chroot

Detecting a chroot jail from within

How can one detect being in a chroot jail without root privileges? Assume a standard BSD or Linux system. The best I came up with was to look at the inode value for "/" and to consider whether it is reasonably low, but I would like a more accurate method for detection. [edit 20080916 142430 EST] Simply looking around the filesystem is...

chroot + execvp + bash

Update Got it! See my solution (fifth comment) Here is my problen: I have created a small binary called "jail" and in /etc/password I have made it the default shell for a test user. Here is the -- simplified -- source code: #define HOME "/home/user" #define SHELL "/bin/bash" ... if(chdir(HOME) || chroot(HOME)) return -1; ... char *s...

What method(s) do you use to test a debian/ubuntu package?

I'm talking about testing a package that you're building, especially one that spawns a daemon and/or fiddles with init.d. Do you log into some sort of chroot? Do you create a virtualized distribution and tear it down? How do you test your runtime dependencies and test suite without fouling up your dev machine for the next time you run y...

Python and os.chroot

I'm writing a web-server in Python as a hobby project. The code is targeted at *NIX machines. I'm new to developing on Linux and even newer to Python itself. I am worried about people breaking out of the folder that I'm using to serve up the web-site. The most obvious way to do this is to filter requests for documents like /../../etc/pa...

chrooted Apache+MsSQL on openBSD; Could not determine the server's fully qualified domain name

php generates GIFs on the web server using a databases on a second server. The the page shows 20 GIFs, so there is some load for a short time (multiple connections) Some GIFs are loaded but some are not, in /var/www/logs/error_log [Mon Feb 23 10:05:56 2009] [error] PHP Warning: mysql_connect() [function.mysql-connect]: Lost connect...

How to jail linux user

Is there something similar to chroot, but for users? We are about to grant access to our servers for a client and would like them to see only the directories we allow. ...

Access Control Lists in Debian Lenny

So, for my clients to who have sites hosted on my server, I create user accounts, with standard home folders inside /home. I setup an SSH jail for all the collective users, because I really am against using a separate FTP server. Then, I installed ACL and added acl to my /etc/fstab — all good. I cd into /home and chmod 700 ./*. At th...

Best Ubuntu setup for 32-bit *AND* 64-bit Qt app development?

I'm developing a qt-based application and i would like to develop both 32 and 64bit version of the application on the same machine, sharing the same sources, scripts, etc.. The machine is an Ubuntu Jaunty 64bit, Intel Core i7, 8gb ram. I'm aware that by running VMWare or VirtualBox could get things working, however it doesn't seem to be...

fork/chroot equivalent for Windows server application

I have written a small custom web server application in C running on Linux. When the application receives a request it calls fork() and handles the request in a separate process, which is chrooted into a specific directory containing the files I want to make available. I want to port the application to Windows, but neither fork() nor ch...

FreeBSD alternatives on GNU/Linux (without modifying linux kernel)

Dear friends, I am very much interested in freeBSD jail functionality and security, but still a novice to configure linux kernel with Linux V-server, openVZ. I know chroot is just good in functionality but security wise has loops. So can you guys suggest something more secure than chroot and not hard to configure. ...

How to restrict a user to access only specific folders

Hi, I have an Ubuntu server installed and I need to give access to my client's sites hosted on my server. There are currently 2 sites, which means 2 folders. I was able to create a user with the command: adduser user However, I cannot find a way how to restrict this user to view only specific folders. If you tell me at least how to ...

How to (legitimately) access files after putting self into chrooted sandbox?

Changing a Linux C++ program which gives the user limited file access. Thus the program chroots itself to a sandbox with the files the user can get at. All worked well. Now, however, the program needs to access some files for its own needs (not the user's) but they are outside the sandbox. I know chroot allows access to files opened ...

How to chroot Django

Can one run Django in a chroot? Notably, what's necessary in order to set up (for example) /var/www as a chroot'd directory and then have Django run in that chroot'd directory? Thank you - I'm grateful for any input. ...

executing service (openoffice headless) in chroot is slow

I created an ubuntu chroot environment (using debootstrap) and started openoffice as a service to convert files using unoconv. It works but it spends about 20s to do conversions which are below 1s outside chroot jail. Stracing it I can see that this extra time is spent in some socket operations whose timeout expires, the same operations ...

On Linux do people chroot a Java Web Application or use IPTables and run as non-root?

When you run a Java Servlet Container that you would like to serve both static and dynamic content on port 80 you have the classic question of whether to run the server as: As root in hopefully a chroot jail if you can (haven't gotten this working yet) As a non root user and then use IPTables to forward port 80 to some other port (>102...

schroot: pass a command to be executed as if it’s in a shell

i want to do something like: schroot -c name -u root "export A=3 && export B=4" but i get the error: Failed to execute “export”: No such file or directory In other words, I want to be able to programmatically execute shell commands inside the schroot environment. What is the right way to get this behavior? ...

Call external script within chroot environment

I use a chroot development environment for developing software for devices. The chroot dev environment isolates the rest of my system from my build-system hacking. The chroot environment is text-based, but I prefer to use a graphical text editor. Right now, I keep one terminal chrooted into the dev environment to build packages and one t...

User-dependent file content

Hi. For some unfortunate reasons, I have to convert a proprietary and binary library from a one-user per workstation to a multi-user per workstation setup. Current setup. A user uses a program linked against a library. This library reads a system wide configuration file (using an hard-coded path, ie /usr/local/thelib/main.conf ) which ...

Bash: Chroot command passing 2 string parameters or better run a series of commands

I would like to do something like this: chroot /mount-point /path/to/script $var1 $var 2 Will this work? Will the chrooted Perl script be passed on these 2 parameters? If not, how to do this? Otherwise, is there any way to simply do chroot in the script, and then start doing commands such as perl script.pl $var1 $var2 etc? As I u...

Sandboxing applications on CentOS 5 as non-root

Classic problem: I'd like to be able to run unsafe applications in a sandboxed environment on my CentOS Server 5.5 server, as a non-root user. chroot would be ideal for this, but it's not able to be started by a non-root user. And a lot of the sandboxing solutions I've found online are for Debian-based distros. Any suggestions? ...