Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.unix : Pov via SSH in chroot jail? Server Time
3 Jul 2024 04:44:29 EDT (-0400)
  Pov via SSH in chroot jail? (Message 11 to 14 of 14)  
<<< Previous 10 Messages Goto Initial 10 Messages
From: Bill Hails
Subject: Re: Pov via SSH in chroot jail?
Date: 25 Nov 2004 20:10:04
Message: <41a6826c@news.povray.org>
 
Rafal 'Raf256' Maj wrote:

> Hi,
> I would like allow user to log into my box via SSH and run povray there.
> 
> Its important to deny user to do anything "evil" including accessing
> itnernet, running other applicaitons, etc.
> 
> He olny can login, up/download own files, run povray(and moray), use
> kill/top/ps.
> 
> How can I make something like this? In example - on Debian.
> 
> 

The problem with chroot on modern unixes is that they tend to have a lot
of shared libraries and simply copying executables into ~/bin and chrooting
to ~/ doesn't work because the shared libs are outside of the jail.
At a minimum you need a statically linked shell inside the jail, many
systems have a /bin/bash_static or similar for emergencies. then you need
to build pov statically linked also, and any other utils you want to
provide.

This little test worked for me:

billh@Tarragon ~ $ sudo chroot ~/ /bin/bash_static
chroot: cannot run command `/bin/bash_static': No such file or directory
billh@Tarragon ~ $ cp /bin/bash_static ~/bin
billh@Tarragon ~ $ sudo chroot ~/ /bin/bash_static
I have no name!@Tarragon / # ls
bash_static: ls: command not found

-- 
Bill Hails
http://thyme.homelinux.net/


Post a reply to this message
From: Rafal 'Raf256' Maj
Subject: Re: Pov via SSH in chroot jail?
Date: 28 Nov 2004 05:52:19
Message: <Xns95AF790A06066raf256com@203.29.75.35>
 
war### [at] tagpovrayorg news:41a49b05@news.povray.org

>   is to disconnect the computer from the internet altogether.

Then I wont be able to SSH to it in first place ;)

-- 
http://www.raf256.com/3d/
Rafal Maj 'Raf256', home page - http://www.raf256.com/me/
Computer Graphics


Post a reply to this message
From: Eli
Subject: Re: Pov via SSH in chroot jail?
Date: 4 Dec 2004 19:43:41
Message: <41b259bd$1@news.povray.org>
 
openbsd would be better......


Post a reply to this message
From: destroyedlolo
Subject: Re: Pov via SSH in chroot jail?
Date: 19 Dec 2004 18:41:38
Message: <41C61198.3070901@yahoo.com>
 
Rafal 'Raf256' Maj wrote:
> Hi,
> I would like allow user to log into my box via SSH and run povray there.
> 
> Its important to deny user to do anything "evil" including accessing 
> itnernet, running other applicaitons, etc.
> 
> He olny can login, up/download own files, run povray(and moray), use 
> kill/top/ps.

2 solutions come to me :

1/ create a user where the login shell is program displaying a menu 
where actions is allowed actions (launching pov,  killing its process, ...).

2/ easiest : why don't you use a web interface ? It's quite easy to 
manage processes for example in PHP. It can handle by itself downloading.
(I'm working - sssslllooowwwwwllly - on this kind of stuff)

Lolo


Post a reply to this message
<<< Previous 10 Messages Goto Initial 10 Messages

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.