Site Navigation

Date:      Tue, 14 Nov 2000 11:14:35 -0500 (EST)
From:      Matthew George <mdg@mdgnet.org>
To:        Lloyd Rennie <lloyd@vbc.net>
Cc:        questions@freebsd.org
Subject:   Re: chrooted shell accounts
Message-ID:  <Pine.BSF.4.21.0011141112190.8392-100000@madness.mdgnet.org>
In-Reply-To: <Pine.BSF.4.10.10011131312350.28019-100000@brunel.uk1.vbc.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

you may want to take a look at the jail facility if you haven't already...

jail(2,8)

On Mon, 13 Nov 2000, Lloyd Rennie wrote:

> Date: Mon, 13 Nov 2000 13:22:36 +0000 (GMT)
> From: Lloyd Rennie <lloyd@vbc.net>
> To: questions@freebsd.org
> Subject: chrooted shell accounts
> 
> 
> I have been having difficulty chrooting a user's shell on a machine here,
> as detailed below.  In this case the user in question is 'derek'.
> 
> 
> 
> derek's shell is /usr/local/bin/derekshell, which is a binary file
> generated by /usr/local/bin/derekshell.c;
> 
> void main (int argc, char *argv []) {
>   system("/usr/local/bin/derekshell.sh");
> }
> 
> No rocket Science there. /usr/local/bin/derekshell has been added to
> /etc/shells.
> 
> /usr/local/bin/derekshell.sh looks like;
> 
> #!/bin/sh
> cd /home/derek
> id	# debug purposes
> /usr/sbin/chroot /home/derek /bin/csh
> id	# debug purposes
> 
> Contrived I know, but more secure to have the binary wrapper when making
> things SUID 0.
> 
> Permissions are like this;
> 
> -rwsr-xr-x  1 root  bin    8808 Nov  1 17:16 /usr/local/bin/derekshell
> -rw-r--r--  1 root  bin      82 Nov  1 17:16 /usr/local/bin/derekshell.c
> -rwx------  1 root  wheel    69 Nov  1 17:18 /usr/local/bin/derekshell.sh
> 
> /home/derek/bin looks like;
> 
> % ls -l
> total 1200
> -r-xr-xr-x  1 derek  derek  241664 Nov  1 11:54 csh
> -r-xr-xr-x  1 derek  derek  155648 Nov  1 11:54 ls
> -r-xr-xr-x  1 derek  derek  126976 Nov  1 11:54 ping
> -r-xr-xr-x  1 derek  derek   40960 Nov  1 11:54 pwd
> -r-xr-xr-x  1 derek  derek   16384 Nov  1 11:54 traceroute
> 
> If I run /usr/local/bin/derekshell as root, all works perfectly.  If I run
> it as user derek (invoking it as derek's shell);
> 
> % su - derek
> Password:
> uid=1008(derek) euid=0(root) gid=996(derek) groups=996(derek)
> csh: Permission denied.
> uid=1008(derek) euid=0(root) gid=996(derek) groups=996(derek)
> % 
> 
> 
> What I want to know is (a) why this is not working, and (b) if there is a
> simpler way of doing it.
> 
> TIA - please reply direct as I am not currently a list subscriber.
> 
> --
> Lloyd Rennie                   VBCnet GB Ltd	             lloyd@vbc.net
> tel +44 (0) 117 929 1316    http://www.vbc.net    fax +44 (0) 117 927 2015
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 

-- 




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011141112190.8392-100000>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact