Date: Tue, 24 Sep 2002 16:28:38 -0400 From: Gerard Samuel <gsam@trini0.org> To: Brossin Pierrick <pbrossin@swissgeeks.com> Cc: FreeBSD Questions <questions@FreeBSD.ORG> Subject: Re: Chroot Message-ID: <3D90CAF6.5040300@trini0.org> References: <3D908C45.3000302@trini0.org> <000d01c263e9$49c34920$3200000a@nitrox> <3D90A635.5060900@trini0.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Well I figured out why my example below wouldn't work. So this is one for the archive for others who may try what I was doing... chroot can only be executed by root, and the shell is executed by the user logging in, thus a no go. So the method of using chroot and or jail doesn't seem to make sense to be used in what Im trying to do. Im going to explore the restricted bash method. Thanks for your time... Gerard Samuel wrote: > Your first half made total sense, and I was able to lock the root user > in /home/developer when > chroot was executed. > Your second half however, is not clicking with me at the moment. Here > is what I did.... > 1. Under /home/developer/bin create a new file (my_sh) with this -> > #!/bin/sh > /home/developer/bin/sh > chroot /home/developer/ > > 2. Chmod the file 555, chown root:wheel > 3. Enter vipw, and change the user "developer" shell to > /home/developer/bin/my_sh > > With these modifications, I can ssh into the account, but I can still > "break root" by cd'ing out of the home directory. > > Any advise would be greatly appreciated... > Thanks > > > Brossin Pierrick wrote: > >> Hi, >> >> || Im trying to figure out how to restrict users from leaving their home >> || directories. >> || I would enter the new directory /usr/home/developer and issue the >> || chroot command -> >> || hivemind# chroot /usr/home/developer >> || chroot: /bin/csh: No such file or directory >> >> It's because a chrooted directory is like the root dir of your system ! >> You have to create 'bin' 'etc' and stuff into /usr/home/developer. >> You should also copy csh into /usr/home/developer/bin. >> >> Your chrooted system will be completely independent of your system. >> This means if the user developer logs on, he won't be able to access the >> real /etc for example. >> >> I hope I'm clear enough. >> >> www.google.com for more info .. just type in "freebsd chroot". >> >> || What am I doing wrong?? >> || Also when this is set, how do I make it persist throught reboots. >> || Make my own script in /usr/local/etc/rc.d ??? >> || Thanks for any insight you may provide.... >> >> Just create a shell script and run it instead of running tcsh or sh >> or ... >> run 'vipw' and change it. >> >> Cya >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> >> >> >> > -- Gerard Samuel http://www.trini0.org:81/ http://dev.trini0.org:81/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D90CAF6.5040300>