Failed to su after making a chroot jail
To fix the could not open session problem, without abandoning make_chroot_jail.sh entirely, you also need to copy the /usr/lib/libcrack* libraries. Edit the script, where it has:
# If you are using a 64 bit system and have strange problems with login comment
# the following lines in, perhaps it will work (motto: if you can't find the
# needed library just copy all of them)
#
# cp /lib/*.* ${JAILPATH}/lib/
# cp /lib/lib64/*.* ${JAILPATH}/lib/lib64/
Change to:
cp /lib/*.* ${JAILPATH}/lib/
cp /lib64/*.* ${JAILPATH}/lib64/
cp -rp /lib64/security ${JAILPATH}/lib64/
cp /usr/lib64/libcrack* ${JAILPATH}/usr/lib64/
Just a quick addendum, the above fixed this problem with 64 bit SuSE - SLES 11 sp2. I also renamed the $JAILPATH/lib to $JAILPATH/lib64. And for that OS, I had to add an empty /etc/profile file in the jail (you can use it to put in a PS1 prompt).
Related videos on Youtube
01 : 19
07 : 27
11 : 02
13 : 59
03 : 40
arepo21
Updated on September 17, 2022Comments
-
arepo21 almost 2 years
On a 64 bit CentOS host I am using script
make_chroot_jail.shto put a user in a jail, not permitting it to see anything expect it's home at/home/jail/home/user1.I did it typing this:
sudo ./make_chroot_jail.sh user1after, when trying to connect to user1 first i was getting an error like:
/bin/su: user guest does not existi have fixed this by copying some missed libraries:
sudo cp /lib64/libnss_compat.so.2 /lib64/libnss_files.so.2 /lib64/libnss_dns.so.2 /lib64/libxcrypt.so.2 /home/jail/lib64/ sudo cp -r /lib64/security/ /home/jail/lib64/But now, when trying to connect to user1 typing
su user1and then typing it's password, i am getting this error:could not open sessionSo the question is how to connect to user1 in this situation?
P.S. Here are the permissions of some files, this might be helpful in order to provide a solution:
-rwsr-xr-x 1 root root /home/jail/bin/su drwxr-xr-x 4 root root /home/jail/etc -rw-r--r-- 1 root root /home/jail/etc/pam.d/su -rw-r--r-- 1 root root /home/jail/etc/passwd -rw------- 1 root root /home/jail/etc/shadowUPDATE1
After some modifications i managed to connect to user1, but the session closes immediately! I guess this a PAM issue, however cant find a way to fix it.
Here the log entry for close action from
/val/log/secure:Oct 6 15:19:42 localhost su: pam_unix(su:session): session closed for user user1What makes the session to exit immediately after launching?
-
Gilles 'SO- stop being evil' over 13 yearsYou might need to copy some system users and groups into the jail or change some configuration. On my system,/etc/shadowis 640 groupshadow. Check the system logs for any relevant message and post them here. Also post the content of/home/jail/etc/pam.d/su. The output ofstrace -s9999 su user1could also help. -
arepo21 over 13 years
@GillesAfter some modifications i managed to connect to user1, but now the session closes immediately. So now the question is: what makes the session to exit immediately after launching (please see the UPDATE1 of the question)? Looking to file/val/log/secure, i assume this is some PAM issue, however i dont know how to fix it. Can you help me on this?
-