From owner-freebsd-security@FreeBSD.ORG Tue Jan 13 01:04:16 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED83016A4CE for ; Tue, 13 Jan 2004 01:04:16 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 7D4B143D69 for ; Tue, 13 Jan 2004 01:04:06 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 23516 invoked from network); 13 Jan 2004 09:01:43 -0000 Received: from office.sbnd.net (HELO straylight.m.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 13 Jan 2004 09:01:43 -0000 Received: (qmail 70348 invoked by uid 1000); 13 Jan 2004 09:04:18 -0000 Date: Tue, 13 Jan 2004 11:04:18 +0200 From: Peter Pentchev To: Nick Twaddell Message-ID: <20040113090417.GH711@straylight.m.ringlet.net> Mail-Followup-To: Nick Twaddell , freebsd-security@freebsd.org References: <20040113083801.3661243D49@mx1.FreeBSD.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dMdWWqg3F2Dv/qfw" Content-Disposition: inline In-Reply-To: <20040113083801.3661243D49@mx1.FreeBSD.org> User-Agent: Mutt/1.5.5.1i cc: freebsd-security@freebsd.org Subject: Re: pam_chroot X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2004 09:04:17 -0000 --dMdWWqg3F2Dv/qfw Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 13, 2004 at 12:38:28AM -0800, Nick Twaddell wrote: > Has anyone got the pam_chroot module to successfully work in FreeBSD? I > have FreeBSD 5.2-RELEASE installed. I copied the appropriate binaries and > libraries into my chroot, I can chroot -u test -g test /home/test > /usr/local/bin/bash and it works perfectly. So now I am trying to get the > pam module to work. I added > session required pam_chroot.so debug > into the /etc/pam.d/sshd file. I changed my passwd file so my home dir is > /home/test/./ >=20 > when I try to login as that user, it just kicks me right now. There are = no > errors in the log :( =20 >=20 > Connection to wp1 closed by remote host. > Connection to wp1 closed. >=20 > Maybe someone in here can help. What do you mean 'try to login as that user' - try to login as 'test', or something else? Do you have passwd, master.passwd, group, pwd.db and spwd.db files in the /home/test/etc/ directory? If not, copy the passwd, master.passwd and group files from your /etc/ directory, remove the entries you do not really need, then run pwd_mkdb /home/test/etc/master.passwd to build the pwd.db and spwd.db files. If that doesn't work, can you post the output of 'find /home/test -ls' G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 The rest of this sentence is written in Thailand, on --dMdWWqg3F2Dv/qfw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAA7SR7Ri2jRYZRVMRAm8SAKCi+thr9O4f0WsHlcFVNIZy8Ifz1wCfWYgb chyy8++78qn0TrxcMewMdQU= =lfn7 -----END PGP SIGNATURE----- --dMdWWqg3F2Dv/qfw--