[FreeNX-kNX] [Jailkit-users] chroot nxserver

Olivier Sessink olivier at bluefish.openoffice.nl
Mon Mar 17 07:31:03 UTC 2008

Hi wrote:
> I am now crossposting to both the freenx list and the
> jailkit list.

I can probably only answer on the jailkit list. We'll see.

> Yes the paths are all wrong as to what is currently in
> the jail for executables.  That was a given I missed. 
> Adjusting the paths to the correct version off the GPL
> nxserver I am using (still working on that).  What is
> the paths_w_owner option?

see `man jk_init`
those files/directories are copied while retaining their ownership. All 
files/directories that are in 'paths' become owned by root:root

> So your saying I should jk_jailuser -j /home/jail nx


> So then after appending proper paths to the jk_ini
> files I should also add...
> [nx]
> comment = NX jail for the nx daemon
> user = nx, nobdy  
> group = nx, nogroup
> executables = #With the proper paths for the software
> versions I am running)
> directories = /usr/NX (Proper Directories as well)
> includesections = uidbasics, netbasics, logbasics,
> ssh, basicshell,extendedshell, chown, mount, umount,
> xauth, xterm, xclock, which,xfonts, expr, tee, xset,
> dirname, hostname, basename
> devices = /dev/null (can I add /dev/none here?)

`executables` and `directories` are deprecated options, see the jk_init 
manual. You need `paths` and `paths_w_owner`

> Well I know it is running outside the jail for sure. 

I'm pretty sure that both user nx and the final user must be in the same 
jail because they share some files. Correct me if I'm wrong.


> Yes using jk_cp makes the permissions different.

see `man jk_cp`. use option -o or --owner to retain the ownership

 >  I
> have changed them to match what is outside the jail.  
> Someone on the freenx list must have done this by now.
>  I have scanned all two years worth of the
> unsearchable list for chroot with 0 occurances.  A
> guide should be made.  For one thing I'm not using no
> machine directory structure.
> [root at expansion nx]# ./nxserver --Version
> NX> 100 NXSERVER - Version 1.5.0-60 OS (GPL)
> NX> 500 Error: Function --Version not implemented yet.
> NX> 999 Bye
> which does work just fine.

now try `chroot <yourjail>` as root and give the same command. Does it 
still work as expected?


More information about the FreeNX-kNX mailing list