From owner-freebsd-questions  Tue Nov 14  5:49: 1 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186])
	by hub.freebsd.org (Postfix) with SMTP id E55E737B4C5
	for <questions@freebsd.org>; Tue, 14 Nov 2000 05:48:57 -0800 (PST)
Received: (qmail 93300 invoked by uid 100); 14 Nov 2000 11:02:11 -0000
From: Mike Meyer <mwm@mired.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14865.7091.555522.661128@guru.mired.org>
Date: Tue, 14 Nov 2000 05:02:11 -0600 (CST)
To: Lloyd Rennie <lloyd@vbc.net>
Cc: questions@freebsd.org
Subject: Re: chrooted shell accounts
In-Reply-To: <Pine.BSF.4.10.10011141006030.33726-100000@brunel.uk1.vbc.net>
References: <14864.38419.48129.325993@guru.mired.org>
	<Pine.BSF.4.10.10011141006030.33726-100000@brunel.uk1.vbc.net>
X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid
X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG%
 *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Lloyd Rennie <lloyd@vbc.net> types:
> > True - but why isn't this a C program? It would be about the same
> > length as all these things, and remove one complication from the
> > system. If you wan to do a chroot as part of a shell script, try doing
> > the chroot in the wrapper, then running the shell script. Which
> > doesn't help with the problem, I know, but you asked for a simpler way
> > to do things.
> 
> s'a good point.
[...]
> Replaced my derekshell bin with a new one as you suggested.
> 
> void main (int argc, char *argv []) {
>   system("cd /home/derek; /usr/sbin/chroot /home/derek /bin/csh");
> }

Actually, I was thinking of something more along the lines of:

#include <unistd.h>
#include <err.h>

void main(int argc, char **argv[], char **envp) {

    errno = 0 ;
    if (chdir("/home/derek") && chroot("/home/derek") && setuid(<derek's uid>))
    	execv("/bin/csh", argv, envp) ;
    err(1, "failed to start");
}

> > I'd be interested to know where the message is coming from (is it
> > csh complaining that something is wrong, or chroot complaining that
> > something is wrong with /bin/csh).
> A good question.  How the hell do I tell?

Well, you could invoke csh with a flag to make it more verbose. You
could try the C program I used, except check each function as it runs
instead of the entire chain - which allows you to finger the failing
function exactly.

	<mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message