From owner-freebsd-questions  Wed Aug  7 02:10:36 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id CAA27578
          for questions-outgoing; Wed, 7 Aug 1996 02:10:36 -0700 (PDT)
Received: from Campino.Informatik.RWTH-Aachen.DE (campino.Informatik.RWTH-Aachen.DE [137.226.225.2])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id CAA27568
          for <questions@freebsd.org>; Wed, 7 Aug 1996 02:10:31 -0700 (PDT)
Received: from gilberto.physik.rwth-aachen.de (gilberto.physik.rwth-aachen.de [137.226.31.2]) by Campino.Informatik.RWTH-Aachen.DE (RBI-Z-5/8.6.12)
	with ESMTP id LAA11375; Wed, 7 Aug 1996 11:05:09 +0200
Received: (from kuku@localhost) by gilberto.physik.rwth-aachen.de (8.6.11/8.6.9) id LAA12766; Wed, 7 Aug 1996 11:18:22 +0200
From: "Christoph P. Kukulies" <kuku@gilberto.physik.rwth-aachen.de>
Message-Id: <199608070918.LAA12766@gilberto.physik.rwth-aachen.de>
Subject: Re: chroot
To: dwhite@resnet.uoregon.edu
Date: Wed, 7 Aug 1996 11:18:21 +0200 (MET DST)
Cc: njensen@salsa.habaneros.com, questions@freebsd.org
In-Reply-To: <Pine.BSI.3.94.960806214116.224G-100000@gdi.uoregon.edu> from Doug White at "Aug 6, 96 09:43:04 pm"
Reply-To: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
X-Mailer: ELM [version 2.4ME+ PL16 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> Try to wrap your lines at about column 72.
> 
> On Tue, 6 Aug 1996, Neil C. Jensen wrote:
> 
> > I'm running into some difficulties chroot'ing users, and the man pages
> > aren't explicit enough for a novice like myself :(. 
> 
> chroot is pretty simple tho.
> 
> > I have tried the following so far;
> > 
> > 1. using "/usr/sbin/chroot /user's_home_directory"  as the login shell
> > gives a "permission denied" error. 
> 
> Have you checked the permissions on chroot?  Mine are:
> 
> -r-xr-xr-x  1 bin  bin  8192 Jul 13 19:46 /usr/sbin/chroot*
> 
> > 2. Then I tried using a script as the shell in the password file. The
> > script simply chrooted to the user's home directory, and I suid'd it to
                                                               ^^^^^^
You cannot run suid shells scripts under FreeBSD (and other BSDs) for
security reasons. Well, you can run them but the suid bit doesn't have
an effect and the process's uid doesn't change.

> > hopefully overcome any permissions problems. Unfortunately, I still get
> > Permission Denied. 
> 
> What is the exact text of the error message?  

I assume he's getting 'Permission denied' from commands in his script.

> 
> > I have already populate the chroot directory with the necessary /bin/sh
> > and a few other utilites to get goin. 
> 
> OK there.
> 
> Doug White                              | University of Oregon  
> Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
> http://gladstone.uoregon.edu/~dwhite    | Computer Science Major
> 
> 

--Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de