[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Using "rootsh" with jailkit

From: Olivier Sessink
Subject: Re: [Jailkit-users] Using "rootsh" with jailkit
Date: Thu, 30 Apr 2009 20:49:45 +0200
User-agent: Thunderbird (X11/20090409)

Charley Marsh wrote:
Thanks for the info and the fast response! Here's what I've done so far:

I logged in with the jailed user, then started editing a file in vim.
I found the PID of vim (26037).
I found the directory for PID 26037 in /proc, and it does have a link named root that points to /xjail. I ran jk_list as root, and it still only lists the user "nobody" with the jail "user/sbin/jk_socketd".

hmm strange. sounds like a bug. the jk_list code is pretty simple, but for some reason it doesn't work for you...

def runList(verbose,jail):
   # open /proc/
   results = []
   dirlist = os.listdir('/proc')
      for entry in dirlist:
         if (entry.isdigit()):
            # we have a process, now read the link root
               ret = os.readlink('/proc/'+entry+'/root')
               if (ret != '/'):
   except OSError, e:
      if (e.errno == 13):
         print 'Permission denied'
   return results

Here is the line for this user in the etc - passwd file outside of the jail:


And here is the etc - passwd line inside the jail:


I was attempting to lauch rootsh from the etc - profile file in the jail, but that particular program is complaining that it can't resolve which user launched it. I don't know if this is what is causing this or not, but I am using pam_radius to authenticate users who login through SSH.

the nsswitch.conf in the jail, does it also use radius? if so, is the radius configuration also in the jail? this could explain why programs in the jail cannot resolve the user.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]