Date: Thu, 19 Jun 1997 17:31:16 +0200 (MET DST) From: Zahemszky Gabor <zgabor@CoDe.hu> To: freebsd-questions@freebsd.org (FreeBSD questions) Cc: psd@worldaccess.nl Subject: Re: Restricted root Message-ID: <199706191531.RAA00225@CoDe.hu> In-Reply-To: <Pine.LNX.3.96.970617154931.272B-100000@dolphin.nev.ml.org> from Paul Dekkers at "Jun 17, 97 03:50:46 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> On Mon, 16 Jun 1997, Zahemszky Gabor wrote:
>
> >> Is it possible to create a user with a different / (root)? I want to
> >> create users that are NOT able to access the 'real' root, and get a
> >> limited account this way.
> >
> >man 2 chroot
> >man 8 chroot
> >
> >As I know, not very-very good, but it works, if they cannot compile some
> >programs, etc.
>
> But: it's for all users, and not for some users... e.g. with my account
> and the accounts of some other administrators I want to access the whole
> system. (And I don't think it's possible to use the chroot prog as
> non-root?!)
I think, you have to write a very little C-program, and make it his login
shell. In that program, chdir to some restricted directory, chroot to
there, and exec his real shell. Of course, as there isn't a setuid script
under FBSD, yes, you cannot do it from a shell script, as login exec'd the
shell as the real uid of just-logged-in-user; so you cannot make it with a
shell script with chroot.
Gabor
--
#!/bin/ksh
Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706191531.RAA00225>