[Jailkit-users] Re: Passwd command

[Luiz Casey]

Ok, I got it to work. What I did was I ran strace passwd and then ran jk_cp 
against all of the open() files. I had to reset setuid/setgid on the chrooted 
passwd command. After that the chrooted user was able to change their own pass. 
Unfortunately after they log off the real /etc/shadow file was not edited so 
they had to login via their old password. To fix that I did a diff -u 
/etc/shadow /JAIL/etc/shadow > shadow.patch then patch -b /etc/shadow 
shadow.patch. I guess this could be incorporated into a wrapper script for the 
passwd command within chroot  to automatically do it when passwd is used. Any 
thoughts,concerns, etc about this solution??

Also to secure this a bit is it possible to remove root from 
/etc/shadow,/etc/passwd,/etc/group or is there a specific need to have root 
user within those files in the chrooted environment ?

-Luiz


Luiz Casey wrote:
> Hello,
> 
> I was doing a bit of research on how to accomplish this. Seems like
>  most of pam and any libcrack* files will need to be copied into the
> jail and somehow run a patch script in cron to sync the jailed
> /etc/shadow with the non jailed so the user can log back . Is there an
> easier way to do this?

this is difficult indeed. The nicest setup I have seen was with
users/passwords in ldap, so the users in the jail simply connect to the
ldap server on localhost to change their passwords.

Olivier




------------------------------

_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users


End of Jailkit-users Digest, Vol 47, Issue 7
********************************************