Skip to main content

Questions tagged [chroot]

A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children.

Filter by
Sorted by
Tagged with
86 votes
5 answers
261k views

bad ownership or modes for chroot directory component

I created the user MY_USER. Set his home dir to /var/www/RESTRICTED_DIR, which is the path he should be restricted to. Then I edited sshd_config and set: Match user MY_USER ChrootDirectory /var/www/...
MultiformeIngegno's user avatar
30 votes
6 answers
35k views

Is there a windows equivalent to chroot?

On a *nix system I can use a chroot to isolate two processes from each other and from the rest of the system. Is there any similar security system under windows? Or is there any way to prevent two ...
Rook's user avatar
  • 2,707
29 votes
1 answer
41k views

SFTP: file symlinks in a jailed (chrooted) directory

I'm trying to set up sftp so that a few trusted people can access/edit/create some files. I have jailed a user into their home directory (/home/name) but have run into a problem. I want for them to ...
dukevin's user avatar
  • 1,630
24 votes
6 answers
32k views

Ubuntu - can non-root user run process in chroot jail?

Is it possible for a non-root user to run a chroot process on Ubuntu?
Hawkeye's user avatar
  • 2,739
22 votes
6 answers
23k views

OpenSSH anything like 'internal-sftp' but for SCP?

I'm running Debian stable and I'm looking to establish the following environment for users in my 'sftponly' group: jailed can transfer with SFTP can transfer with SCP cannot login interactively with ...
brianjcohen's user avatar
21 votes
5 answers
23k views

How can I chroot ssh connections?

I would like to setup a chroot jail for most (not all) users logging in though SSH. I've heard it's possible with the latest versions of openssh, but I've not been able to find out how to do it. The ...
Malfist's user avatar
  • 817
16 votes
4 answers
89k views

chroot fails - cannot run command `/bin/bash': No such file or directory

I'm a chroot novice trying to make a simple chroot jail but am banging my head against the same problem time and time again... Any help would be massively appreciated I've created a directory /usr/...
Mike Atkinson's user avatar
16 votes
2 answers
30k views

vsftp: why is allow_writeable_chroot=YES a bad idea?

There are several thousand blog posts about vsftp and allow_writeable_chroot=YES The common error message: Fixing 500 OOPS: vsftpd: refusing to run with writable root inside chroot () I solved ...
guettli's user avatar
  • 3,893
15 votes
6 answers
18k views

Trying to setup chroot'd rsync

I'm trying to set up a backup server. I want to chroot each user (client) to its home directory, and only allow it to use sftp and rsync. I quickly discovered that I was not the only one trying to do ...
Mark R.'s user avatar
  • 151
15 votes
4 answers
13k views

Difference between chroot and jail

I read this tutorial - https://help.ubuntu.com/community/BasicChroot - and what I understood is that, chroot is the process of changing the / while the new restricted environment created is the "jail"....
user1437328's user avatar
15 votes
3 answers
8k views

Why chroot is considered insecure?

I've been playing around with CentOS box for couple of years now. So I'm pretty comfy with terminal. However, I read a lot of blog-post claiming that chroot is insecure and amount of those posts ...
Aleksandr Makov's user avatar
15 votes
2 answers
12k views

Up-to-date alternatives of rssh or scponly [closed]

I need: An scp and sftp server With chroot-ed environment With non-login (ssh not allowed for scp/sftp users) Options and related issues I found: scponly No updates since more than 6 years Does ...
Julen Larrucea's user avatar
14 votes
2 answers
59k views

SFTP fatal bad ownership or modes for chroot directory ubuntu 12.04

I just set up my SFTP server and it works fine when I use it from my first user account. I wanted to add a user which we will call 'magnarp'. At first I did like this in sshd_config: Subsystem sftp ...
Jonathan's user avatar
  • 143
14 votes
4 answers
20k views

Why is "chroot" never used on Mac OS X?

I've been using Macs for 25 years, and "UNIX" since OS X 10.0.. but I've never really thought much about chroot, nor have I ever really needed or wanted to... It's a simple question, but... under ...
mralexgray's user avatar
  • 1,451
14 votes
1 answer
26k views

PHP-FPM's chroot and chdir directory

I am setting up php-fpm with chrooting enabled. Now I see that there are two options, and I want to know what the exact difference is. The setup has: chroot = /var/www/domains/domain.tld/ ; Chdir to ...
Saif Bechan's user avatar
13 votes
4 answers
39k views

Unmounting root filesystem without rebooting the server

I have a server that I can access through SSH. There is no KVM available and there's only one root partition for the whole server. I have deleted some files that I shouldn't have and want to recover ...
Thomas Wang's user avatar
13 votes
1 answer
16k views

Why use lxc instead of chroot?

One ubuntu server hosts 3 apps all on separate domains. Each app has its own developers. App developers belong to linux "sftp" group. chroot allows password sftp access for each app developer. /home/...
csi's user avatar
  • 1,605
12 votes
4 answers
12k views

Why running named(bind) in chroot is so important for security? Or maybe it is not?

I'm playing with bind and started wondering why this software is, for example, in CentOS running in chroot. Don't misunderstand me, I know what bind is and what chroot (jail) is for. But my main ...
B14D3's user avatar
  • 5,278
12 votes
3 answers
28k views

Chroot SFTP - Possible to allow user to write to current (chroot) directory

I currently have a WORKING SFTP login, using a private key for login and the user is chroot'ed into their home directory. Goal: Keep the user chroot but allow WRITE access to the relative chroot ...
emmdee's user avatar
  • 2,307
10 votes
3 answers
3k views

RedHat: is it possible to install packages in a kind of mock environment to build RPMs

Is there a tool that allows to install the dependecies of an RPM .spec into an isolated environment? I won't install such dependencies globally on the system and I am not able to do so since I have ...
try-catch-finally's user avatar
10 votes
1 answer
7k views

How to disallow the Docker Daemon to mount host's root file system into the container

I have the following Container Setup. On a bare metal server two Docker Daemons are installed and running. Main Docker Daemon Runs my application containers exposing 80/443 to the outside world. ...
Vad1mo's user avatar
  • 278
9 votes
4 answers
2k views

When is it appropriate / prudent to use chroot?

I hear about needing to chroot BIND all the time. Fair enough. But what about other programs? What are the "rules" (either personal or widely accepted/established) for deciding which programs ...
Mike B's user avatar
  • 12.1k
9 votes
4 answers
9k views

Webserver: chrooted PHP gives mysql.sock error when attempting to reach mysql

I have configured an Ubuntu webserver with Nginx + PHP5-FPM. I have created a chrooted environment (using jailkit) that I'm tossing my developers into, from where they can develop their test ...
Jon L.'s user avatar
  • 318
9 votes
1 answer
2k views

Why is chroot system call not available to non root user?

I was reading description about setuid on wikipedia http://en.wikipedia.org/wiki/Setuid I was unable to understand how chroot is related to setuid as mention in following paragraph from wikipedia ...
Mr Coder's user avatar
  • 195
9 votes
5 answers
13k views

How secure is SSH ForceCommand on a jump host?

I have the following setup in my network: Internet <--> Bastion <--> Local Network I have several users and each user is assigned to a specific machine. Or in other words: Each user must ...
Dr.Elch's user avatar
  • 191
8 votes
3 answers
25k views

"500 OOPS: vsftpd: refusing to run with writable root inside chroot()" - login failed on Debian

I installed vsFTPd for running an FTP server on Debian 7.3 (Wheezy). I checked the vsFTPd version was 2.3.5, and I configured it like so: listen=YES local_enable=YES write_enable=YES ...
shgnInc's user avatar
  • 1,914
8 votes
1 answer
9k views

Trying to set up SFTP only in a chroot jail for one user

Hopefully you guys can help and see if I've done something weird here, I'm trying to log in with a user I set up, FileZilla shows me: Command: open "///@///" Command: Pass: ******** Status: ...
pzkpfw's user avatar
  • 320
7 votes
2 answers
7k views

SFTP suddenly failing for chroot accounts on Amazon Linux

Frustratingly, SFTP users suddenly stopped being able to connect to my Amazon Linux server. The /var/log/secure shows the following error: sshd[7291]: fatal: safely_chroot: stat("/chroot/uhleeka"):...
uhleeka's user avatar
  • 173
7 votes
1 answer
22k views

SFTP: log to a separate file for chrooted user

I would like to log SFTP commands to a separate file however it works only for root but not for chrooted user: # cat /etc/ssh/sshd_config ... Subsystem sftp internal-sftp -l INFO Match Group ...
HTF's user avatar
  • 3,208
7 votes
1 answer
10k views

SFTP user can't edit or create files

Server: Ubuntu 12.04 LTS I am using openSSH and have created an SFTP user called bob who belongs to group sftponly. I have chrooted bob to his home directory which is /usr/share/nginx/www/bob/. bob ...
George Reith's user avatar
7 votes
2 answers
13k views

How do I unmount a bound /proc in a "dead" chroot?

I built a debootstrap chroot and bound /proc to it, i.e. sudo mount -o bind /proc <chroot>/proc When I found I no longer needed it, I quite stupidly rm -r <chroot>'d it. Of course, rm ...
Brian's user avatar
  • 333
6 votes
5 answers
14k views

vsftpd: refusing to run with writable root inside chroot

I want to setup a anonymous only ftp server (able to upload files). Here is my config file: listen=YES anonymous_enable=YES anon_root=/var/www/ftp local_enable=YES write_enable=YESr. ...
WoooHaaaa's user avatar
  • 1,735
6 votes
1 answer
1k views

Why did the postfix default change to non-chroot processes?

With compatibility_level=2 in recent postfix versions, the default for the postfix daemons changed from chroot to non-chroot. While the page describes that it changed and what you can do to continue ...
allo's user avatar
  • 1,733
6 votes
1 answer
10k views

sftp server chroot initial directory

I have configured an sftp server with chroot and it works fine, the only thing that is bothering me is the initial landing directory, since the sftp user does not have write permissions in the landing ...
Carles Estevadeordal's user avatar
6 votes
2 answers
3k views

SFTP post upload hook

How would I run a script after a file has been successfully uploaded over (a chrooted) SFTP? I have this working on standard FTP connection using PureFTP http://linux.die.net/man/8/pure-...
Petah's user avatar
  • 650
5 votes
3 answers
18k views

yum/rpm Failed to initialize NSS library in chroot

I am performing a yum update from CentOS 7.4 to CentOS 7.5, when nspr and nss soft-softoken receive the updates, I am left with the following error: yum update nspr error: Failed to initialize NSS ...
Arlion's user avatar
  • 628
5 votes
1 answer
10k views

VSFTPD - Change User Home Directory

I need to update a ftp user's home directory. Could I run the userdel command then re-add the user without losing the directory the user was attached to? Or is there another way to change the user's ...
Spencer's user avatar
  • 213
5 votes
2 answers
21k views

chrooting user causes "connection closed" message when using sftp

First off I am a linux newbie so please don't assume much knowledge. I am using CentOS 5.8 (final) and using OpenSSH version 5.8p1. I have made a user playwithbits and I am attempting to chroot them ...
George Reith's user avatar
5 votes
2 answers
5k views

setlocale error with chroot

I have created a chroot jail and when I log in I get a bash warning bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) I tried to google the error, but wasn't able to find a ...
samwell's user avatar
  • 339
5 votes
2 answers
5k views

How to map authenticated Nginx users to their own directory?

I am writing a social networking site in C and serving it all up with Nginx. How can I make it so that authenticated users go to their own directory -ONLY- where a user-specific index.html resides. ...
DisgruntledUser's user avatar
5 votes
1 answer
15k views

Configuring Chroot for SFTP Users

I am trying to configure a SFTP server for some automated backups. I configured an Ubuntu 14.04 server and have had partial success. The idea I'm looking to do is this: A user will be created for ...
imlepid's user avatar
  • 175
5 votes
3 answers
3k views

postfix/smtp: fatal: unknown service: smtp/tcp – but /var/spool/postfix/etc/services exists

I am running a Debian GNU/Linux 8.7 box with Postfix 2.11.3-1 as MTA. All of a sudden, that is, with no change to the MTA setup, mails stopped being delivered, and the following error started showing ...
Odin Kroeger's user avatar
5 votes
4 answers
2k views

Is there a chroot build script somewhere?

I am about to develop a little script to gather information for a chroot-jail. In my case this looks (at the first glance) pretty simple: The application has a clean rpm-install and did install ...
Nils's user avatar
  • 7,757
5 votes
1 answer
2k views

PHP unable to mail() in chroot though I can use sendmail inside chroot

I'm building a php-fpm chroot, and am on one of my last steps before calling this a success. The php-fpm chroot is working like a charm. Also, I have mini_sendmail installed into the chroot (in place ...
David W's user avatar
  • 3,469
5 votes
2 answers
3k views

What is the secure way to isolate ftp server users on unix?

I've read documentation for various ftp daemons and various long threads about the security implications of using a chroot environment for an ftp server when giving users write access. If you read the ...
djs's user avatar
  • 200
4 votes
2 answers
12k views

Access files outside a chroot'ed environment?

I need to setup some users to access our server. I thought the most secure way to allow them access was to setup a chroot'ed jail for them to log into. But I need them to access a few select ...
Jake Wilson's user avatar
  • 8,964
4 votes
7 answers
2k views

Does using chroot for a publicly-exposed service provide any real security benefit?

I would like a definitive answer as to why this practice should be pursued with services that are exposed to potentially hostile network(s) (i.e. the Internet). As I understand it, there is a method ...
Avery Payne's user avatar
  • 14.7k
4 votes
5 answers
24k views

User can't SFTP after chroot

Ubuntu 10.04.4 LTS I'm trying to chroot the user 'sam'. According to all the articles out there this should work, but apparently I'm still doing something wrong. The user: sam:x:1005:1006::/home/...
Dauntless's user avatar
  • 189
4 votes
3 answers
20k views

ubuntu bind9 AppArmor read permission denied (chroot jail)

I am trying to run bind9 with chroot jail. I followed the steps mentioned at : http://www.howtoforge.com/debian_bind9_master_slave_system I am getting the following errors in my syslog: Jul 27 16:53:...
Richard Whitman's user avatar
4 votes
4 answers
9k views

Prevent rssh users from leaving their jail directories

I'm attempting to use rssh to jail users strictly to their /home/user/public_html dirctories. I got it to work where an account can SFTP into the system successfully on a test server, but once I login ...
Skittles's user avatar
  • 421

1
2 3 4 5
9