Date: Tue, 24 Sep 2002 13:51:49 -0400 From: Gerard Samuel <gsam@trini0.org> To: Brossin Pierrick <pbrossin@swissgeeks.com> Cc: FreeBSD Questions <questions@FreeBSD.ORG> Subject: Re: Chroot Message-ID: <3D90A635.5060900@trini0.org> References: <3D908C45.3000302@trini0.org> <000d01c263e9$49c34920$3200000a@nitrox>
next in thread | previous in thread | raw e-mail | index | archive | help
Your first half made total sense, and I was able to lock the root user in /home/developer when chroot was executed. Your second half however, is not clicking with me at the moment. Here is what I did.... 1. Under /home/developer/bin create a new file (my_sh) with this -> #!/bin/sh /home/developer/bin/sh chroot /home/developer/ 2. Chmod the file 555, chown root:wheel 3. Enter vipw, and change the user "developer" shell to /home/developer/bin/my_sh With these modifications, I can ssh into the account, but I can still "break root" by cd'ing out of the home directory. Any advise would be greatly appreciated... Thanks Brossin Pierrick wrote: >Hi, > >|| Im trying to figure out how to restrict users from leaving their home >|| directories. >|| I would enter the new directory /usr/home/developer and issue the >|| chroot command -> >|| hivemind# chroot /usr/home/developer >|| chroot: /bin/csh: No such file or directory > >It's because a chrooted directory is like the root dir of your system ! >You have to create 'bin' 'etc' and stuff into /usr/home/developer. >You should also copy csh into /usr/home/developer/bin. > >Your chrooted system will be completely independent of your system. >This means if the user developer logs on, he won't be able to access the >real /etc for example. > >I hope I'm clear enough. > >www.google.com for more info .. just type in "freebsd chroot". > >|| What am I doing wrong?? >|| Also when this is set, how do I make it persist throught reboots. >|| Make my own script in /usr/local/etc/rc.d ??? >|| Thanks for any insight you may provide.... > >Just create a shell script and run it instead of running tcsh or sh or ... >run 'vipw' and change it. > >Cya > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > > > -- Gerard Samuel http://www.trini0.org:81/ http://dev.trini0.org:81/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D90A635.5060900>