* [gentoo-server] Virtual ssh users
@ 2005-09-06 0:09 Yogesh Sharma
2005-09-06 0:15 ` Jeremy Brake
2005-09-06 0:26 ` Ben Munat
0 siblings, 2 replies; 9+ messages in thread
From: Yogesh Sharma @ 2005-09-06 0:09 UTC (permalink / raw
To: gentoo-server
Hi,
Can someone point me to documentation for creating chrooted virtual ssh
only users.
Thanks
YS
--
gentoo-server@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-server] Virtual ssh users
2005-09-06 0:09 Yogesh Sharma
@ 2005-09-06 0:15 ` Jeremy Brake
2005-09-06 0:26 ` Ben Munat
1 sibling, 0 replies; 9+ messages in thread
From: Jeremy Brake @ 2005-09-06 0:15 UTC (permalink / raw
To: gentoo-server
Me too please. :)
Yogesh Sharma wrote:
>Hi,
>
>Can someone point me to documentation for creating chrooted virtual ssh
>only users.
>
>Thanks
>YS
>
>
>
--
gentoo-server@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-server] Virtual ssh users
2005-09-06 0:09 Yogesh Sharma
2005-09-06 0:15 ` Jeremy Brake
@ 2005-09-06 0:26 ` Ben Munat
2005-09-06 6:08 ` ysharma
1 sibling, 1 reply; 9+ messages in thread
From: Ben Munat @ 2005-09-06 0:26 UTC (permalink / raw
To: gentoo-server
This is in portage and I've used it a bit... pretty straightforward.
http://www.jmcresearch.com/projects/jail/
Just remember that *everything* needed by the user has to be in the jail... if you use any
executable (apache, php, mysql, etc.) outside the jail, it is no longer secure.
b
Yogesh Sharma wrote:
> Hi,
>
> Can someone point me to documentation for creating chrooted virtual ssh
> only users.
>
> Thanks
> YS
>
--
gentoo-server@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-server] Virtual ssh users
2005-09-06 0:26 ` Ben Munat
@ 2005-09-06 6:08 ` ysharma
2005-09-06 16:41 ` Ben Munat
0 siblings, 1 reply; 9+ messages in thread
From: ysharma @ 2005-09-06 6:08 UTC (permalink / raw
To: gentoo-server
Hi,
I am trying to addjailuser with following syntax
addjailuser /home/chroot/jail /home/testys /bin/bash testys
and I am getting error:
addjailuser
A component of Jail (version 1.9 for linux)
http://www.gsyc.inf.uc3m.es/~assman/jail/
Juan M. Casillas <assman@gsyc.inf.uc3m.es>
Adding user testys in chrooted environment /home/chroot/jail
Error: Can't add the user.
Done.
I already created jail env and added sw also
Any idea ?
Thanks
YS
> This is in portage and I've used it a bit... pretty straightforward.
>
> http://www.jmcresearch.com/projects/jail/
>
> Just remember that *everything* needed by the user has to be in the
> jail... if you use any
> executable (apache, php, mysql, etc.) outside the jail, it is no longer
> secure.
>
> b
>
>
> Yogesh Sharma wrote:
>> Hi,
>>
>> Can someone point me to documentation for creating chrooted virtual ssh
>> only users.
>>
>> Thanks
>> YS
>>
> --
> gentoo-server@gentoo.org mailing list
>
>
--
gentoo-server@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-server] Virtual ssh users
2005-09-06 6:08 ` ysharma
@ 2005-09-06 16:41 ` Ben Munat
2005-09-08 14:43 ` A. Khattri
0 siblings, 1 reply; 9+ messages in thread
From: Ben Munat @ 2005-09-06 16:41 UTC (permalink / raw
To: gentoo-server
Hmm, I haven't messed with jail in a while... Well, did you add the jailed user to the
regular system with useradd? In other words, there are two steps to adding a jailed user:
add the user to the regular system with useradd and a shell of /usr/bin/jail and then add
the user to jail with addjailuser and a shell of /bin/bash. Oh, and the /usr/bin/jail
shell needs to be in /etc/shells.
If that doesn't help, look around on the jail website and try the mailing list.
good luck,
Ben
ysharma@catprosystems.com wrote:
> Hi,
>
> I am trying to addjailuser with following syntax
>
> addjailuser /home/chroot/jail /home/testys /bin/bash testys
>
> and I am getting error:
>
> addjailuser
> A component of Jail (version 1.9 for linux)
> http://www.gsyc.inf.uc3m.es/~assman/jail/
> Juan M. Casillas <assman@gsyc.inf.uc3m.es>
>
> Adding user testys in chrooted environment /home/chroot/jail
> Error: Can't add the user.
> Done.
>
> I already created jail env and added sw also
>
> Any idea ?
>
> Thanks
> YS
>
>
>>This is in portage and I've used it a bit... pretty straightforward.
>>
>>http://www.jmcresearch.com/projects/jail/
>>
>>Just remember that *everything* needed by the user has to be in the
>>jail... if you use any
>>executable (apache, php, mysql, etc.) outside the jail, it is no longer
>>secure.
>>
>>b
>>
>>
>>Yogesh Sharma wrote:
>>
>>>Hi,
>>>
>>>Can someone point me to documentation for creating chrooted virtual ssh
>>>only users.
>>>
>>>Thanks
>>>YS
>>>
>>
>>--
>>gentoo-server@gentoo.org mailing list
>>
>>
>
>
>
--
gentoo-server@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-server] Virtual ssh users
2005-09-06 16:41 ` Ben Munat
@ 2005-09-08 14:43 ` A. Khattri
0 siblings, 0 replies; 9+ messages in thread
From: A. Khattri @ 2005-09-08 14:43 UTC (permalink / raw
To: gentoo-server
On Tue, 6 Sep 2005, Ben Munat wrote:
> Hmm, I haven't messed with jail in a while... Well, did you add the jailed user to the
> regular system with useradd? In other words, there are two steps to adding a jailed user:
> add the user to the regular system with useradd and a shell of /usr/bin/jail and then add
> the user to jail with addjailuser and a shell of /bin/bash. Oh, and the /usr/bin/jail
> shell needs to be in /etc/shells.
Incidently, you can use libnss-mysql to avoid having to create an actual
system account if you need "true" virtual users.
--
--
gentoo-server@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-server] Virtual ssh users
@ 2005-09-09 4:53 Yogesh Sharma
2005-09-09 9:12 ` Paul Kölle
0 siblings, 1 reply; 9+ messages in thread
From: Yogesh Sharma @ 2005-09-09 4:53 UTC (permalink / raw
To: gentoo-server
On 07:43 A. Khattri wrote:
> Incidently, you can use libnss-mysql to avoid having to create an
> actual
> system account if you need "true" virtual users.
Any link to documentation or example for implementing libnss-mysql based
virtual users ?
Database schema, user name, config file etc.
--
gentoo-server@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-server] Virtual ssh users
2005-09-09 4:53 [gentoo-server] Virtual ssh users Yogesh Sharma
@ 2005-09-09 9:12 ` Paul Kölle
2005-09-21 16:28 ` A. Khattri
0 siblings, 1 reply; 9+ messages in thread
From: Paul Kölle @ 2005-09-09 9:12 UTC (permalink / raw
To: gentoo-server
Yogesh Sharma wrote:
> On 07:43 A. Khattri wrote:
>
>>Incidently, you can use libnss-mysql to avoid having to create an
>>actual
>>system account if you need "true" virtual users.
>
>
>
> Any link to documentation or example for implementing libnss-mysql based
> virtual users ?
> Database schema, user name, config file etc.
>
It's pretty straightforward. libnss-mysql configuration file takes a SQL
query for each get*() call, so there are no constraints for the db
schema. Examples are in /usr/share/doc after installing the package.
What I haven't figured out yet: Calls to NSS are made in the context of
the user running e.g. "id", so if you use a socket connection to mysql
you need to allow *every* user to read from the socket. I haven't
investigated the implications in terms of security yet.
cheers
Paul
--
gentoo-server@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-server] Virtual ssh users
2005-09-09 9:12 ` Paul Kölle
@ 2005-09-21 16:28 ` A. Khattri
0 siblings, 0 replies; 9+ messages in thread
From: A. Khattri @ 2005-09-21 16:28 UTC (permalink / raw
To: gentoo-server
On Fri, 9 Sep 2005, Paul Kölle wrote:
> It's pretty straightforward. libnss-mysql configuration file takes a SQL
> query for each get*() call, so there are no constraints for the db
> schema. Examples are in /usr/share/doc after installing the package.
> What I haven't figured out yet: Calls to NSS are made in the context of
> the user running e.g. "id", so if you use a socket connection to mysql
> you need to allow *every* user to read from the socket. I haven't
> investigated the implications in terms of security yet.
If you look at the MySQL privileges for the libnss-mysql user (as set in
/etc/libnss-mysql.cfg) you will see that only SELECT priv is granted for
that user. (Granted, that might be a problem too ;-)
--
--
gentoo-server@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2005-09-21 16:36 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-09 4:53 [gentoo-server] Virtual ssh users Yogesh Sharma
2005-09-09 9:12 ` Paul Kölle
2005-09-21 16:28 ` A. Khattri
-- strict thread matches above, loose matches on Subject: below --
2005-09-06 0:09 Yogesh Sharma
2005-09-06 0:15 ` Jeremy Brake
2005-09-06 0:26 ` Ben Munat
2005-09-06 6:08 ` ysharma
2005-09-06 16:41 ` Ben Munat
2005-09-08 14:43 ` A. Khattri
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox