Date: Fri, 12 Mar 1999 20:54:17 -0600 (CST) From: Licia <licia@o-o.org> To: Terry Lambert <tlambert@primenet.com> Cc: freebsd-chat@FreeBSD.ORG, fad@o-o.org Subject: Re: added chroot to /usr/bin/login Message-ID: <Pine.BSF.4.05.9903122051360.25737-100000@o-o.org> In-Reply-To: <199903130229.TAA15918@usr05.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks to welcome feedback, I've modified the patches :) no more login group. It's all completely based on /etc/login.conf classes now. If there is a capability called chroot, the value for it is used as the path to chroot to, if there isn't, no chrooting... if there's interest I can add the ~ type expansions to allow a single class to be used for multiple users to be chrooted to their homedirs (trivial hack :) ) and this will easily allow shared chroot environments, although the previous version did too :) Thanks for the feedback, it's very welcome :) On Sat, 13 Mar 1999, Terry Lambert wrote: > > I've placed a small patch to /usr/src/usr.bin/login/login.c on my home site > > at http://www.o-o.org/~licia/projects/login/ that adds a simple and fairly > > clean way to chroot users at login time. The 2.2.8R patch is tested, the > > FreeBSD-current patch is anyone's guess, although I think it should probably > > work :) > > I think the correct way to pursue this would be to put the user's in > a "chroot" login class. You would put the word "chroot" between > the colons in the passwd file entry via "vipw", e.g.: > > test::999:999:chroot:0:0:test user:/A/testuser:/bin/csh > > And then within this class, add the resource limit "rootdir" in addition > to the default, e.g.: > > chroot:\ > :rootdir=~:\ > :tc=default: > > Note: ~ expands to the home directory, $ expands to the username; you > could also do: > > chroot:\ > :rootdir=/jail/$:\ > :tc=default: > > And then use: > > login_getcapstr(3) > > Within login itself to get the string; if present, you chroot to the > target. > > You could also do: > > sharedjail:\ > :rootdir=/usr06/jail/:\ > :tc=default: > > And put users in a shared, but chrooted environment, like so: > > sally::2018:2018:sharedjail:0:0:sally:/users/s/sally:/bin/csh > bob::2019:2019:sharedjail:0:0:bob:/users/b/bob:/bin/csh > > They could interact (and share shared libraries, for example), but > not affect the rest of the system. > > > Terry Lambert > terry@lambert.org > --- > Any opinions in this posting are my own and not those of my present > or previous employers. > [ licia@o-o.org ] [ http://www.o-o.org/~licia/ ] [ Alias : Ladywolf] [ Telnet to o-o.org and log in as bbs ] [ ssh -l bbs -C o-o.org ] [ A happy user of FreeBSD : http://www.freebsd.org/ ] main(){int num[4]={1768122732,762265697,1919889007,103};printf("%s\n",num);} To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9903122051360.25737-100000>