[FreeNX-kNX] chroot nxserver

Hi albert682 at yahoo.com
Mon Mar 17 05:49:22 UTC 2008

I am now crossposting to both the freenx list and the
jailkit list.

--- Olivier Sessink <olivier at bluefish.openoffice.nl>

> Hi wrote:
> > I have jk_cp -f -v -j just about everything to do
> with
> > NX server over to the jail but I can't seem to get
> > this daemon running for my users.  I have followed
> the
> > directions given here
> >
> that manual seems a little outdated. I think they
> need to use the 
> 'paths_w_owner' option.

Yes the paths are all wrong as to what is currently in
the jail for executables.  That was a given I missed. 
Adjusting the paths to the correct version off the GPL
nxserver I am using (still working on that).  What is
the paths_w_owner option?

> > I do not have an entry for /dev/none though.  I'll
> try
> > changing that via jk_ini file and running init
> again.
> > 
> > Has anyone been able to establish a NX connection
> with
> > chrooted users?
> yes, I know places where they do this. They put both
> user nx and the 

So your saying I should jk_jailuser -j /home/jail nx

> users that need some application in the same jail.

So then after appending proper paths to the jk_ini
files I should also add...
comment = NX jail for the nx daemon
user = nx, nobdy  
group = nx, nogroup
executables = #With the proper paths for the software
versions I am running)
directories = /usr/NX (Proper Directories as well)
includesections = uidbasics, netbasics, logbasics,
ssh, basicshell,extendedshell, chown, mount, umount,
xauth, xterm, xclock, which,xfonts, expr, tee, xset,
dirname, hostname, basename
devices = /dev/null (can I add /dev/none here?)

>  >  Here is where it fails:
> > 
> > NX> 105 /usr/libexec/nx/nxserver: line 1190:  7911
> > Terminated              sleep
> > NX> 596 Session startup failed.
> > NX> 1004 Error: NX Agent exited with exit status
> 1.
> > Can't open
> >
> > No such file or directory.
> is there a /var/lib/nxserver/db/running/ inside the
> jail and does it 
> have the proper user/group and permissions?

Well I know it is running outside the jail for sure. 
I copied the folders over using jk_cp and they are in
the directory structure.  So if I set the proper
permissions it may write the new sessionID to the
directory.  When trying to stop and start it I realize
I don't know how to do that to the nxserver because it
is only called as a the user nx though ssh.  I just
now copied the same permission structure to the
/var/lib/nxserver/db/running list and it still
produces the same errors. The file sesssionID{FILE} is
nx:nx and the rest of the directories are owned by

> > mv: NX> 1006 Session status: closed
> > cannot stat
> >
> > No such file or directory
> > NX> 1001 Bye.
> > Killed by signal 15.
> I think there are several files that need to have
> user 'nx' that become 
> user 'root' if you follow their manual.
> try to compare permissions and ownership of the nx
> files in the jail, 
> and see if they differ.
> regards,
> 	Olivier
> _______________________________________________
> Jailkit-users mailing list
> Jailkit-users at nongnu.org
Yes using jk_cp makes the permissions different.  I
have changed them to match what is outside the jail.  
Someone on the freenx list must have done this by now.
 I have scanned all two years worth of the
unsearchable list for chroot with 0 occurances.  A
guide should be made.  For one thing I'm not using no
machine directory structure.
[root at expansion nx]# ./nxserver --Version
NX> 100 NXSERVER - Version 1.5.0-60 OS (GPL)
NX> 500 Error: Function --Version not implemented yet.
NX> 999 Bye

which does work just fine.

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 

More information about the FreeNX-kNX mailing list