# Setting up a Chrooted env with Jail

## fbd

I am trying to set up a jail enviroment; mkjailenv finishes with no errors, and when I run addjailsw it doesn't finish like it should (according to the manual).  Does anyone know what might be wrong?

```

sidus var # addjailsw /var/chroot

addjailsw

A component of Jail (version 1.9 for linux)

http://www.gsyc.inf.uc3m.es/~assman/jail/

Juan M. Casillas <assman@gsyc.inf.uc3m.es>

Guessing mv args()

Guessing ls args()

Guessing ln args()

Guessing grep args()

Guessing cat args()

Guessing rmdir args()

Guessing vi args(-c q)

Guessing tail args()

Guessing sh args()

Guessing id args()

Guessing rm args()

Guessing head args()

Guessing cp args()

Guessing pwd args()

Guessing mkdir args()

Guessing touch args()

Guessing more args()

Warning: not allowed to overwrite /var/chroot/etc/passwd 

Warning: not allowed to overwrite /var/chroot/etc/group 

Warning: can't create /proc/meminfo from the /proc filesystem

Warning: file /var/chroot/usr/share/vim/vim63/ exists. Overwritting it

/bin/mknod: `/var/chroot/dev/urandom': File exists

Done.

```

This is version 1.9-r2 of Jail.

----------

## JORUNO

I have the same problems.

When i try to connect with ssh igot the message below.

Read from remote host localhost: Connection reset by peer

Connection to localhost closed.

Can any one help?

----------

## BennyP

I've heard about chroot jail before. What is the purpose/benefit of performing this operation??

----------

## Naib

 *BennyP wrote:*   

> I've heard about chroot jail before. What is the purpose/benefit of performing this operation??

 

It sets up a dummy system whcih mean you can fook around with it and not screw up your system

FTP/HTTP/... servers usually sertup a chroot jail if someone compromisis the server tehy cannot get inot the main system BUT are isolated and thus the potential damage is isolated

----------

## pilla

Moved from OTW

----------

## kloune

I have the same problem, and I got the problem with cvsd-buildroot, which basically I assume does the same. Need help too.

----------

## gamerD00d

Doesn't look like it's erroring out; it's just telling you that your files already exist there...

if you look at the tutorial again, it does show some files are overwritten and some exist, etc.. but you also have to understand that they are on another distro most likely.

my problem is that it doesn't work... i complete everything, but it doesn't jail the user... kinda pissed me off... anyone know of something he might have missed?

----------

## Royal

The errors should not be a problem.

@gamer Your /etc/passwd should look like this:

```

user:x:XXX:XXX:YYYY:/chroot_dir:/usr/local/bin/jail

```

The /chroot_dir/etc/passwd like that:

```

user:x:XXX:XXX:YYYY:/real_home_dir:/bin/sh

```

Royal

----------

## zaai

Thanks Royal, that was the missing link. There still is a login problem though.

Noticed the following:

- the doc in /usr/doc/jail-1.9-r2/INSTALL does not mention anything about changing /etc/passwd

  I'd call this a glaring omission. 

- 'addjailuser' doesn't change /etc/password entry for the jailed user

- on my Gentoo box the program 'jail' lives in /usr/bin/jail, not in /usr/local/bin/jail

After changing /etc/passwd manually for a user named bob and a chroot jail in /var/jail:

 *Quote:*   

> # cat /etc/passwd|grep bob
> 
> bob:x:1006:100::/var/jail:/usr/bin/jail
> 
> # cat /var/jail/etc/passwd|grep bob
> ...

 

It still reports an error:

 *Quote:*   

> #su - bob
> 
> jail: execve() : No such file or directory

 

It misses some other software?

UPDATE: it works!

Found out what went wrong. 

I'm running amd64 system with 64bit libraries. Adding bash using 'addjailsw /var/jail -P bash' does not install all neccesary sofware and softlinks:

 *Quote:*   

> # ldd /bin/bash
> 
>         libdl.so.2 => /lib/libdl.so.2 (0x0000002a9566c000)
> 
>         libc.so.6 => /lib/tls/libc.so.6 (0x0000002a9576f000)
> ...

 

Indeed, 2 problems here:

1 /lib/libc.so.6 is a symlink to lib/tls/libc.so.6   this symlink wasn't created in the jail/lib directory

2. /var/jail/lib64 directory wasn't created

The solution, create the symlinks and lib64 directory.

After that 'su - bob' worked

Conclusion:

'addjailsw' doesn't find all dependencies and needs to be updated

----------

## JohnA

Ran in to the same problem.  Did the ldd /bin/bash and found I needed to:

cp /lib/ld-linux.so.2 /var/chroot/lib/

Worked for us!

----------

## ke_b

I tryed everything that is written above, but still get the 

jail: execve() : No such file or directory, when I try to log in as jail use

```

 # ldd /bin/bash

        libdl.so.2 => /lib/libdl.so.2 (0x00002aaaaabc1000)

        libc.so.6 => /lib/libc.so.6 (0x00002aaaaacc4000)

        /lib64/ld-linux-x86-64.so.2 (0x00002aaaaaaab000)

```

and lib in the chrooted environment is

```

ee-s myprison # ls lib

total 2748

drwxr-xr-x   2 root root    4096 Oct  5 12:38 .

drwxr-xr-x  10 root root    4096 Oct  5 09:01 ..

lrwxrwxrwx   1 root root      16 Oct  5 12:38 ld-linux-x86-64.so.2 -> /lib/ld-2.3.5.so

-rwxr-xr-x   1 root root   90244 Oct  5 12:36 ld-linux.so.2

-rwxr-xr-x   1 root root   31432 Oct  4 22:06 libacl.so.1

-rwxr-xr-x   1 root root   14224 Oct  4 22:06 libattr.so.1

-rwxr-xr-x   1 root root 1253024 Oct  4 22:40 libc-2.3.5.so

lrwxrwxrwx   1 root root      14 Oct  5 09:00 libc.so.6 -> /lib/libc.so.6

lrwxrwxrwx   1 root root      15 Oct  5 08:59 libdl.so.2 -> /lib/libdl.so.2

-rwxr-xr-x   1 root root   48976 Oct  4 22:06 libgcc_s.so.1

-rwxr-xr-x   1 root root   24264 Oct  4 22:06 libgpm.so.1

-rwxr-xr-x   1 root root  569744 Oct  4 22:06 libm.so.6

-rwxr-xr-x   1 root root  376096 Oct  4 22:06 libncurses.so.5

-rwxr-xr-x   1 root root   84688 Oct  4 22:09 libnsl.so.1

-rwxr-xr-x   1 root root   31976 Oct  4 22:09 libnss_compat.so.2

-rwxr-xr-x   1 root root   44336 Oct  4 22:09 libnss_files.so.2

-rwxr-xr-x   1 root root   40440 Oct  4 22:09 libnss_nis.so.2

-rwxr-xr-x   1 root root  108323 Oct  4 22:06 libpthread.so.0

-rwxr-xr-x   1 root root   42280 Oct  4 22:06 librt.so.1

```

I run amd64 gentoo.

/etc/passwd file says:

jailuser:x:aaa:bbb:jailuser:/var/myprison:/use/bin/jail

/var/myprison/etc/passwd file says:

jailuser:x:aaa:bbb:jailuser:/home/jailuser:/bin/bash

What am I doing wrong?

----------

## zaai

 *ke_b wrote:*   

> 
> 
> lrwxrwxrwx   1 root root      14 Oct  5 09:00 libc.so.6 -> /lib/libc.so.6
> 
> lrwxrwxrwx   1 root root      15 Oct  5 08:59 libdl.so.2 -> /lib/libdl.so.2
> ...

 

If this is your /lib directory then the symlinks above point to themselves.

You need the real libraries in there.

----------

## ke_b

I moved the real libraries  

libdl.so.2

libc.so.6

but it did not work before I also moved the ld-2.3.5.so file too.

Now it works.

 :Laughing: 

----------

