[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jailkit-users] chroot support for freenx-server
|
From: |
Hi |
|
Subject: |
[Jailkit-users] chroot support for freenx-server |
|
Date: |
Tue, 18 Mar 2008 20:49:58 -0700 (PDT) |
Okay well I'll add what I've tried lately. With the
http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/
variant I adjust node.conf
# Where can different nx components be found
NX_DIR=/home/jail/usr
# Ring around the rosey - Keep trying!!
PATH_BIN=/usr/libexec/nx # if you change that, be sure
to also change the public keys
PATH_LIB=/home/jail/usr/lib/nx
NX_ETC_DIR=/home/jail/etc/nxserver
NX_SESS_DIR=/home/jail/db
NX_HOME_DIR=/home/jail/nxserver/home
Made sure the shell has all the required executables
to run the freenx scripts, ie: /bin/cut /bin/sed and
every library file I could find pertaining to but not
including anything KDE related has been copied into
the jail. Right now with this solution a normal user
can still log in but the chrooted user the session
fails.
Could it be a permission problem finally? As of right
now I'm kinda stumped with log output like this. I'm
going to try some different log listings for perhaps
another clue.
address@hidden's password:
/bin/su: user computer does not exist
/bin/su: user scanners does not exist
NX> 1000 NXNODE - Version 1.5.0-60 OS (GPL)
NX> 700 Session id:
expansion.oil-gas.ca-1001-B8D6DF8A18F3748D436579482CB7682A
NX> 705 Session display: 1001
NX> 703 Session type: unix-kde
NX> 701 Proxy cookie: 1bd18ddfca04660f33d2b44ba48a45f7
NX> 702 Proxy IP: 127.0.0.1
NX> 706 Agent cookie: 1bd18ddfca04660f33d2b44ba48a45f7
NX> 704 Session cache: unix-kde
NX> 707 SSL tunneling: 1
NX> 1004 Error: NX Agent exited with exit status 1.
NX> 1006 Session status: closed
/usr/libexec/nx/nxnode: line 492: 18016 Terminated
PATH="$PATH_BIN:$PATH" $PATH_BIN/nxagent $P
$R -name "NX - address@hidden:$display - $session
(GPL Edition)" -option
"$USER_FAKE_HOME/.nx/C-$sess_id/options" $K $G $B $FP
$AGENT_EXTRA_OPTIONS_X :$display 2>&3
NX> 105 NX> 596 Session startup failed.
NX> 1001 Bye.
Paying no attention to the client error but still
always checking for correct permissions for the
/nxserver/home/.sshd/authorized_keys and also trying
to understand the relationship between the .nx user
home dirctory and nxnode.
The JailKit approch to chroot and freenx may still
work yet as I progress and learn more about what the
chroot shells require. As it stands I can only create
a /bin/bash shell to work with JailKit and having a
secure jail requires having a working jk_chrootsh ->
jk_lsh. Proper defaults for jk_lsh.ini and
jk_chrootsh.ini are required to use the
[limitedshell].
Interestingly enough I just now created a user with
jk_jailuser and added the nx user to the jail files as
well. Messed around with the shell and directory
variables and now I just logged my first nxsession
with a chroot user (woo hoo, progress). The session
won't elect to save though as the permissions are
wrong the home directory and no doubt the .nx folder.
Perhaps I can use the chroot-shell from the
Fuschlberger variant for the users and have it work
secure. As it is using /bin/bash with the Jailkit
user is not secure and I still dont' have working
jk_lsh.ini and jk_chrootsh.ini [DEFAULT]
configurations.
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
- [Jailkit-users] chroot support for freenx-server,
Hi <=