Results 1 to 14 of 14

Thread: wget jailed?

  1. #1

    wget jailed?

    Possible to use wget in jailed shell mode?

    Doesn't seem to work here

    [email protected] [~]# wget
    -jailshell: /usr/bin/wget: Permission denied

  2. #2
    Join Date
    Sep 2006
    Location
    Texas
    Posts
    38
    wget is usually disabled in jailshell - and honestly I haven't looked into any configuration for jailshell (if there is such a thing) so I don't know if it would be possible to enable it if...

    You should be able to use curl however.
    Kristopher E.J.
    http://www.SSAHost.com
    Stable, Supported, Affordable.

  3. #3
    Join Date
    Mar 2004
    Location
    Chicago, IL
    Posts
    384
    Wget can work in jailed shells. From the error you are getting, it simply looks like the provider doesn't allow regular users to run wget. Check the permissions on wget.
    No monkey business.

  4. #4
    Generally regular users are in group wheel. So chowning the wget binary to root:wheel should resolve the issue for jailed users.

  5. #5
    Join Date
    Sep 2006
    Location
    Texas
    Posts
    38
    For security, I would suggest regular users not be members of the wheel group - I know a few hosts make that change standard but to a lot of people it isn't that big of a deal.
    Kristopher E.J.
    http://www.SSAHost.com
    Stable, Supported, Affordable.

  6. #6
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    Quote Originally Posted by FirmbIT
    Generally regular users are in group wheel. So chowning the wget binary to root:wheel should resolve the issue for jailed users.
    Group wheel is actually intended only for super users (well, potential super users who should be able to su to root). Definitely it should not be used a system wide user group.

    I'd provide an alternate copy of wget for people who really need it, I wouldn't make it available as it tends to be used by scripted attacks! eg: something like "wget_real" or "wgetz".
    Last edited by brianoz; 10-14-2006 at 01:03 AM.

  7. #7
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    You can just use

    lwp-download url instead of wget

  8. #8
    are you on a shared hosting ?

  9. #9
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    The point is to make yourself a harder target through a variety of things. Renaming wget won't stop a determined attacker. It *will* break a lot of automated attacks.

    Trust me, breaking automated attacks is something you want. It tilts the odds in your favour. Lots of these little things add up over time.

  10. #10
    Please someone explain how to enable wget for ONE particular user in jailed ssh mode

  11. #11
    I really need help on this please

  12. #12
    Join Date
    Jan 2006
    Location
    Sydney, Australia
    Posts
    251
    Assuming you are running Linux and have access to root:

    Code:
    # groupadd wgetusers
    # usermod -G wgetusers -a <userid>
    # chgrp wgetusers /usr/bin/wget
    # chmod 750 /usr/bin/wget
    It creates a new group "wgetusers", and the usermod line adds <userid> user to that group. Then it changes the group of wget to "wgetusers", and make sure only users of that group can access it.

    Repeat the "usermod" line if you have multiple users want to access wget.

    Scott

  13. #13
    What goes in place of "userid"?

    [email protected] [~]# groupadd wgetusers
    [email protected] [~]# usermod -G wgetusers -a username
    usermod: user displayw2 does not exist
    [email protected] [~]# usermod -G wgetusers -a <userid>
    -bash: syntax error near unexpected token `newline'

  14. #14
    Join Date
    Jan 2006
    Location
    Sydney, Australia
    Posts
    251
    Replace <userid> with the actual userid you wish to grant wget access to. For example, user "jsmith"

    Code:
    # usermod -G wgetusers -a jsmith

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •