Super User
Super User

Questions tagged [chroot-jail]

A chroot jail is the common expression used to describe a section of a file system that is sectioned off for a particular user.

On Unix-like operating systems, such as Linux, it has become a very common security measure to a user to only a very limited section of the file system.

42 questions
11
votes
1 answer

How to "jail" Java applications in OS X?

Is it possible to "jail" Java applications? My bank has an applet that requests "unrestricted access" to my computer. That makes me feels very uneasy. There should be a way to tell the java runtime that my system's root directory is something like…
Alex
  • 215
9
votes
3 answers

FreeBSD Jails in Mac OS X

I was wondering if FreeBSD Jails are available on Mac OS X or perhaps an equivalent?
vhakti
9
votes
4 answers

Is it safer to use a chroot jails, a jail shell or a combination?

A friend of mine has a xandros-based Acer netbook, and has been looking to get some remote administration and help from me while she is travelling around the world. I've set up an account on her netbook for me to ssh into, and set up a script to…
Andy
  • 654
6
votes
2 answers

Jail user to home directory while still allowing permission to create and delete files/folders

I'm trying to give a client SFTP access to the root directory of their site on my server (Ubuntu 10.10) so they can manager their website themselves. While I have been successful in jailing a user to a directory and giving them SFTP access; they are…
limitlessloop
  • 161
3
votes
2 answers

chroot for unsecure programs execution

I have never set-up a chroot-jailed environment before and I am afraid I need some help to do it well. To explain shortly what this is all about: I have a webserver to which users send python scripts to process various files that are stored on the…
attwad
  • 131
3
votes
1 answer

Freebsd 10.2 - multiple interfaces in the jail

My old freebsd 8.0 has the following configuration (in the /etc/rc.conf) for the xx jail: jail_xx_hostname="xx.example.com" jail_xx_rootdir="/jails/xx" #networking setup jail_xx_ip="sis0|1.2.3.4,re0|10.10.10.4" jail_xx_ip_multi0="tun0|10.5.0.1…
kobame
  • 435
  • 2
  • 5
  • 12
2
votes
0 answers

1 chroot sftp user that is able to traverse all other chroot sftp users files/folders

I have a chroot environment that I have setup on CentOS 6. We have users for all of our trading partners and I would like to create an internal user for another department that can sftp in and only see all the folders/sub-folders/files of all the…
camarokris
  • 21
2
votes
1 answer

copied chroot jail directory cant be chrooted

I am developing a package so when users login through ssh they are forwarded to a chroot jail. The jail directory is created via makejail program on building process. But when the jail package copy on system it fails to chroot to that directory.…
amin
  • 125
2
votes
1 answer

Use playerctl in systemd-nspawn container

When I launch a web browser in a systemd-nspawn container, playerctl commands don't work to play and pause multimedia, though they work for browsers outside of the container. Is there an environment variable or directory binding that I might be…
grandinero
  • 121
2
votes
1 answer

What is meant by "don't run processes as root in a chroot environmentl"

I read several articles that say one should avoid running processes as root in a chroot environment since it allows the process to escape. But how should I do that? Chroot can only be evoked by root, so it is impossible to run a processes in a…
M0M0
  • 131
2
votes
0 answers

Jailkit on a Mac: "ERROR: is not owned by root:root!" / "ERROR: jail directory is not safe"

I'm trying to create a jailed user for limited SSH access on my Mac. I have been, for the most part, following the directions in this Ubuntu StackExchange answer. However, I'm getting stuck: # First, added `root` group via System Preferences >…
Ryan Lue
  • 525
2
votes
1 answer

need clarifications on chroot command

I am trying to understand chroot. I am trying to run just "ls" command in chroot environment. So i copied "ls" and "bash" and its dependencies(as shown by ldd) to corresponding bin, lib, lib64 directories in new root directory and ran chroot…
Vignesh k
  • 23
1
vote
2 answers

Chroot ssh user to home folder results in Connection refused

I'm trying to give someone ssh access to a (Ubuntu 14.04) server I've got, but I want to limit them to their own home folder. So I'm trying to follow this tutorial. I first created a user (sudo adduser jailuser) which made it possible to log in…
kramer65
  • 1,442
  • 4
  • 26
  • 43
1
vote
1 answer

Wrong ownership when SFTP files

I have successfully setup jailed SFTP access using ChrootDirectory. Match Group sftponly ChrootDirectory %h X11Forwarding no AllowTCPForwarding no ForceCommand internal-sftp I also used: Subsystem sftp internal-sftp -u 0002 to…
Jeremy
  • 172
1
vote
1 answer

Using sftp ChrootDirectory while giving other users write access to the same directory

I need to allow an untrusted user SFTP access to a particular directory under his webserver root. I don't want him to access any other parts of the system (including the rest of the web), so I thought about using OpenSSH's ChrootDirective.…
himdel
  • 119
1
2 3