Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Suggest HOWTO

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 28th August 2006, 10:04
gregor_gede gregor_gede is offline
Junior Member
 
Join Date: Aug 2006
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default How to create multiple chroot (jailed) users accounts in batch

I've been googling for tutorial on creating multiple chroot users accounts in batch but find none yet. The one that i found was creating multiple accounts from http://www.cyberciti.biz/tips/linux-...-in-batch.html
May be some expterts out there could write a good tutorial about my subject. I'd be so grateful.

regards,
gregor
Reply With Quote
Sponsored Links
  #2  
Old 29th August 2006, 19:05
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Did you have a look at this tutorial? http://www.howtoforge.com/chrooted_ssh_howto_debian

It shouldn't be too hard to create a little script with some kind of loop that creates your chroot accounts.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 30th August 2006, 03:26
gregor_gede gregor_gede is offline
Junior Member
 
Join Date: Aug 2006
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

ok, i'll give it a try.thx a lot falko, you r the angel of my day... btw, i use fedora core,hopefully it would work.i'll let you know when i'm done.
Reply With Quote
  #4  
Old 30th August 2006, 07:10
gregor_gede gregor_gede is offline
Junior Member
 
Join Date: Aug 2006
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

hi Falko,

With proper adjustment of copying some missing libraries, i finally got it done. testuser is successfully chrooted. There's a minor problem everytime sshd is restarted saying "Unsupported option GSSAPIAuthentication" and "Unsupported option GSSAPICleanupCredentials" but it can be eliminated by commenting those options in the sshd_config.

But there's one big problem left that i hope you can help me figure out. testuser could not change password . I've already added /usr/bin/passwd to the APPS line of your script but everytime testuser issued passwd command, the system respond :

Changing password for user testuser.
passwd: unable to start pam


i've also run ldd passwd to see what libraries might missing and tried to copy them to the proper lib directories and restart sshd but still the user could not change password.

any suggestions?

regards,
gregor
Reply With Quote
  #5  
Old 31st August 2006, 22:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

I think you need to copy pam to your chroot jail.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 1st September 2006, 06:44
gregor_gede gregor_gede is offline
Junior Member
 
Join Date: Aug 2006
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

could you be more specific about what pam that should be copied? i've already got the following :

/home/chroot/lib/libpam.so.0
/home/chroot/lib/libpam_misc.so.0
/home/chroot/usr/lib/libpam.so.0
/home/chroot/usr/lib/libpam_misc.so.0

in my chroot jail, but it doesn't work.
If you mean i should add pam's binary in the APPS line, which one is it?
I tried to locate pam's binary (locate bin/pam) and here's what shoed up:

/sbin/pam_timestamp_check
/sbin/pam_tally
/sbin/pam_console_apply
/usr/bin/pam-panel-icon

regards,
gregor
Reply With Quote
  #7  
Old 2nd September 2006, 16:00
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Quote:
Originally Posted by gregor_gede

/sbin/pam_timestamp_check
/sbin/pam_tally
/sbin/pam_console_apply
/usr/bin/pam-panel-icon

regards,
gregor
Put them all into the chroot environment, also /etc/pam and /etc/pam.d, if they exist. What's the output of
Code:
locate pam
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 5th September 2006, 04:06
gregor_gede gregor_gede is offline
Junior Member
 
Join Date: Aug 2006
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

locate pam returned :

/lib/libpam_misc.so.0.79
/lib/libpam.so.0
/lib/security/pam_rootok.so
/lib/security/pam_mkhomedir.so
/lib/security/pam_stress.so
/lib/security/pam_pwdb.so
/lib/security/pam_unix_auth.so
/lib/security/pam_time.so
/lib/security/pam_passwdqc.so
/lib/security/pam_chroot.so
/lib/security/pam_shells.so
/lib/security/pam_ccreds.so
/lib/security/pam_motd.so
/lib/security/pam_tally.so
/lib/security/pam_wheel.so
/lib/security/pam_permit.so
/lib/security/pam_console.so
/lib/security/pam_xauth.so
/lib/security/pam_filter.so
/lib/security/pam_group.so
/lib/security/pam_winbind.so
/lib/security/pam_krb5afs.so
/lib/security/pam_limits.so
/lib/security/pam_unix_passwd.so
/lib/security/pam_nologin.so
/lib/security/pam_postgresok.so
/lib/security/pam_unix_acct.so
/lib/security/pam_access.so
/lib/security/pam_loginuid.so
/lib/security/pam_listfile.so
/lib/security/pam_cracklib.so
/lib/security/pam_deny.so
/lib/security/pam_rhosts_auth.so
/lib/security/pam_smb_auth.so
/lib/security/pam_lastlog.so
/lib/security/pam_timestamp.so
/lib/security/pam_localuser.so
/lib/security/pam_filter
/lib/security/pam_filter/upperLOWER
/lib/security/pam_ldap.so
/lib/security/pam_mail.so
/lib/security/pam_ftp.so
/lib/security/pam_securetty.so
/lib/security/pam_debug.so
/lib/security/pam_succeed_if.so
/lib/security/pam_issue.so
/lib/security/pam_smbpass.so
/lib/security/pam_userdb.so
/lib/security/pam_unix_session.so
/lib/security/pam_krb5.so
/lib/security/pam_unix.so
/lib/security/pam_selinux.so
/lib/security/pam_rps.so
/lib/security/pam_krb5
/lib/security/pam_krb5/pam_krb5_storetmp
/lib/security/pam_stack.so
/lib/security/pam_warn.so
/lib/security/pam_env.so
/lib/libpam_misc.so.0
/lib/libpamc.so.0.79
/lib/libpam.so.0.79
/lib/libpamc.so.0
/sbin/pam_timestamp_check
/sbin/pam_tally
/sbin/pam_console_apply
/usr/lib/libpam_misc.so
/usr/lib/libpam.so
/usr/lib/libpamc.so
/usr/lib/squid/pam_auth
/usr/lib/libpam_misc.a
/usr/lib/libpamc.a
/usr/lib/libpam.a
/usr/include/pam.h
/usr/include/security/pam_modules.h
/usr/include/security/pam_misc.h
/usr/include/security/pam_client.h
/usr/include/security/_pam_compat.h
/usr/include/security/pam_filter.h
/usr/include/security/pam_appl.h
/usr/include/security/_pam_macros.h
/usr/include/security/_pam_types.h
/usr/include/pammap.h
/usr/include/linux/isdn/tpam.h
/etc/security/pam_env.conf
/etc/dev.d/default/05-pam_console.dev
/etc/udev/scripts/pam_console.dev
/etc/pam.d
/etc/pam.d/sshd
/etc/pam.d/halt
/etc/pam.d/system-config-users
/etc/pam.d/ppp
/etc/pam.d/system-config-printer-gui
/etc/pam.d/printtool
/etc/pam.d/system-auth
/etc/pam.d/poweroff
/etc/pam.d/up2date-config
/etc/pam.d/atd
/etc/pam.d/neat
/etc/pam.d/newrole
/etc/pam.d/system-cdinstall-helper
/etc/pam.d/reboot
/etc/pam.d/system-config-httpd
/etc/pam.d/system-config-network-druid
/etc/pam.d/up2date
/etc/pam.d/other
/etc/pam.d/system-install-packages
/etc/pam.d/su
/etc/pam.d/su
/etc/pam.d/system-config-mouse
/etc/pam.d/system-config-printer
/etc/pam.d/system-config-printer-tui
/etc/pam.d/cups
/etc/pam.d/system-config-language
/etc/pam.d/dateconfig
/etc/pam.d/system-config-keyboard
/etc/pam.d/system-config-packages
/etc/pam.d/system-config-securitylevel
/etc/pam.d/chfn
/etc/pam.d/chsh
/etc/pam.d/squid
/etc/pam.d/system-config-soundcard
/etc/pam.d/printconf-gui
/etc/pam.d/internet-druid
/etc/pam.d/login
/etc/pam.d/system-config-nfs
/etc/pam.d/setup
/etc/pam.d/samba
/etc/pam.d/kbdrate
/etc/pam.d/system-config-network
/etc/pam.d/authconfig-gtk
/etc/pam.d/rhn_register
/etc/pam.d/up2date-nox
/etc/pam.d/printconf-tui
/etc/pam.d/imap
/etc/pam.d/crond
/etc/pam.d/remote
/etc/pam.d/sudo
/etc/pam.d/pop3
/etc/pam.d/serviceconf
/etc/pam.d/system-config-services
/etc/pam.d/screen
/etc/pam.d/passwd
/etc/pam.d/system-config-rootpassword
/etc/pam.d/vsftpd
/etc/pam.d/printconf
/etc/pam.d/system-config-network-cmd
/etc/pam.d/system-config-authentication
/etc/pam.d/system-config-lvm
/etc/pam.d/run_init
/etc/pam.d/system-config-samba
/etc/pam.d/authconfig
/etc/pam.d/system-config-date
/etc/pam.d/system-config-time

i've copied them all to my chroot dir. now the error message turn to :

-bash-3.00$ passwd
Changing password for user testuser.
passwd: Module is unknown

what else do you think i should do?

regards,
gregor
Reply With Quote
  #9  
Old 6th September 2006, 08:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Did you put the passwd program into the APPS line of the script that copies the desired programs to the chroot jail?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 8th September 2006, 03:14
yogibear yogibear is offline
Junior Member
 
Join Date: Sep 2006
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Hi Falko, Gregor,

I had exactly same problem (passwd: Module is unknonwn)
after I copied all the relavant libs and programs specified in
this thread.

If I do >ldd passwd, all the dependent libs are all there.

Anything else is needed?

Thanks,

Yogi
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot create mail accounts called 'root' or 'mail' AaronNGray Installation/Configuration 8 21st August 2006 16:34
SSH Users CHROOT howser Installation/Configuration 20 2nd August 2006 08:22
Multiple Admin Users esadmf General 2 10th May 2006 19:39
The perfect Setup Suse 10 RC1 ispconfig won't create postfix users! fatum112 HOWTO-Related Questions 1 14th January 2006 14:25
Chroot FTP users olli Server Operation 3 25th April 2005 11:35


All times are GMT +2. The time now is 05:12.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.