Hello! Starting with sarge, I have had set up a server for a number of users (>300) which are able to login via ssh, everyone in his own changerooted home directory. Setting up so has been recommended in "Anleitung zum Absichern von Debian".
Therefore, I am using libpam_chroot. A single changeroot directory is used as a "master changeroot directory" and and all (system) files in each users change-root environment, excluding the user's own data, are hard links to the files in this “master environment”. The change-root environment has a static /dev directory and it is not necessary to mount any additional file-system. With this configuration, the update to etch made no problem. If I investigated correctly, 2 huge changings are necessary to make the changeroot work: 1) The /proc – file system must be mounted into every changed directory. Otherwise, ssh-logins are interrupted with the message: Connection reset by peer Connection to 10.7.19.173 closed. 2) The same must be done with /dev/pts. Otherwise, the ssh-login freezes after the authentication while the message “PTY allocation request failed on channel 0”. Doing this would lead to mounting /proc and /dev/pts into every single one of the 300 chroot-environments for my users. Is this intended, is it a bug or is it not longer recommended to use a changeroot environment for each user? Regards Matthias Faulstich -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
