From owner-freebsd-isp  Mon Feb 21  6:22: 2 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from sasknow.com (h139-142-245-96.ss.fiberone.net [139.142.245.96])
	by hub.freebsd.org (Postfix) with ESMTP id 4692E37BD62
	for <isp@FreeBSD.ORG>; Mon, 21 Feb 2000 06:21:58 -0800 (PST)
	(envelope-from freebsd@sasknow.com)
Received: from localhost (freebsd@localhost)
	by sasknow.com (8.9.3/8.9.3) with ESMTP id IAA13630;
	Mon, 21 Feb 2000 08:22:32 -0600 (CST)
	(envelope-from freebsd@sasknow.com)
Date: Mon, 21 Feb 2000 08:22:32 -0600 (CST)
From: Ryan Thompson <freebsd@sasknow.com>
To: "Nicholas J. Dear" <ndear@areti.net>
Cc: isp@FreeBSD.ORG
Subject: Re: Not allowing "dir up".
In-Reply-To: <200002211344.NAA27354@post.mail.areti.net>
Message-ID: <Pine.BSF.4.10.10002210809520.13499-100000@sasknow.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 21 Feb 2000, Nicholas J. Dear wrote:

> Is there anyway we can stop users being able to "dir up" out of their home 
> directory?
> 
> ie Their home dir is /usr/home/user/
> 
> And they can't get into /usr/home - or anything below.
> 
> Many thanks,
> N.

Read chroot(8), or chroot(2) if the chroot command is to be issued from a
C program.  The basic syntax is:

chroot /newroot [COMMAND]

Note that the user's shell must exist under the /newroot directory.  So,
if their shell is /bin/csh, there should exist an executable 
/newroot/bin/csh as well.  Be careful of permissions on executable files,
and their parent directories!  It is also a good idea to place a subset of
the regular /bin (and possibly /sbin) directories under the new root
environment.

Something that generally also goes without saying is symlinks.  Any
symlinks that point to locations outside the chroot'ed environment will be
broken.  For example, ln -s /bin /newroot/bin is a BAD idea, and will not
work under chroot.

That all being said, running login users under chroot isn't strictly
necessary if permissions are carefully set systemwide.  I set a umask of
077 for my users (owner full control, group/world no access) so that users
can not read each others' files unless explicit access is given.  I make
use of process and login accounting so I have a searchable database of
what goes on, if a crack attempt is made.  Read security(7).

For ftp logins, simply edit /etc/ftpchroot and add the appropriate
username, one per line.  Running ftp users in a chroot environment IS a
good idea, for reasons of simplicity.  Most ftp accounts nowadays are used
for web publishing, and users would be confused if presented with a full
unix filesystem when their client defaults to the / directory :-)

--
  Ryan Thompson <ryan@sasknow.com>	50% Owner, Sysadmin
  SaskNow Technologies     		http://www.sasknow.com
  #106-380 3120 8th St E   		Saskatoon, SK  S7H 0W2



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message