From owner-freebsd-questions Tue Sep 24 10:51:53 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5375337B401 for ; Tue, 24 Sep 2002 10:51:51 -0700 (PDT) Received: from hivemind.trini0.org (bgp626680bgs.brick201.nj.comcast.net [68.39.132.244]) by mx1.FreeBSD.org (Postfix) with SMTP id 9DA4C43E3B for ; Tue, 24 Sep 2002 10:51:50 -0700 (PDT) (envelope-from gsam@trini0.org) Received: (qmail 5319 invoked by uid 0); 24 Sep 2002 17:51:49 -0000 Received: from unknown (HELO trini0.org) (192.168.0.3) by hivemind.trini0.org with SMTP; 24 Sep 2002 17:51:49 -0000 Message-ID: <3D90A635.5060900@trini0.org> Date: Tue, 24 Sep 2002 13:51:49 -0400 From: Gerard Samuel User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.1) Gecko/20020915 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brossin Pierrick Cc: FreeBSD Questions Subject: Re: Chroot References: <3D908C45.3000302@trini0.org> <000d01c263e9$49c34920$3200000a@nitrox> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Your first half made total sense, and I was able to lock the root user in /home/developer when chroot was executed. Your second half however, is not clicking with me at the moment. Here is what I did.... 1. Under /home/developer/bin create a new file (my_sh) with this -> #!/bin/sh /home/developer/bin/sh chroot /home/developer/ 2. Chmod the file 555, chown root:wheel 3. Enter vipw, and change the user "developer" shell to /home/developer/bin/my_sh With these modifications, I can ssh into the account, but I can still "break root" by cd'ing out of the home directory. Any advise would be greatly appreciated... Thanks Brossin Pierrick wrote: >Hi, > >|| Im trying to figure out how to restrict users from leaving their home >|| directories. >|| I would enter the new directory /usr/home/developer and issue the >|| chroot command -> >|| hivemind# chroot /usr/home/developer >|| chroot: /bin/csh: No such file or directory > >It's because a chrooted directory is like the root dir of your system ! >You have to create 'bin' 'etc' and stuff into /usr/home/developer. >You should also copy csh into /usr/home/developer/bin. > >Your chrooted system will be completely independent of your system. >This means if the user developer logs on, he won't be able to access the >real /etc for example. > >I hope I'm clear enough. > >www.google.com for more info .. just type in "freebsd chroot". > >|| What am I doing wrong?? >|| Also when this is set, how do I make it persist throught reboots. >|| Make my own script in /usr/local/etc/rc.d ??? >|| Thanks for any insight you may provide.... > >Just create a shell script and run it instead of running tcsh or sh or ... >run 'vipw' and change it. > >Cya > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > > > -- Gerard Samuel http://www.trini0.org:81/ http://dev.trini0.org:81/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message