[FreeNX-kNX] chroot support for freenx-server

Hi albert682 at yahoo.com
Wed Mar 19 03:49:58 UTC 2008 

Okay well I'll add what I've tried lately.  With the
http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/
variant I adjust node.conf 
# Where can different nx components be found
NX_DIR=/home/jail/usr
# Ring around the rosey - Keep trying!!
PATH_BIN=/usr/libexec/nx # if you change that, be sure
to also change the public keys
PATH_LIB=/home/jail/usr/lib/nx
NX_ETC_DIR=/home/jail/etc/nxserver
NX_SESS_DIR=/home/jail/db
NX_HOME_DIR=/home/jail/nxserver/home

Made sure the shell has all the required executables
to run the freenx scripts, ie: /bin/cut /bin/sed and
every library file I could find pertaining to but not
including anything KDE related has been copied into
the jail.  Right now with this solution a normal user
can still log in but the chrooted user the session
fails.

Could it be a permission problem finally?  As of right
now I'm kinda stumped with log output like this.  I'm
going to try some different log listings for perhaps
another clue.

bayliner at 127.0.0.1's password:
/bin/su: user computer does not exist
/bin/su: user scanners does not exist
NX> 1000 NXNODE - Version 1.5.0-60 OS (GPL)
NX> 700 Session id:
expansion.oil-gas.ca-1001-B8D6DF8A18F3748D436579482CB7682A
NX> 705 Session display: 1001
NX> 703 Session type: unix-kde
NX> 701 Proxy cookie: 1bd18ddfca04660f33d2b44ba48a45f7
NX> 702 Proxy IP: 127.0.0.1
NX> 706 Agent cookie: 1bd18ddfca04660f33d2b44ba48a45f7
NX> 704 Session cache: unix-kde
NX> 707 SSL tunneling: 1
NX> 1004 Error: NX Agent exited with exit status 1.
NX> 1006 Session status: closed
/usr/libexec/nx/nxnode: line 492: 18016 Terminated    
         PATH="$PATH_BIN:$PATH" $PATH_BIN/nxagent $P
$R -name "NX - $user@$SERVER_NAME:$display - $session
(GPL Edition)" -option
"$USER_FAKE_HOME/.nx/C-$sess_id/options" $K $G $B $FP
$AGENT_EXTRA_OPTIONS_X :$display 2>&3
NX> 105 NX> 596 Session startup failed.
NX> 1001 Bye.

Paying no attention to the client error but still
always checking for correct permissions for the
/nxserver/home/.sshd/authorized_keys and also trying
to understand the relationship between the .nx user
home dirctory and nxnode.


The JailKit approch to chroot and freenx may still
work yet as I progress and learn more about what the
chroot shells require.  As it stands I can only create
a /bin/bash shell to work with JailKit and having a
secure jail requires having a working jk_chrootsh ->
jk_lsh.  Proper defaults for jk_lsh.ini and
jk_chrootsh.ini are required to use the
[limitedshell].

Interestingly enough I just now created a user with
jk_jailuser and added the nx user to the jail files as
well.  Messed around with the shell and directory
variables and now I just logged my first nxsession
with a chroot user (woo hoo, progress).  The session
won't elect to save though as the permissions are
wrong the home directory and no doubt the .nx folder.
Perhaps I can use the chroot-shell from the
Fuschlberger variant for the users and have it work
secure.  As it is using /bin/bash with the Jailkit
user is not secure and I still dont' have working
jk_lsh.ini and jk_chrootsh.ini [DEFAULT]
configurations.

  


      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping

More information about the FreeNX-kNX mailing list