From owner-freebsd-security@FreeBSD.ORG Tue Jan 13 10:19:33 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 820F316A4CE for ; Tue, 13 Jan 2004 10:19:33 -0800 (PST) Received: from mx1.webspacesolutions.com (ns1.webspacesolutions.com [216.74.11.68]) by mx1.FreeBSD.org (Postfix) with SMTP id 3380D43D5C for ; Tue, 13 Jan 2004 10:19:32 -0800 (PST) (envelope-from nick@webspacesolutions.com) Received: (qmail 14301 invoked by uid 507); 13 Jan 2004 18:07:30 -0000 Received: from nick@webspacesolutions.com by ns1.webspacesolutions.com by uid 504 with qmail-scanner-1.20rc1 (clamuko: 0.65. spamassassin: 2.55. Clear:RC:1:. Processed in 0.019341 secs); 13 Jan 2004 18:07:30 -0000 Received: from 24-205-247-185.ata-cres.charterpipeline.net (HELO beastie) (24.205.247.185) by mx1.webspacesolutions.com with SMTP; 13 Jan 2004 18:07:30 -0000 From: "Nick Twaddell" To: "'Peter Pentchev'" , Date: Tue, 13 Jan 2004 10:20:34 -0800 Organization: Web Space Solutions MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <20040113164950.GA722@straylight.m.ringlet.net> Thread-Index: AcPZ86XkqxQqTZvNSh2rLNWMlPjACwADgyKw X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Qmail-Scanner-Message-ID: <107401725063614296@ns1.webspacesolutions.com> Message-Id: <20040113181932.3380D43D5C@mx1.FreeBSD.org> Subject: RE: pam_chroot X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2004 18:19:33 -0000 I do have PrivilegeSeparation off :( Whats the next idea? :) -----Original Message----- From: Peter Pentchev [mailto:roam@ringlet.net] Sent: Tuesday, January 13, 2004 8:50 AM To: Nick Twaddell Subject: Re: pam_chroot On Tue, Jan 13, 2004 at 01:24:18AM -0800, Nick Twaddell wrote: > Hey Peter, > Yes I have all those files in my /home/user/etc/ dir > > -su-2.05b# pwd > /home/nick/etc > -su-2.05b# ls > group master.passwd passwd pwd.db spwd.db > > attached is the list of files you requested. All of this looks fine... Could you try turning off the 'privilege separation' feature of OpenSSH, as per Dag-Erling's suggestion in another message? Edit your /etc/sshd_config file, find the line that says 'PrivilegeSeparation', uncomment it if needed, and make sure it says 'off'. After that, restart your master sshd server, e.g. using the following command: kill -HUP `cat /var/run/sshd.pid` G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I had to translate this sentence into English because I could not read the original Sanskrit.