Navigation

gregor_gede · #1 28th August 2006, 11:04

I've been googling for tutorial on creating multiple chroot users accounts in batch but find none yet. The one that i found was creating multiple accounts from http://www.cyberciti.biz/tips/linux-...-in-batch.html
May be some expterts out there could write a good tutorial about my subject. I'd be so grateful.

regards,
gregor

falko · #2 29th August 2006, 20:05

Did you have a look at this tutorial? http://www.howtoforge.com/chrooted_ssh_howto_debian

It shouldn't be too hard to create a little script with some kind of loop that creates your chroot accounts.

gregor_gede · #3 30th August 2006, 04:26

ok, i'll give it a try.thx a lot falko, you r the angel of my day...

btw, i use fedora core,hopefully it would work.i'll let you know when i'm done.

gregor_gede · #4 30th August 2006, 08:10

hi Falko,

With proper adjustment of copying some missing libraries, i finally got it done. testuser is successfully chrooted. There's a minor problem everytime sshd is restarted saying "Unsupported option GSSAPIAuthentication" and "Unsupported option GSSAPICleanupCredentials" but it can be eliminated by commenting those options in the sshd_config.

But there's one big problem left that i hope you can help me figure out. testuser could not change password

. I've already added /usr/bin/passwd to the APPS line of your script but everytime testuser issued passwd command, the system respond :

Changing password for user testuser.
passwd: unable to start pam

i've also run ldd passwd to see what libraries might missing and tried to copy them to the proper lib directories and restart sshd but still the user could not change password.

any suggestions?

regards,
gregor

falko · #5 31st August 2006, 23:37

I think you need to copy pam to your chroot jail.

gregor_gede · #6 1st September 2006, 07:44

could you be more specific about what pam that should be copied? i've already got the following :

/home/chroot/lib/libpam.so.0
/home/chroot/lib/libpam_misc.so.0
/home/chroot/usr/lib/libpam.so.0
/home/chroot/usr/lib/libpam_misc.so.0

in my chroot jail, but it doesn't work.
If you mean i should add pam's binary in the APPS line, which one is it?
I tried to locate pam's binary (locate bin/pam) and here's what shoed up:

/sbin/pam_timestamp_check
/sbin/pam_tally
/sbin/pam_console_apply
/usr/bin/pam-panel-icon

regards,
gregor

falko · #7 2nd September 2006, 17:00

Quote:

Originally Posted by gregor_gede

/sbin/pam_timestamp_check
/sbin/pam_tally
/sbin/pam_console_apply
/usr/bin/pam-panel-icon

regards,
gregor

Put them all into the chroot environment, also /etc/pam and /etc/pam.d, if they exist. What's the output of

Code:

locate pam

?

gregor_gede · #8 5th September 2006, 05:06

locate pam returned :

/lib/libpam_misc.so.0.79
/lib/libpam.so.0
/lib/security/pam_rootok.so
/lib/security/pam_mkhomedir.so
/lib/security/pam_stress.so
/lib/security/pam_pwdb.so
/lib/security/pam_unix_auth.so
/lib/security/pam_time.so
/lib/security/pam_passwdqc.so
/lib/security/pam_chroot.so
/lib/security/pam_shells.so
/lib/security/pam_ccreds.so
/lib/security/pam_motd.so
/lib/security/pam_tally.so
/lib/security/pam_wheel.so
/lib/security/pam_permit.so
/lib/security/pam_console.so
/lib/security/pam_xauth.so
/lib/security/pam_filter.so
/lib/security/pam_group.so
/lib/security/pam_winbind.so
/lib/security/pam_krb5afs.so
/lib/security/pam_limits.so
/lib/security/pam_unix_passwd.so
/lib/security/pam_nologin.so
/lib/security/pam_postgresok.so
/lib/security/pam_unix_acct.so
/lib/security/pam_access.so
/lib/security/pam_loginuid.so
/lib/security/pam_listfile.so
/lib/security/pam_cracklib.so
/lib/security/pam_deny.so
/lib/security/pam_rhosts_auth.so
/lib/security/pam_smb_auth.so
/lib/security/pam_lastlog.so
/lib/security/pam_timestamp.so
/lib/security/pam_localuser.so
/lib/security/pam_filter
/lib/security/pam_filter/upperLOWER
/lib/security/pam_ldap.so
/lib/security/pam_mail.so
/lib/security/pam_ftp.so
/lib/security/pam_securetty.so
/lib/security/pam_debug.so
/lib/security/pam_succeed_if.so
/lib/security/pam_issue.so
/lib/security/pam_smbpass.so
/lib/security/pam_userdb.so
/lib/security/pam_unix_session.so
/lib/security/pam_krb5.so
/lib/security/pam_unix.so
/lib/security/pam_selinux.so
/lib/security/pam_rps.so
/lib/security/pam_krb5
/lib/security/pam_krb5/pam_krb5_storetmp
/lib/security/pam_stack.so
/lib/security/pam_warn.so
/lib/security/pam_env.so
/lib/libpam_misc.so.0
/lib/libpamc.so.0.79
/lib/libpam.so.0.79
/lib/libpamc.so.0
/sbin/pam_timestamp_check
/sbin/pam_tally
/sbin/pam_console_apply
/usr/lib/libpam_misc.so
/usr/lib/libpam.so
/usr/lib/libpamc.so
/usr/lib/squid/pam_auth
/usr/lib/libpam_misc.a
/usr/lib/libpamc.a
/usr/lib/libpam.a
/usr/include/pam.h
/usr/include/security/pam_modules.h
/usr/include/security/pam_misc.h
/usr/include/security/pam_client.h
/usr/include/security/_pam_compat.h
/usr/include/security/pam_filter.h
/usr/include/security/pam_appl.h
/usr/include/security/_pam_macros.h
/usr/include/security/_pam_types.h
/usr/include/pammap.h
/usr/include/linux/isdn/tpam.h
/etc/security/pam_env.conf
/etc/dev.d/default/05-pam_console.dev
/etc/udev/scripts/pam_console.dev
/etc/pam.d
/etc/pam.d/sshd
/etc/pam.d/halt
/etc/pam.d/system-config-users
/etc/pam.d/ppp
/etc/pam.d/system-config-printer-gui
/etc/pam.d/printtool
/etc/pam.d/system-auth
/etc/pam.d/poweroff
/etc/pam.d/up2date-config
/etc/pam.d/atd
/etc/pam.d/neat
/etc/pam.d/newrole
/etc/pam.d/system-cdinstall-helper
/etc/pam.d/reboot
/etc/pam.d/system-config-httpd
/etc/pam.d/system-config-network-druid
/etc/pam.d/up2date
/etc/pam.d/other
/etc/pam.d/system-install-packages
/etc/pam.d/su
/etc/pam.d/su
/etc/pam.d/system-config-mouse
/etc/pam.d/system-config-printer
/etc/pam.d/system-config-printer-tui
/etc/pam.d/cups
/etc/pam.d/system-config-language
/etc/pam.d/dateconfig
/etc/pam.d/system-config-keyboard
/etc/pam.d/system-config-packages
/etc/pam.d/system-config-securitylevel
/etc/pam.d/chfn
/etc/pam.d/chsh
/etc/pam.d/squid
/etc/pam.d/system-config-soundcard
/etc/pam.d/printconf-gui
/etc/pam.d/internet-druid
/etc/pam.d/login
/etc/pam.d/system-config-nfs
/etc/pam.d/setup
/etc/pam.d/samba
/etc/pam.d/kbdrate
/etc/pam.d/system-config-network
/etc/pam.d/authconfig-gtk
/etc/pam.d/rhn_register
/etc/pam.d/up2date-nox
/etc/pam.d/printconf-tui
/etc/pam.d/imap
/etc/pam.d/crond
/etc/pam.d/remote
/etc/pam.d/sudo
/etc/pam.d/pop3
/etc/pam.d/serviceconf
/etc/pam.d/system-config-services
/etc/pam.d/screen
/etc/pam.d/passwd
/etc/pam.d/system-config-rootpassword
/etc/pam.d/vsftpd
/etc/pam.d/printconf
/etc/pam.d/system-config-network-cmd
/etc/pam.d/system-config-authentication
/etc/pam.d/system-config-lvm
/etc/pam.d/run_init
/etc/pam.d/system-config-samba
/etc/pam.d/authconfig
/etc/pam.d/system-config-date
/etc/pam.d/system-config-time

i've copied them all to my chroot dir. now the error message turn to :

-bash-3.00$ passwd
Changing password for user testuser.
passwd: Module is unknown

what else do you think i should do?

regards,
gregor

falko · #9 6th September 2006, 09:21

Did you put the passwd program into the APPS line of the script that copies the desired programs to the chroot jail?

yogibear · #10 8th September 2006, 04:14

Hi Falko, Gregor,

I had exactly same problem (passwd: Module is unknonwn)
after I copied all the relavant libs and programs specified in
this thread.

If I do >ldd passwd, all the dependent libs are all there.

Anything else is needed?

Thanks,

Yogi

Navigation

News

Recent comments

Newsletter

Syndicate