The chroot command requires *ALLOBJ, unfortunately. The way around this is
to alter the HOMEDIR attribute on your profile so that when you log in via
ssh you will be sent directly to your chroot environment. The reason this
latter approach works is because the SSH daemon is running as a user with
*ALLOBJ (I am 90% sure that's the reason :-).

I've been toying with the idea of submitting an RFE to see if we can get
IBM to change the chroot permissions to only look at the new root directory
to see if the user has permission to it. At about that time I got
distracted with looking at Docker for i.

Aaron Bartell
IBM i hosting, starting at $157/month.

On Wed, Jan 4, 2017 at 11:53 AM, <MWHopkins@xxxxxxxxxxxxxxx> wrote:


I'm trying to set up a chroot environment for myself on my development
box. I followed the how_to here:


Everything seemed to work fine setting up the chroot using a *secofr
profile with *allobj rights, but when I try to chroot as myself I get:

$ chroot /QOpenSys/mwh001 /QOpenSys/usr/bin/bsh

/QOpenSys/mwh001: The file access permissions do not allow the specified

Not sure what permissions are incorrect, so I am looking for advice on
where to go.
I have rights to my chroot root in /QOpenSys

drwxrwsrwx 9 mwh001 0 8192 Jan 04 12:14 mwh001

And rights to the objects within it: /QOpenSys/mwh001

drwxrwsrwx 5 mwh001 0 8192 Jan 04 12:14 QOpenSys
lrwxrwxrwx 1 mwh001 0 34 Jan 04 10:08 bin ->
drwxrwsrwx 4 mwh001 0 8192 Jan 04 10:08 dev
drwxr-xr-x 4 mwh001 0 8192 Jan 04 12:16 etc
drwxrwsrwx 3 mwh001 0 8192 Jan 04 10:07 home
lrwxrwxrwx 1 mwh001 0 34 Jan 04 10:08 lib ->
lrwxrwxrwx 1 mwh001 0 26 Jan 04 12:14 opt ->
lrwxrwxrwx 1 mwh001 0 36 Jan 04 10:08 sbin ->
drwxrwsrwx 2 mwh001 0 8192 Jan 04 12:14 tmp
drwxrwsrwx 5 mwh001 0 8192 Jan 04 12:30 usr
drwxrwsrwx 3 mwh001 0 8192 Jan 04 12:16 var


Matt Hopkins
EDI/Web Services Developer
Information Technology
Email: MWHopkins@xxxxxxxxxxxxxxx
Office: 410-584-0330
Cell: 410-258-8845
Support: EDISupport@xxxxxxxxxxxxxxx
This is the IBMi Open Source Roundtable (OpenSource) mailing list
To post a message email: OpenSource@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: OpenSource-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.