I think my ssh chrooted user couldn't get a tty, is this a common problem and is there a fix?
When logged in via `ssh mylinode` (this is a chrooted user) and run `tty` I got "not a tty", I think this is the root problem of not being able to start tmux or screen.
I didn't mount /proc but I have /dev/pts mounted.
I have glibc-2.17, gentoo hardened with grsecurity, according to this
http://rpmfind.net/linux/RPM/centos/6.5 ... 86_64.html not mounting /proc should be sufficient.
Quote:
The ttyname and ttyname_r functions on Linux now fall back to searching for the tty file descriptor in /dev/pts or /dev if /proc is not available. This allows creation of chroots without the procfs mounted on /proc. (#851470)
I am unsure, but I think I've had problem compiling glibc because /dev/pts was owned by group "adm", as noted here
http://forums.gentoo.org/viewtopic-p-7452100.html it should be owned by group "tty", I forgot where that was, I think that was when using xen in my laptop.
What I did was lazy unmount /dev/pts, then mount devpts as group "tty", that way I can continue installing glibc.
This setup worked in my laptop, I can `ssh mylinodedev` then `tmux`. `tty` returned "/dev/pts/0".
I can start `tmux` if I mount /proc to chrooted environment on linode, but I think this is a poor security setup.
I plan on renting my linode node to users, hehe, chroot is a way to not let different users see each other files.
I've just started using grsecurity, maybe I could use grsecurity to provide the same functionality but I haven't learnt that deep.
Edit1:
This is the script that mount devpts to chrooted user:
Code:
homes=(/home/*)
for home in ${homes[@]}
do
rm -r "$home/tmp/*"
if [[ -d "$home/dev/pts" ]]
then
mount -t devpts -o gid=tty,mode=620 none "$home/dev/pts"
fi
done
FAQ
Search
Members
Register
Login [ Anonymous ]
