Questions tagged [chroot]
A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children.
416
questions
86
votes
5
answers
261k
views
bad ownership or modes for chroot directory component
I created the user MY_USER. Set his home dir to /var/www/RESTRICTED_DIR, which is the path he should be restricted to.
Then I edited sshd_config and set:
Match user MY_USER
ChrootDirectory /var/www/...
30
votes
6
answers
35k
views
Is there a windows equivalent to chroot?
On a *nix system I can use a chroot to isolate two processes from each other and from the rest of the system. Is there any similar security system under windows? Or is there any way to prevent two ...
29
votes
1
answer
41k
views
SFTP: file symlinks in a jailed (chrooted) directory
I'm trying to set up sftp so that a few trusted people can access/edit/create some files. I have jailed a user into their home directory (/home/name) but have run into a problem. I want for them to ...
24
votes
6
answers
32k
views
Ubuntu - can non-root user run process in chroot jail?
Is it possible for a non-root user to run a chroot process on Ubuntu?
22
votes
6
answers
23k
views
OpenSSH anything like 'internal-sftp' but for SCP?
I'm running Debian stable and I'm looking to establish the following environment for users in my 'sftponly' group:
jailed
can transfer with SFTP
can transfer with SCP
cannot login interactively with ...
21
votes
5
answers
23k
views
How can I chroot ssh connections?
I would like to setup a chroot jail for most (not all) users logging in though SSH. I've heard it's possible with the latest versions of openssh, but I've not been able to find out how to do it. The ...
16
votes
4
answers
89k
views
chroot fails - cannot run command `/bin/bash': No such file or directory
I'm a chroot novice trying to make a simple chroot jail but am banging my head against the same problem time and time again... Any help would be massively appreciated
I've created a directory /usr/...
16
votes
2
answers
30k
views
vsftp: why is allow_writeable_chroot=YES a bad idea?
There are several thousand blog posts about vsftp and allow_writeable_chroot=YES
The common error message:
Fixing 500 OOPS: vsftpd: refusing to run with writable root inside chroot ()
I solved ...
15
votes
6
answers
18k
views
Trying to setup chroot'd rsync
I'm trying to set up a backup server.
I want to chroot each user (client) to its home directory, and only allow it to use sftp and rsync.
I quickly discovered that I was not the only one trying to do ...
15
votes
4
answers
13k
views
Difference between chroot and jail
I read this tutorial - https://help.ubuntu.com/community/BasicChroot - and what I understood is that, chroot is the process of changing the / while the new restricted environment created is the "jail"....
15
votes
3
answers
8k
views
Why chroot is considered insecure?
I've been playing around with CentOS box for couple of years now. So I'm pretty comfy with terminal. However, I read a lot of blog-post claiming that chroot is insecure and amount of those posts ...
15
votes
2
answers
12k
views
Up-to-date alternatives of rssh or scponly [closed]
I need:
An scp and sftp server
With chroot-ed environment
With non-login (ssh not allowed for scp/sftp users)
Options and related issues I found:
scponly
No updates since more than 6 years
Does ...
14
votes
2
answers
59k
views
SFTP fatal bad ownership or modes for chroot directory ubuntu 12.04
I just set up my SFTP server and it works fine when I use it from my first user account.
I wanted to add a user which we will call 'magnarp'.
At first I did like this in sshd_config:
Subsystem sftp ...
14
votes
4
answers
20k
views
Why is "chroot" never used on Mac OS X?
I've been using Macs for 25 years, and "UNIX" since OS X 10.0.. but I've never really thought much about chroot, nor have I ever really needed or wanted to...
It's a simple question, but... under ...
14
votes
1
answer
26k
views
PHP-FPM's chroot and chdir directory
I am setting up php-fpm with chrooting enabled. Now I see that there are two options, and I want to know what the exact difference is.
The setup has:
chroot = /var/www/domains/domain.tld/
; Chdir to ...
13
votes
4
answers
39k
views
Unmounting root filesystem without rebooting the server
I have a server that I can access through SSH. There is no KVM available and there's only one root partition for the whole server.
I have deleted some files that I shouldn't have and want to recover ...
13
votes
1
answer
16k
views
Why use lxc instead of chroot?
One ubuntu server hosts 3 apps all on separate domains.
Each app has its own developers.
App developers belong to linux "sftp" group.
chroot allows password sftp access for each app developer.
/home/...
12
votes
4
answers
12k
views
Why running named(bind) in chroot is so important for security? Or maybe it is not?
I'm playing with bind and started wondering why this software is, for example, in CentOS running in chroot. Don't misunderstand me, I know what bind is and what chroot (jail) is for. But my main ...
12
votes
3
answers
28k
views
Chroot SFTP - Possible to allow user to write to current (chroot) directory
I currently have a WORKING SFTP login, using a private key for login and the user is chroot'ed into their home directory.
Goal: Keep the user chroot but allow WRITE access to the relative chroot ...
10
votes
3
answers
3k
views
RedHat: is it possible to install packages in a kind of mock environment to build RPMs
Is there a tool that allows to install the dependecies of an RPM .spec into an isolated environment? I won't install such dependencies globally on the system and I am not able to do so since I have ...
10
votes
1
answer
7k
views
How to disallow the Docker Daemon to mount host's root file system into the container
I have the following Container Setup.
On a bare metal server two Docker Daemons are installed and running.
Main Docker Daemon Runs my application containers exposing 80/443 to the outside world.
...
9
votes
4
answers
2k
views
When is it appropriate / prudent to use chroot?
I hear about needing to chroot BIND all the time. Fair enough. But what about other programs? What are the "rules" (either personal or widely accepted/established) for deciding which programs ...
9
votes
4
answers
9k
views
Webserver: chrooted PHP gives mysql.sock error when attempting to reach mysql
I have configured an Ubuntu webserver with Nginx + PHP5-FPM. I have created a chrooted environment (using jailkit) that I'm tossing my developers into, from where they can develop their test ...
9
votes
1
answer
2k
views
Why is chroot system call not available to non root user?
I was reading description about setuid on wikipedia
http://en.wikipedia.org/wiki/Setuid
I was unable to understand how chroot is related to setuid as mention in following paragraph from wikipedia
...
9
votes
5
answers
13k
views
How secure is SSH ForceCommand on a jump host?
I have the following setup in my network:
Internet <--> Bastion <--> Local Network
I have several users and each user is assigned to a specific machine. Or in other words: Each user must ...
8
votes
3
answers
25k
views
"500 OOPS: vsftpd: refusing to run with writable root inside chroot()" - login failed on Debian
I installed vsFTPd for running an FTP server on Debian 7.3 (Wheezy). I checked the vsFTPd version was 2.3.5, and I configured it like so:
listen=YES
local_enable=YES
write_enable=YES
...
8
votes
1
answer
9k
views
Trying to set up SFTP only in a chroot jail for one user
Hopefully you guys can help and see if I've done something weird here, I'm trying to log in with a user I set up, FileZilla shows me:
Command: open "///@///" Command: Pass: ********
Status: ...
7
votes
2
answers
7k
views
SFTP suddenly failing for chroot accounts on Amazon Linux
Frustratingly, SFTP users suddenly stopped being able to connect to my Amazon Linux server.
The /var/log/secure shows the following error:
sshd[7291]: fatal: safely_chroot: stat("/chroot/uhleeka"):...
7
votes
1
answer
22k
views
SFTP: log to a separate file for chrooted user
I would like to log SFTP commands to a separate file however it works only for root but not for chrooted user:
# cat /etc/ssh/sshd_config
...
Subsystem sftp internal-sftp -l INFO
Match Group ...
7
votes
1
answer
10k
views
SFTP user can't edit or create files
Server: Ubuntu 12.04 LTS
I am using openSSH and have created an SFTP user called bob who belongs to group sftponly. I have chrooted bob to his home directory which is /usr/share/nginx/www/bob/.
bob ...
7
votes
2
answers
13k
views
How do I unmount a bound /proc in a "dead" chroot?
I built a debootstrap chroot and bound /proc to it, i.e. sudo mount -o bind /proc <chroot>/proc
When I found I no longer needed it, I quite stupidly rm -r <chroot>'d it. Of course, rm ...
6
votes
5
answers
14k
views
vsftpd: refusing to run with writable root inside chroot
I want to setup a anonymous only ftp server (able to upload files). Here is my config file:
listen=YES
anonymous_enable=YES
anon_root=/var/www/ftp
local_enable=YES
write_enable=YESr.
...
6
votes
1
answer
1k
views
Why did the postfix default change to non-chroot processes?
With compatibility_level=2 in recent postfix versions, the default for the postfix daemons changed from chroot to non-chroot. While the page describes that it changed and what you can do to continue ...
6
votes
1
answer
10k
views
sftp server chroot initial directory
I have configured an sftp server with chroot and it works fine, the only thing that is bothering me is the initial landing directory, since the sftp user does not have write permissions in the landing ...
6
votes
2
answers
3k
views
SFTP post upload hook
How would I run a script after a file has been successfully uploaded over (a chrooted) SFTP?
I have this working on standard FTP connection using PureFTP
http://linux.die.net/man/8/pure-...
5
votes
3
answers
18k
views
yum/rpm Failed to initialize NSS library in chroot
I am performing a yum update from CentOS 7.4 to CentOS 7.5, when nspr and nss soft-softoken receive the updates, I am left with the following error:
yum update nspr
error: Failed to initialize NSS ...
5
votes
1
answer
10k
views
VSFTPD - Change User Home Directory
I need to update a ftp user's home directory. Could I run the userdel command then re-add the user without losing the directory the user was attached to? Or is there another way to change the user's ...
5
votes
2
answers
21k
views
chrooting user causes "connection closed" message when using sftp
First off I am a linux newbie so please don't assume much knowledge. I am using CentOS 5.8 (final) and using OpenSSH version 5.8p1.
I have made a user playwithbits and I am attempting to chroot them ...
5
votes
2
answers
5k
views
setlocale error with chroot
I have created a chroot jail and when I log in I get a bash warning bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
I tried to google the error, but wasn't able to find a ...
5
votes
2
answers
5k
views
How to map authenticated Nginx users to their own directory?
I am writing a social networking site in C and serving it all up with Nginx. How can I make it so that authenticated users go to their own directory -ONLY- where a user-specific index.html resides. ...
5
votes
1
answer
15k
views
Configuring Chroot for SFTP Users
I am trying to configure a SFTP server for some automated backups. I configured an Ubuntu 14.04 server and have had partial success. The idea I'm looking to do is this:
A user will be created for ...
5
votes
3
answers
3k
views
postfix/smtp: fatal: unknown service: smtp/tcp – but /var/spool/postfix/etc/services exists
I am running a Debian GNU/Linux 8.7 box with Postfix 2.11.3-1 as MTA. All of a sudden, that is, with no change to the MTA setup, mails stopped being delivered, and the following error started showing ...
5
votes
4
answers
2k
views
Is there a chroot build script somewhere?
I am about to develop a little script to gather information for a chroot-jail.
In my case this looks (at the first glance) pretty simple:
The application has a clean rpm-install and did install ...
5
votes
1
answer
2k
views
PHP unable to mail() in chroot though I can use sendmail inside chroot
I'm building a php-fpm chroot, and am on one of my last steps before calling this a success.
The php-fpm chroot is working like a charm. Also, I have mini_sendmail installed into the chroot (in place ...
5
votes
2
answers
3k
views
What is the secure way to isolate ftp server users on unix?
I've read documentation for various ftp daemons and various long threads about the security implications of using a chroot environment for an ftp server when giving users write access. If you read the ...
4
votes
2
answers
12k
views
Access files outside a chroot'ed environment?
I need to setup some users to access our server. I thought the most secure way to allow them access was to setup a chroot'ed jail for them to log into.
But I need them to access a few select ...
4
votes
7
answers
2k
views
Does using chroot for a publicly-exposed service provide any real security benefit?
I would like a definitive answer as to why this practice should be pursued with services that are exposed to potentially hostile network(s) (i.e. the Internet). As I understand it, there is a method ...
4
votes
5
answers
24k
views
User can't SFTP after chroot
Ubuntu 10.04.4 LTS
I'm trying to chroot the user 'sam'. According to all the articles out there this should work, but apparently I'm still doing something wrong.
The user:
sam:x:1005:1006::/home/...
4
votes
3
answers
20k
views
ubuntu bind9 AppArmor read permission denied (chroot jail)
I am trying to run bind9 with chroot jail. I followed the steps mentioned at : http://www.howtoforge.com/debian_bind9_master_slave_system
I am getting the following errors in my syslog:
Jul 27 16:53:...
4
votes
4
answers
9k
views
Prevent rssh users from leaving their jail directories
I'm attempting to use rssh to jail users strictly to their /home/user/public_html dirctories.
I got it to work where an account can SFTP into the system successfully on a test server, but once I login ...