ff35fe4272a3b 10965
libpam-chroot_0.9-5.diff.gz
56412d9a3dc4b4df619316e63cf0c8e87285e9ad7dd238cfb403c94a054f725a 6360
libpam-chroot_0.9-5_source.buildinfo
Files:
47f47f63b1cf9176aac33e8c5670508f 1754 devel optional libpam-chroot_0.9-5.dsc
59853727503a70c9e740248ef2dd8f78 10965 devel optional
libpam-chroot_0.9-5.diff.gz
6fbf91a469f5fa98ade9eec526368069 6360 devel optional
libpam-chroot_0.9-5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEFQ8Kq6ttIR3DT+AOix9vSKslf5gFAmDKMRIACgkQix9vSKsl
f5iQGxAAx/7TF7yu+PDuJvT+m2nIZto9E3NPAUNXJoC8PmF+3bhgEb0RR2vOLoKq
cLX64MBWvAGToH1ZbQPi7brA+lo67mIqn/wHzqoKC4S/AR4WgfQ38kDr2GNYV3XR
qs+iq8A7mG3gcU4mb33W46QUURYTwFMZyBc2MhDZ55mcIWgYE0nGnp9DfqfbvjLG
C0GyqJqrxQMbOWQxBtCo4K20Fi052oHxRNIgrz3gHDmQTbsXItYm74tyD4GG5/6/
SJFEVQgcR6/irkI4VSkhnfsE56BYOB2LHwjtnEyI5kos0P6mYZrhKBQnxiBjbGOH
BuuSXb0GDEHj92RB1CGZDeD9A4f5zXBJNVGr/vPvCV6kSiivDLErdWpNo0R5DtZ1
P07Yv3SlkHp0oURTdY4irXRqvwiUBdkzY7Pq2AExrHtCvcvGJktH7VT6IA7pRp7b
MVE/5yVHrIPrdLPw4hgfLAKfvpfwHoPg1BfSrzgzelaSoDIwrE6cSx+X/Z6KdumM
JGDLxEl+es1ipcOJoflc0lLzDTKrw9Yg21DqQloo8wUndXGBM0xOvJFnAsOEb0P4
gfA4OKBe2MdR75p+5YvZcY2rrRFIqP7QX/t6mL5uqGhywdwhWTWbK42PjiYOnOVk
QwPyqP/YS1fsCO92DIdBO913WhTFLovzdnCeBeZUCKrDaTXMO7c=
=4Zvs
-----END PGP SIGNATURE-----
--- End Message ---
