From owner-freebsd-chat  Wed Mar 24  7:36:18 1999
Delivered-To: freebsd-chat@freebsd.org
Received: from o-o.org (o-o.org [207.252.201.100])
	by hub.freebsd.org (Postfix) with ESMTP id 9F42F14CE7
	for <freebsd-chat@FreeBSD.ORG>; Wed, 24 Mar 1999 07:36:09 -0800 (PST)
	(envelope-from licia@o-o.org)
Received: from localhost (root@localhost)
	by o-o.org (8.8.8/8.8.8) with ESMTP id JAA11929;
	Wed, 24 Mar 1999 09:36:02 -0600 (CST)
	(envelope-from licia@o-o.org)
Date: Wed, 24 Mar 1999 09:36:02 -0600 (CST)
From: Licia <licia@o-o.org>
To: Terry Lambert <tlambert@primenet.com>
Cc: freebsd-chat@FreeBSD.ORG, fad@o-o.org
Subject: Re: added chroot to /usr/bin/login
In-Reply-To: <199903132103.OAA19502@usr09.primenet.com>
Message-ID: <Pine.BSF.4.05.9903240931590.11837-100000@o-o.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, 13 Mar 1999, Terry Lambert wrote:
> > Thanks to welcome feedback, I've modified the patches :)  no more login group.
> > It's all completely based on /etc/login.conf classes now.  If there is a
> > capability called chroot, the value for it is used as the path to chroot to,
> > if there isn't, no chrooting... if there's interest I can add the ~ type
> > expansions to allow a single class to be used for multiple users to be
> > chrooted to their homedirs (trivial hack :) ) and this will easily allow
> > shared chroot environments, although the previous version did too :)
> 
> If it's a path type object, the ~ and $ stuff are already in there,
> so if you want to use literal values, you have to escape them (\~),
> per the login.conf man page.
> 

Hmm I must just not understand the login_cap functions properly.  I tried
using login_getpath to get the capability, but it didn't expand the values
properly (perhaps because the login process is still setuid root at the time
of chroot?) so I've resorted to a simple if to check for a path of just ~ and
not worry about expanding ~ in full path names.

> Anyway, I think that this probably represents the first useful thing
> that login.conf has ever done for anyone (besides killing their
> process, running them out of file descriptors, and, in general, not
> supporting the SEcureCard stuff.  8-)).
> 
> Good job!  I think this stuff should be committed, post-haste!
> 
> 

(smiles) thank you :)  compliments are -always- welcome ;)

What's the securecard stuff? (looking interested :) )


     [ licia@o-o.org ] [ http://www.o-o.org/~licia/ ] [ Alias : Ladywolf]
     [ Telnet to o-o.org and log in as bbs ]    [ ssh -l bbs -C o-o.org ]
     [        A happy user of FreeBSD : http://www.freebsd.org/         ]

  main(){int num[4]={1768122732,762265697,1919889007,103};printf("%s\n",num);}



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message