chroot jail FreeBSD "su: who are you?"

General questions about the FreeBSD operating system. Ask here if your question does not fit elsewhere.

chroot jail FreeBSD "su: who are you?"

Postby Dr_Death_UAE » 27 May 2009, 16:43

Hello, i create chroot jail every thing fine but when i try to login with the jailed user with su i got:
su: who are you?


from the logs:

May 27 15:33:28 h4x0r sudo: r0x : TTY=ttyp0 ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/chroot /home/jail /usr/bin/su - r0x


from visudo:
r0x ALL=NOPASSWD: /usr/sbin/chroot, /usr/bin/su - r0x


from "/home/jail/etc/passwd":
r0x:*:1003:1003:User &:/home/r0x:/usr/local/bin/bash


from "/etc/passwd":
r0x:*:1003:1003:User &:/home/jail/home/r0x:/bin/chroot-shell


the "chroot-shell" include:
#!/usr/bin/env sh
/usr/local/bin/sudo /usr/sbin/chroot /home/jail /usr/bin/su - $USER "$@"


i use the same methods with linux systems it work fine, i use pwd_mkdb to update the master.passwd on the jail:
pwd_mkdb -d /home/jail/etc/ /home/jail/etc/master.passwd

but still the same. i read that i need to use rssh as the shell instead of bash shell.
Dr_Death_UAE
Junior Member
 
Posts: 19
Joined: 28 Jan 2009, 15:59

Postby vivek » 27 May 2009, 17:57

You can login to jail using jexec if openssh not installed in a jail:
Code: Select all
jls -v
jexec jailid csh


If openssh installed and normal user account created make sure that account is a part of wheel group. Again login using jexec and create user account using pw. Once done start openssh so that user can login into the account and use su -
Neither in this world nor elsewhere is there any happiness in store for him who always doubts. If you enjoyed my answer please consider donating some money to FreeBSD foundation @ http://www.freebsdfoundation.org/
User avatar
vivek
Member
 
Posts: 809
Joined: 17 Nov 2008, 08:19
Location: Hyper Space

Postby SirDice » 27 May 2009, 18:02

chroot != jail

So which one is it? A chrooted or a jailed environment?

Please see [man=8]jail[/man] and [man=8]chroot[/man] for the differences.
Senior UNIX Engineer at Unix Support Nederland
Experience is something you don't get until just after you need it.
User avatar
SirDice
Old Fart
 
Posts: 16185
Joined: 17 Nov 2008, 16:50
Location: Rotterdam, Netherlands

Postby vivek » 27 May 2009, 18:04

OP: yes this is confusing as pointed out by SirDice. Please clarify... on freebsd there is no need to use chroot call. chroot(2) can be escaped easily; use jails.
Neither in this world nor elsewhere is there any happiness in store for him who always doubts. If you enjoyed my answer please consider donating some money to FreeBSD foundation @ http://www.freebsdfoundation.org/
User avatar
vivek
Member
 
Posts: 809
Joined: 17 Nov 2008, 08:19
Location: Hyper Space

Postby Dr_Death_UAE » 27 May 2009, 18:26

Hello, it is chroot.
Dr_Death_UAE
Junior Member
 
Posts: 19
Joined: 28 Jan 2009, 15:59


Return to General

Who is online

Users browsing this forum: No registered users and 1 guest