[FreeNX-kNX] chroot support for freenx-server

Hi albert682 at yahoo.com
Wed Mar 19 03:49:58 UTC 2008

Okay well I'll add what I've tried lately.  With the
variant I adjust node.conf 
# Where can different nx components be found
# Ring around the rosey - Keep trying!!
PATH_BIN=/usr/libexec/nx # if you change that, be sure
to also change the public keys

Made sure the shell has all the required executables
to run the freenx scripts, ie: /bin/cut /bin/sed and
every library file I could find pertaining to but not
including anything KDE related has been copied into
the jail.  Right now with this solution a normal user
can still log in but the chrooted user the session

Could it be a permission problem finally?  As of right
now I'm kinda stumped with log output like this.  I'm
going to try some different log listings for perhaps
another clue.

bayliner at's password:
/bin/su: user computer does not exist
/bin/su: user scanners does not exist
NX> 1000 NXNODE - Version 1.5.0-60 OS (GPL)
NX> 700 Session id:
NX> 705 Session display: 1001
NX> 703 Session type: unix-kde
NX> 701 Proxy cookie: 1bd18ddfca04660f33d2b44ba48a45f7
NX> 702 Proxy IP:
NX> 706 Agent cookie: 1bd18ddfca04660f33d2b44ba48a45f7
NX> 704 Session cache: unix-kde
NX> 707 SSL tunneling: 1
NX> 1004 Error: NX Agent exited with exit status 1.
NX> 1006 Session status: closed
/usr/libexec/nx/nxnode: line 492: 18016 Terminated    
         PATH="$PATH_BIN:$PATH" $PATH_BIN/nxagent $P
$R -name "NX - $user@$SERVER_NAME:$display - $session
(GPL Edition)" -option
"$USER_FAKE_HOME/.nx/C-$sess_id/options" $K $G $B $FP
$AGENT_EXTRA_OPTIONS_X :$display 2>&3
NX> 105 NX> 596 Session startup failed.
NX> 1001 Bye.

Paying no attention to the client error but still
always checking for correct permissions for the
/nxserver/home/.sshd/authorized_keys and also trying
to understand the relationship between the .nx user
home dirctory and nxnode.

The JailKit approch to chroot and freenx may still
work yet as I progress and learn more about what the
chroot shells require.  As it stands I can only create
a /bin/bash shell to work with JailKit and having a
secure jail requires having a working jk_chrootsh ->
jk_lsh.  Proper defaults for jk_lsh.ini and
jk_chrootsh.ini are required to use the

Interestingly enough I just now created a user with
jk_jailuser and added the nx user to the jail files as
well.  Messed around with the shell and directory
variables and now I just logged my first nxsession
with a chroot user (woo hoo, progress).  The session
won't elect to save though as the permissions are
wrong the home directory and no doubt the .nx folder.
Perhaps I can use the chroot-shell from the
Fuschlberger variant for the users and have it work
secure.  As it is using /bin/bash with the Jailkit
user is not secure and I still dont' have working
jk_lsh.ini and jk_chrootsh.ini [DEFAULT]


Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping

More information about the FreeNX-kNX mailing list