cp /lib64/*nss* .

Arghhh… that’s about 4 hours of my life that I won’t get back!

It turns out that the Internet usually has all the answers you need but it’s not necessarily easy to know how to look for them.

I’ve been trying to build a chroot environment using rssh under Amazon Linux for one of our customers. I was close… very close. But no matter how much I tried, my sftp connections were getting dropped as soon as a I logged in but nothing useful by way of diagnostics was appearing in /var/log.

The problem, I now realise, was that I hadn’t copied across the correct combination of shared libraries to the chroot jail. Nor had I properly configured the jail version of /etc/passwd. Comments elsewhere suggested that this version of /etc/passwd isn’t really used. As far as I can tell, it is… and it has to point to the user’s home directory inside the chroot jail. To make matters worse, the lack of shared libraries was stopping the logging I needed to help me sort it out.

I eventually found the answer on Sourceforge (from 2007!).

Oh well, live and learn.

If anyone else is trying to do this, there’s a working build-chroot shell script on Gist. Note that for this to work, you also need to put a copy of l2chroot (not mine) in /tmp, chmod them both to 755, set a password for the testuser account and away you go:

sftp testuser@localhost

Not the most exciting of weekend’s work but at least it’s now working :-(