1
1
On a 64 bit CentOS host I am using script make_chroot_jail.sh
to put a user in a jail, not permitting it to see anything expect it's home at /home/jail/home/user1
.
I did it typing this:
sudo ./make_chroot_jail.sh user1
after, when trying to connect to user1 first i was getting an error like:
/bin/su: user guest does not exist
i have fixed this by copying some missed libraries:
sudo cp /lib64/libnss_compat.so.2 /lib64/libnss_files.so.2 /lib64/libnss_dns.so.2 /lib64/libxcrypt.so.2 /home/jail/lib64/
sudo cp -r /lib64/security/ /home/jail/lib64/
But now, when trying to connect to user1 typing su user1
and then typing it's password, i am getting this error:
could not open session
So the question is how to connect to user1 in this situation?
P.S. Here are the permissions of some files, this might be helpful in order to provide a solution:
-rwsr-xr-x 1 root root /home/jail/bin/su
drwxr-xr-x 4 root root /home/jail/etc
-rw-r--r-- 1 root root /home/jail/etc/pam.d/su
-rw-r--r-- 1 root root /home/jail/etc/passwd
-rw------- 1 root root /home/jail/etc/shadow
UPDATE1
After some modifications i managed to connect to user1, but the session closes immediately! I guess this a PAM issue, however cant find a way to fix it.
Here the log entry for close action from /val/log/secure
:
Oct 6 15:19:42 localhost su: pam_unix(su:session): session closed for user user1
What makes the session to exit immediately after launching?
You might need to copy some system users and groups into the jail or change some configuration. On my system,
/etc/shadow
is 640 groupshadow
. Check the system logs for any relevant message and post them here. Also post the content of/home/jail/etc/pam.d/su
. The output ofstrace -s9999 su user1
could also help. – Gilles 'SO- stop being evil' – 2010-10-06T21:33:21.077@Gilles
After some modifications i managed to connect to user1, but now the session closes immediately. So now the question is: what makes the session to exit immediately after launching (please see the UPDATE1 of the question)? Looking to file/val/log/secure
, i assume this is some PAM issue, however i dont know how to fix it. Can you help me on this? – arepo21 – 2010-10-06T22:31:17.450