Gentoo.LinuxHowtos.org howtos, tips&tricks and tutorials for gentoo linux

from small one page howto to huge articles all in one place

Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org

Last additions:

How to make X listen on port 6000

words:

views:

84663

userrating:

average rating: 1.2 (52 votes) (1=very good 6=terrible)

May, 25th 2007:

Words

496

why adblockers are bad

April, 26th 2007:

Words

Website translation planned

Apr, 10th. 2007:

Words

Compile Time Estimator integrated into genlop

You are here: Tutorials per portage category->net-misc->openssh

Create a chrooted ssh user

This tutorial explains how to install and configure a chroot enviroment for an ssh user. This setup enables you to give out ssh accounts without having to fear that this user can see all files on the system.

Installing ssh

First you need to have a patched version of the sshd server. Luckily these patches can be enabled with the use flag "chroot" in the sshd use flags.

#echo "net-misc/openssh chroot" >> /etc/portage/package.use
#emerge openssh

creating the chroot enviroment

We will create our chroot enviroment in /home/chroot.
To make the chroot work, run the following commands to make the needed directories and devices for the chrooted user.

mkdir /home/chroot/
mkdir /home/chroot/home/
cd /home/chroot
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5

Now we need to populate the directories with some binaries.
copy the following script into a file. If you need more apps, add them
to the APPS line.


APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS;  do
        cp $prog ./$prog

        # obtain a list of related libraries
        ldd $prog > /dev/null
        if [ "$?" = 0 ] ; then
                LIBS=`ldd $prog | awk '{ print $3 }'`
                for l in $LIBS; do
                        mkdir ./`dirname $l` > /dev/null 2>&1
                        cp $l ./$l
                done
        fi
done

After you have run the script, your chroot enviroment is almost done.
run


 cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/
 echo '#!/bin/bash' > usr/bin/groups
 echo "id -Gn" >> usr/bin/groups
 touch etc/passwd
 grep /etc/passwd -e "^root" > etc/passwd

to copy some libraries and user information into the chroot.
You should also copy the line of the group in which you will create new users from /etc/group to /home/chroot/etc/group. In this tutorial we will create users in the group users, so we do this:

grep /etc/group -e "^root" -e "^users" > etc/group

and restart SSH:

/etc/init.d/ssh restart

Creating chrooted users

ssh decides which user should be chrooted and which not by the "home directory" entry in the /etc/passwd.
Example for a non-chrooted user:
user_a:x:2002:100:User A:/home/user_a:/bin/bash
This user will be chrooted:
user_b:x:2003:100:User B:/home/chroot/./home/user_b:/bin/bash
Now lets add a testuser to the chrooted user list:

useradd -s /bin/bash -m -d /home/chroot/./home/testuser -c "testuser" -g users testuser

Then we give testuser a password:

passwd testuser

Finally, we have to copy the line for testuser in /etc/passwd to /home/chroot/etc/passwd:

grep /etc/passwd -e "^testuser" >> /home/chroot/etc/passwd

Now log in as testuser and see if everything worked.

Have fun back

New Packages

- as

- as

2026-04-27

blake3 - 1.8.5

Ebuild name:

dev-libs/blake3-1.8.5

Description

a fast cryptographic hash function

Added to portage

2026-04-27

fluidsynth - 2.5.4

Ebuild name:

media-sound/fluidsynth-2.5.4

Description

Software real-time synthesizer based on the Soundfont 2 specifications

Added to portage

2026-04-27

gpsd - 3.27.5

Ebuild name:

sci-geosciences/gpsd-3.27.5

Description

GPS daemon and library for USB/serial GPS devices and GPS/mapping clien

Added to portage

2026-04-27

nxml-libvirt-schemas - 12.0.0

Ebuild name:

app-emacs/nxml-libvirt-schemas-12.0.0

Description

Extension for nxml-mode with libvirt schemas

Added to portage

2026-04-27

openpgp-keys-garyemiller - 20230413

Ebuild name:

sec-keys/openpgp-keys-garyemiller-20230413

Description

OpenPGP key for Gary E. Miller

Added to portage

2026-04-27

selinux-accountsd - 2.20250213_p1

Ebuild name:

sec-policy/selinux-accountsd-2.20250213_p1

Description

SELinux policy for accountsd

Added to portage

2026-04-27

selinux-accountsd - 2.20250618_p1

Ebuild name:

sec-policy/selinux-accountsd-2.20250618_p1

Description

SELinux policy for accountsd

Added to portage

2026-04-27

selinux-acct - 2.20250213_p1

Ebuild name:

sec-policy/selinux-acct-2.20250213_p1

Description

SELinux policy for acct

Added to portage

2026-04-27

selinux-acct - 2.20250618_p1

Ebuild name:

sec-policy/selinux-acct-2.20250618_p1

Description

SELinux policy for acct

Added to portage

2026-04-27

selinux-afs - 2.20250213_p1

Ebuild name:

sec-policy/selinux-afs-2.20250213_p1

Description

SELinux policy for afs

Added to portage

2026-04-27

selinux-afs - 2.20250618_p1

Ebuild name:

sec-policy/selinux-afs-2.20250618_p1

Description

SELinux policy for afs

Added to portage

2026-04-27

selinux-aide - 2.20250213_p1

Ebuild name:

sec-policy/selinux-aide-2.20250213_p1

Description

SELinux policy for aide

Added to portage

2026-04-27

selinux-aide - 2.20250618_p1

Ebuild name:

sec-policy/selinux-aide-2.20250618_p1

Description

SELinux policy for aide

Added to portage

2026-04-27

selinux-alsa - 2.20250213_p1

Ebuild name:

sec-policy/selinux-alsa-2.20250213_p1

Description

SELinux policy for alsa

Added to portage

2026-04-27

selinux-alsa - 2.20250618_p1

Ebuild name:

sec-policy/selinux-alsa-2.20250618_p1

Description

SELinux policy for alsa

Added to portage

2026-04-27

selinux-amanda - 2.20250213_p1

Ebuild name:

sec-policy/selinux-amanda-2.20250213_p1

Description

SELinux policy for amanda

Added to portage

2026-04-27

selinux-amanda - 2.20250618_p1

Ebuild name:

sec-policy/selinux-amanda-2.20250618_p1

Description

SELinux policy for amanda

Added to portage

2026-04-27

selinux-amavis - 2.20250213_p1

Ebuild name:

sec-policy/selinux-amavis-2.20250213_p1

Description

SELinux policy for amavis

Added to portage

2026-04-27

selinux-amavis - 2.20250618_p1

Ebuild name:

sec-policy/selinux-amavis-2.20250618_p1

Description

SELinux policy for amavis

Added to portage

2026-04-27

selinux-android - 2.20250213_p1

Ebuild name:

sec-policy/selinux-android-2.20250213_p1

Description

SELinux policy for android

Added to portage

2026-04-27

selinux-android - 2.20250618_p1

Ebuild name:

sec-policy/selinux-android-2.20250618_p1

Description

SELinux policy for android

Added to portage

2026-04-27

selinux-apache - 2.20250213_p1

Ebuild name:

sec-policy/selinux-apache-2.20250213_p1

Description

SELinux policy for apache

Added to portage

2026-04-27

selinux-apache - 2.20250618_p1

Ebuild name:

sec-policy/selinux-apache-2.20250618_p1

Description

SELinux policy for apache

Added to portage

2026-04-27

selinux-apcupsd - 2.20250213_p1

Ebuild name:

sec-policy/selinux-apcupsd-2.20250213_p1

Description

SELinux policy for apcupsd

Added to portage

2026-04-27

selinux-apcupsd - 2.20250618_p1

Ebuild name:

sec-policy/selinux-apcupsd-2.20250618_p1

Description

SELinux policy for apcupsd

Added to portage

2026-04-27

selinux-apm - 2.20250213_p1

Ebuild name:

sec-policy/selinux-apm-2.20250213_p1

Description

SELinux policy for acpi

Added to portage

2026-04-27

selinux-apm - 2.20250618_p1

Ebuild name:

sec-policy/selinux-apm-2.20250618_p1

Description

SELinux policy for acpi

Added to portage

2026-04-27

selinux-arpwatch - 2.20250213_p1

Ebuild name:

sec-policy/selinux-arpwatch-2.20250213_p1

Description

SELinux policy for arpwatch

Added to portage

2026-04-27

selinux-arpwatch - 2.20250618_p1

Ebuild name:

sec-policy/selinux-arpwatch-2.20250618_p1

Description

SELinux policy for arpwatch

Added to portage

2026-04-27

selinux-asterisk - 2.20250213_p1

Ebuild name:

sec-policy/selinux-asterisk-2.20250213_p1

Description

SELinux policy for asterisk

Added to portage

2026-04-27

selinux-asterisk - 2.20250618_p1

Ebuild name:

sec-policy/selinux-asterisk-2.20250618_p1

Description

SELinux policy for asterisk

Added to portage

2026-04-27

selinux-at - 2.20250213_p1

Ebuild name:

sec-policy/selinux-at-2.20250213_p1

Description

SELinux policy for at

Added to portage

2026-04-27

selinux-at - 2.20250618_p1

Ebuild name:

sec-policy/selinux-at-2.20250618_p1

Description

SELinux policy for at

Added to portage

2026-04-27

selinux-automount - 2.20250213_p1

Ebuild name:

sec-policy/selinux-automount-2.20250213_p1

Description

SELinux policy for automount

Added to portage

2026-04-27

selinux-automount - 2.20250618_p1

Ebuild name:

sec-policy/selinux-automount-2.20250618_p1

Description

SELinux policy for automount

Added to portage

2026-04-27

selinux-avahi - 2.20250213_p1

Ebuild name:

sec-policy/selinux-avahi-2.20250213_p1

Description

SELinux policy for avahi

Added to portage

2026-04-27

selinux-avahi - 2.20250618_p1

Ebuild name:

sec-policy/selinux-avahi-2.20250618_p1

Description

SELinux policy for avahi

Added to portage

2026-04-27

selinux-awstats - 2.20250213_p1

Ebuild name:

sec-policy/selinux-awstats-2.20250213_p1

Description

SELinux policy for awstats

Added to portage

2026-04-27

selinux-awstats - 2.20250618_p1

Ebuild name:

sec-policy/selinux-awstats-2.20250618_p1

Description

SELinux policy for awstats

Added to portage

2026-04-27

selinux-backup - 2.20250213_p1

Ebuild name:

sec-policy/selinux-backup-2.20250213_p1

Description

SELinux policy for generic backup apps

Added to portage

2026-04-27

selinux-backup - 2.20250618_p1

Ebuild name:

sec-policy/selinux-backup-2.20250618_p1

Description

SELinux policy for generic backup apps

Added to portage

2026-04-27

selinux-bacula - 2.20250213_p1

Ebuild name:

sec-policy/selinux-bacula-2.20250213_p1

Description

SELinux policy for bacula

Added to portage

2026-04-27

selinux-bacula - 2.20250618_p1

Ebuild name:

sec-policy/selinux-bacula-2.20250618_p1

Description

SELinux policy for bacula

Added to portage

2026-04-27

selinux-base - 2.20250213_p1

Ebuild name:

sec-policy/selinux-base-2.20250213_p1

Description

Gentoo base policy for SELinux

Added to portage

2026-04-27

selinux-base - 2.20250618_p1

Ebuild name:

sec-policy/selinux-base-2.20250618_p1

Description

Gentoo base policy for SELinux

Added to portage

2026-04-27

selinux-base-policy - 2.20250213_p1

Ebuild name:

sec-policy/selinux-base-policy-2.20250213_p1

Description

SELinux policy for core modules

Added to portage

2026-04-27

selinux-base-policy - 2.20250618_p1

Ebuild name:

sec-policy/selinux-base-policy-2.20250618_p1

Description

SELinux policy for core modules

Added to portage

2026-04-27

selinux-bind - 2.20250213_p1

Ebuild name:

sec-policy/selinux-bind-2.20250213_p1

Description

SELinux policy for bind

Added to portage

2026-04-27

selinux-bind - 2.20250618_p1

Ebuild name:

sec-policy/selinux-bind-2.20250618_p1

Description

SELinux policy for bind

Added to portage

2026-04-27

selinux-bitcoin - 2.20250213_p1

Ebuild name:

sec-policy/selinux-bitcoin-2.20250213_p1

Description

SELinux policy for bitcoin

Added to portage

2026-04-27

2026-04-26

epix - 1.2.22

Ebuild name:

sci-visualization/epix-1.2.22

Description

2- and 3-D plotter for creating images (to be used in LaTeX)

Added to portage

2026-04-26

fail2ban - 1.1.0-r7

Ebuild name:

net-analyzer/fail2ban-1.1.0-r7

Description

Scans log files and bans IPs that show malicious signs

Added to portage

2026-04-26

font-util - 1.4.2

Ebuild name:

media-fonts/font-util-1.4.2

Description

X.Org font utilities

Added to portage

2026-04-26

gpxsee - 16.6

Ebuild name:

sci-geosciences/gpxsee-16.6

Description

Viewer and analyzer that supports gpx, tcx, kml, fit, igc and nmea file

Added to portage

2026-04-26

koleo-cli - 0.2.137.32

Ebuild name:

app-misc/koleo-cli-0.2.137.32

Description

A simple CLI for koleo.pl railway planner

Added to portage

2026-04-26

kooha - 2.3.1

Ebuild name:

media-video/kooha-2.3.1

Description

Elegant screen recorder for Wayland

Added to portage

2026-04-26

mutt - 2.3.2

Ebuild name:

mail-client/mutt-2.3.2

Description

A small but very powerful text-based mail client

Added to portage

2026-04-26

nagios - 4.5.12

Ebuild name:

net-analyzer/nagios-4.5.12

Description

The Nagios metapackage

Added to portage

2026-04-26

nagios-core - 4.5.12

Ebuild name:

net-analyzer/nagios-core-4.5.12

Description

Nagios core - monitoring daemon, web GUI, and documentation

Added to portage

2026-04-26

nh3 - 0.3.5

Ebuild name:

dev-python/nh3-0.3.5

Description

Ammonia HTML sanitizer Python binding

Added to portage

2026-04-26

nss - 3.112.5

Ebuild name:

dev-libs/nss-3.112.5

Description

Mozilla's Network Security Services library that implements PKI support

Added to portage

2026-04-26

nss - 3.123.1

Ebuild name:

dev-libs/nss-3.123.1

Description

Mozilla's Network Security Services library that implements PKI support

Added to portage

2026-04-26

phonenumbers - 9.0.29

Ebuild name:

dev-python/phonenumbers-9.0.29

Description

Python port of Google's libphonenumber

Added to portage

2026-04-26

postfix - 3.12_pre20260423

Ebuild name:

mail-mta/postfix-3.12_pre20260423

Description

A fast and secure drop-in replacement for sendmail

Added to portage

2026-04-26

raggre46 - 0.6.0

Ebuild name:

net-misc/raggre46-0.6.0

Description

Aggregate IPv4 & IPv6 network addresses

Added to portage

2026-04-26

safeeyes - 3.5.0

Ebuild name:

x11-misc/safeeyes-3.5.0

Description

Linux alternative to EyeLeo

Added to portage

2026-04-26

xbitmaps - 1.1.4

Ebuild name:

x11-misc/xbitmaps-1.1.4

Description

X.Org bitmaps data

Added to portage

2026-04-26

xrandr - 1.5.4

Ebuild name:

x11-apps/xrandr-1.5.4

Description

A primitive command line interface to RandR extension

Added to portage

2026-04-26

xxhash - 3.7.0

Ebuild name:

dev-python/xxhash-3.7.0

Description

Python binding for the xxHash library

Added to portage

2026-04-26

yara-python - 4.5.5

Ebuild name:

dev-python/yara-python-4.5.5

Description

Python interface for a malware identification and classification tool

Added to portage

2026-04-26

zope-interface - 8.4

Ebuild name:

dev-python/zope-interface-8.4

Description

Interfaces for Python

Added to portage

2026-04-26

Copyright 2004-2025 Sascha Nitsch Unternehmensberatung GmbH
- Copyright and legal notices -
Time to create this page: 68.3 ms