Questions tagged [chroot]

A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children.

410 questions
77
votes
4 answers

bad ownership or modes for chroot directory component

I created the user MY_USER. Set his home dir to /var/www/RESTRICTED_DIR, which is the path he should be restricted to. Then I edited sshd_config and set: Match user MY_USER ChrootDirectory /var/www/RESTRICTED_DIR Then I restarted ssh. Made…
MultiformeIngegno
  • 1,627
  • 9
  • 24
  • 31
28
votes
1 answer

SFTP: file symlinks in a jailed (chrooted) directory

I'm trying to set up sftp so that a few trusted people can access/edit/create some files. I have jailed a user into their home directory (/home/name) but have run into a problem. I want for them to also be able to access other parts of the VPS…
dukevin
  • 1,610
  • 3
  • 18
  • 25
28
votes
6 answers

Is there a windows equivalent to chroot?

On a *nix system I can use a chroot to isolate two processes from each other and from the rest of the system. Is there any similar security system under windows? Or is there any way to prevent two processes from reading/writing to each others…
Rook
  • 2,615
  • 5
  • 26
  • 34
23
votes
6 answers

Ubuntu - can non-root user run process in chroot jail?

Is it possible for a non-root user to run a chroot process on Ubuntu?
Hawkeye
  • 2,669
  • 9
  • 30
  • 34
20
votes
5 answers

How can I chroot ssh connections?

I would like to setup a chroot jail for most (not all) users logging in though SSH. I've heard it's possible with the latest versions of openssh, but I've not been able to find out how to do it. The How To's all talk of patching an old version, and…
Malfist
  • 797
  • 3
  • 9
  • 21
19
votes
5 answers

OpenSSH anything like 'internal-sftp' but for SCP?

I'm running Debian stable and I'm looking to establish the following environment for users in my 'sftponly' group: jailed can transfer with SFTP can transfer with SCP cannot login interactively with SSH From my experimentation and research, it…
brianjcohen
  • 291
  • 1
  • 2
  • 3
16
votes
4 answers

chroot fails - cannot run command `/bin/bash': No such file or directory

I'm a chroot novice trying to make a simple chroot jail but am banging my head against the same problem time and time again... Any help would be massively appreciated I've created a directory /usr/chroot that I want to use as a jail and created…
Mike Atkinson
  • 191
  • 1
  • 1
  • 6
15
votes
4 answers

Difference between chroot and jail

I read this tutorial - https://help.ubuntu.com/community/BasicChroot - and what I understood is that, chroot is the process of changing the / while the new restricted environment created is the "jail". But some people say I am wrong and chroot and…
user1437328
  • 251
  • 1
  • 2
  • 5
14
votes
2 answers

vsftp: why is allow_writeable_chroot=YES a bad idea?

There are several thousand blog posts about vsftp and allow_writeable_chroot=YES The common error message: Fixing 500 OOPS: vsftpd: refusing to run with writable root inside chroot () I solved the problem on my server. But one question…
guettli
  • 3,113
  • 14
  • 59
  • 110
14
votes
2 answers

Why chroot is considered insecure?

I've been playing around with CentOS box for couple of years now. So I'm pretty comfy with terminal. However, I read a lot of blog-post claiming that chroot is insecure and amount of those posts frightens. Is it really so? Why? I use chroot to…
Aleksandr Makov
  • 290
  • 2
  • 10
14
votes
2 answers

SFTP fatal bad ownership or modes for chroot directory ubuntu 12.04

I just set up my SFTP server and it works fine when I use it from my first user account. I wanted to add a user which we will call 'magnarp'. At first I did like this in sshd_config: Subsystem sftp internal-sftp Match group sftponly …
Jonathan
  • 143
  • 1
  • 1
  • 4
13
votes
2 answers

Up-to-date alternatives of rssh or scponly

I need: An scp and sftp server With chroot-ed environment With non-login (ssh not allowed for scp/sftp users) Options and related issues I found: scponly No updates since more than 6 years Does one really need to recompile the whole thing to make…
Julen Larrucea
  • 328
  • 1
  • 2
  • 11
13
votes
1 answer

Why use lxc instead of chroot?

One ubuntu server hosts 3 apps all on separate domains. Each app has its own developers. App developers belong to linux "sftp" group. chroot allows password sftp access for each app developer. /home/app1/prod /home/app2/prod /home/app3/prod In…
csi
  • 1,535
  • 7
  • 22
  • 42
13
votes
1 answer

PHP-FPM's chroot and chdir directory

I am setting up php-fpm with chrooting enabled. Now I see that there are two options, and I want to know what the exact difference is. The setup has: chroot = /var/www/domains/domain.tld/ ; Chdir to this directory at the start. This value must be an…
Saif Bechan
  • 10,892
  • 10
  • 40
  • 63
13
votes
6 answers

Trying to setup chroot'd rsync

I'm trying to set up a backup server. I want to chroot each user (client) to its home directory, and only allow it to use sftp and rsync. I quickly discovered that I was not the only one trying to do something like this, and I found this guide and…
Mark R.
  • 131
  • 1
  • 1
  • 3
1
2 3
27 28