-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Russ Allbery wrote: > "Glyn Davies" <[email protected]> writes: > >> Mar 18 04:44:56 crltc226 rssh_chroot_helper[3581]: chrooted to >> /home/dummy >> Mar 18 04:44:56 crltc226 rssh_chroot_helper[3581]: changing working >> directory to / (inside jail) >> Mar 18 04:44:56 crltc226 rssh_chroot_helper[3581]: execv() failed, >> /usr/libexec/openssh/sftp-server: Permission denie > > Is /usr/libexec/openssh/sftp-server inside the chroot executable? >
below is the script i used on CENTOS5.2 - which i know isn't technically RHEL5.3 - but it is very close. 2 scripts l2chroot.sh - determines what linked libraries need to be copied into the chroot mkchroot.sh - the main script, it calls l2chroot.sh for help on linked libraries both scripts do have a couple of variables hard coded in each of them at the top, i was too lazy to do the proper argument checking etc, needed for a robust command line version. good luck! ================================================================================= #l2chroot.sh #!/bin/bash # Use this script to copy shared (libs) files to Apache/Lighttpd chrooted # jail server. # - ---------------------------------------------------------------------------- # Written by nixCraft <http://www.cyberciti.biz/tips/> # (c) 2006 nixCraft under GNU GPL v2.0+ # + Added ld-linux support # + Added error checking support # - ------------------------------------------------------------------------------ # See url for usage: # http://www.cyberciti.biz/tips/howto-setup-lighttpd-php-mysql-chrooted-jail.html # - ------------------------------------------------------------------------------- # Set CHROOT directory name BASE="/LV3.BACKUP" if [ $# -eq 0 ]; then echo "Syntax : $0 /path/to/executable" echo "Example: $0 /usr/bin/php5-cgi" exit 1 fi [ ! $BASE ] && mkdir -p $BASE || : # iggy ld-linux* file as it is not shared one FILES="$(ldd $1 | awk '{ print $3 }' |egrep -v ^'\(')" echo "Copying shared files/libs to $BASE..." for i in $FILES do d="$(dirname $i)" [ ! -d $BASE$d ] && mkdir -p $BASE$d || : /bin/cp $i $BASE$d done # copy /lib/ld-linux* or /lib64/ld-linux* to $BASE/$sldlsubdir # get ld-linux full file location sldl="$(ldd $1 | grep 'ld-linux' | awk '{ print $1}')" # now get sub-dir sldlsubdir="$(dirname $sldl)" if [ ! -f $BASE$sldl ]; then echo "Copying $sldl $BASE$sldlsubdir..." /bin/cp $sldl $BASE$sldlsubdir else : fi ================================================================================= #mkchroot.sh #!/bin/bash BASE="LV3.BACKUP" USERNAME="thesrc" useradd -d /$BASE/BACKUP -s /usr/bin/rssh $USERNAME mkdir -p /$BASE/{dev,etc,lib,usr,bin} mkdir -p /$BASE/usr/bin mkdir -p /$BASE/usr/libexec/openssh mkdir -p /$BASE/BACKUP chown $USERNAME.$USERNAME /$BASE/BACKUP mknod -m 666 /$BASE/dev/null c 1 3 cd /$BASE/etc cp /etc/ld.so.cache . cp -avr /etc/ld.so.conf.d/ . cp /etc/ld.so.conf . cp /etc/nsswitch.conf . cp /etc/hosts . cp /etc/resolv.conf . cat /etc/group | grep -e "root:x" -e $USERNAME > /$BASE/etc/group cat /etc/passwd | grep -e "root:x" -e $USERNAME > /$BASE/etc/passwd cd /$BASE/usr/bin cp /usr/bin/scp . cp /usr/bin/rssh . cp /usr/bin/sftp . cp /usr/bin/rsync . cd /$BASE/usr/libexec/openssh cp /usr/libexec/openssh/sftp-server . cd /$BASE/usr/libexec cp /usr/libexec/rssh_chroot_helper . /root/l2chroot.sh /usr/bin/scp /root/l2chroot.sh /usr/bin/rssh /root/l2chroot.sh /usr/bin/sftp /root/l2chroot.sh /usr/bin/rsync /root/l2chroot.sh /usr/libexec/openssh/sftp-server cp /lib64/libnss_files* /$BASE/lib64 rm -rf /$BASE/BACKUP/*. rm -rf /$BASE/BACKUP/.* ================================================================================= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAknCaGYACgkQvE9HrEfeE4fZ5QCeKr+lhWOrAvYM2Yrqk3SR96rx 1sEAoLmMz+fZxuIFlzeCIo5LUxq7hW/L =rMEW -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ rssh-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rssh-discuss
